Hello,
My name is Felipe I succesfuly installed Shorewall 4.4.20.3 in Ubuntu
10.04, This installation is for controlling the access into the local
Network, My question is if it is possible to make a conecction WAN to LAN
using Terminal Name?? i have been searching in goolge but i didnt find an
answer!!!!
For example we have IP Public into shorewall with 2 interfaces, and in the
LAN we have 3 sapservers, I want to connect specifics clients betwen WAN to
LAN by Terminal Name!!!!!! is possible that and How can i make the rule for
this example????
I want to do something like this:
#ACTION SOURCE DEST PROTO
DEST SOURCE
ORIGINAL......
ACCEPT net:TERMINAL NAME(without ip)
loc:192.168.3.6 tcp 3299
#SAP SOLMAN
TERMINAL NAME: is the name of the computer that want to access i am thinking
to make a relation of this name with a range of IP´s to get the access is it
possible ??????
Is it necessary to do other configuration for
this please help me ??????
Best Regards,
Felipe
Mexico, City August 25th 2011
------------------------------------------------------------------------------
EMC VNX: the world''s simplest storage, starting under $10K
The only unified storage solution that offers unified management
Up to 160% more powerful than alternatives and 25% more efficient.
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
On Thu, 2011-08-25 at 22:00 +0200, Felipe Rueda wrote:> > My name is Felipe I succesfuly installed Shorewall 4.4.20.3 in Ubuntu > 10.04, This installation is for controlling the access into the local > Network, My question is if it is possible to make a conecction WAN to > LAN using Terminal Name?? i have been searching in goolge but i didnt > find an answer!!!! > > > For example we have IP Public into shorewall with 2 interfaces, and in > the LAN we have 3 sapservers, I want to connect specifics clients > betwen WAN to LAN by Terminal Name!!!!!! is possible that and How can > i make the rule for this example???? > > > I want to do something like this: > > > #ACTION SOURCE DEST > PROTO DEST SOURCE > ORIGINAL...... > > > ACCEPT net:TERMINAL NAME(without ip) > loc:192.168.3.6 tcp 3299 > #SAP SOLMAN > > > > > > > TERMINAL NAME: is the name of the computer that want to access i am > thinking to make a relation of this name with a range of IP´s to get > the access is it possible ?????? > Is it necessary to do other configurationPlease see http://www.shorewall.net/configuration_file_basics.htm#dnsnames -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ EMC VNX: the world''s simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
2011/8/25 Tom Eastep <teastep@shorewall.net>> On Thu, 2011-08-25 at 22:00 +0200, Felipe Rueda wrote: > > > > > My name is Felipe I succesfuly installed Shorewall 4.4.20.3 in Ubuntu > > 10.04, This installation is for controlling the access into the local > > Network, My question is if it is possible to make a conecction WAN to > > LAN using Terminal Name?? i have been searching in goolge but i didnt > > find an answer!!!! > > > > > > For example we have IP Public into shorewall with 2 interfaces, and in > > the LAN we have 3 sapservers, I want to connect specifics clients > > betwen WAN to LAN by Terminal Name!!!!!! is possible that and How can > > i make the rule for this example???? > > > > > > I want to do something like this: > > > > > > #ACTION SOURCE DEST > > PROTO DEST SOURCE > > ORIGINAL...... > > > > > > ACCEPT net:TERMINAL NAME(without ip) > > loc:192.168.3.6 tcp 3299 > > #SAP SOLMAN > > > > > > > > > > > > > > TERMINAL NAME: is the name of the computer that want to access i am > > thinking to make a relation of this name with a range of IP´s to get > > the access is it possible ?????? > > Is it necessary to do other configuration > > Please see > http://www.shorewall.net/configuration_file_basics.htm#dnsnames > > -Tom > > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > EMC VNX: the world''s simplest storage, starting under $10K > The only unified storage solution that offers unified management > Up to 160% more powerful than alternatives and 25% more efficient. > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > Do you know how to set up DNS name configuration in the next files:- /etc/resolv.conf is wrong then your firewall won''t start. - If your /etc/nsswitch.conf is wrong then your firewall won''t start. - If your Name Server(s) is(are) down then your firewall won''t start. - If your startup scripts try to start your firewall before starting your DNS server then your firewall won''t start. - Factors totally outside your control (your ISP''s router is down for example), can prevent your firewall from starting. - You must bring up your network interfaces prior to starting your firewall. Each DNS name must be fully qualified and include a minimum of two periods (although one may be trailing). This restriction is imposed by Shorewall to insure backward compatibility with existing configuration files. ------------------------------------------------------------------------------ EMC VNX: the world''s simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
> Do you know how to set up DNS name configuration in the next files: > > /etc/resolv.conf is wrong then your firewall won''t start. > > If your /etc/nsswitch.conf is wrong then your firewall won''t start. > > If your Name Server(s) is(are) down then your firewall won''t start. > > If your startup scripts try to start your firewall before starting your DNS server then your firewall won''t start. > > Factors totally outside your control (your ISP''s router is down for example), can prevent your firewall from starting. > > You must bring up your network interfaces prior to starting your firewall. > > Each DNS name must be fully qualified and include a minimum of two periods (although one may be trailing). This restriction is imposed by Shorewall to insure backward compatibility with existing configuration files.Those are just warnings about what may go wrong when you use DNS names. -Tom ------------------------------------------------------------------------------ EMC VNX: the world''s simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
Hi Tom,
Yess my Question was confused so i checked that warnings and i get confused
with the files resolv.conf & nsswitch.conf how can i know if that are
correct.
i verify the next warnings
-
If your Name Server(s) is(are) down then your firewall won''t start.
-
If your startup scripts try to start your firewall before starting your
DNS server then your firewall won''t start.
-
Factors totally outside your control (your ISP''s router is down for
example), can prevent your firewall from starting.
-
You must bring up your network interfaces prior to starting your
firewall.
and that are correct but i cant start shorewall because of that:
aporta@proxy:~$ sudo shorewall check
Checking...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Adding rules for DHCP
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking /etc/shorewall/masq...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall/rules...
ERROR: Unknown Host (mail.shorewall.net) : /etc/shorewall/rules (line 33)
I checked in the /etc/shorewall/rules and i veryfy that i can use only local
host and the FW take it (ACCEPT:$LOG loc:FELIPE-MSI.local.
net tcp 3200 # SAP) but if i search for WAN
host it didnt take (REJECT:$LOG loc net:mail.shorewall.net
tcp 80), my rules is in the adjunt file.!!!!! Do you speak spanish???
regards,
felipe
2011/8/26 Tom Eastep <teastep@shorewall.net>
>
> Do you know how to set up DNS name configuration in the next files:
>>
>
>
> -
>
> /etc/resolv.conf is wrong then your firewall won''t start.
> -
>
> If your /etc/nsswitch.conf is wrong then your firewall won''t
start.
> -
>
> If your Name Server(s) is(are) down then your firewall won''t
start.
> -
>
> If your startup scripts try to start your firewall before starting your
> DNS server then your firewall won''t start.
> -
>
> Factors totally outside your control (your ISP''s router is down
for
> example), can prevent your firewall from starting.
> -
>
> You must bring up your network interfaces prior to starting your
> firewall.
>
> Each DNS name must be fully qualified and include a minimum of two periods
> (although one may be trailing). This restriction is imposed by Shorewall to
> insure backward compatibility with existing configuration files.
>
>
> Those are just warnings about what may go wrong when you use DNS names.
>
> -Tom
>
>
>
------------------------------------------------------------------------------
> EMC VNX: the world''s simplest storage, starting under $10K
> The only unified storage solution that offers unified management
> Up to 160% more powerful than alternatives and 25% more efficient.
> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
EMC VNX: the world''s simplest storage, starting under $10K
The only unified storage solution that offers unified management
Up to 160% more powerful than alternatives and 25% more efficient.
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
hola Felipe, no creo que tom hable español ya que es de Estados unidos pero según veo somos algunos los que hablamos español, ya que estamos podríamos hacer shorewall hispano jaja un saludo y espero que se arregle tu problema -----Original Message----- From: Felipe Rueda <fel.rued@gmail.com> To: Shorewall Users <shorewall-users@lists.sourceforge.net> Sent: Fri, Aug 26, 2011 4:00 pm Subject: Re: [Shorewall-users] Question About Shorewall Functions Hi Tom, Yess my Question was confused so i checked that warnings and i get confused with the files resolv.conf & nsswitch.conf how can i know if that are correct. i verify the next warnings If your Name Server(s) is(are) down then your firewall won't start. If your startup scripts try to start your firewall before starting your DNS server then your firewall won't start. Factors totally outside your control (your ISP's router is down for example), can prevent your firewall from starting. You must bring up your network interfaces prior to starting your firewall. and that are correct but i cant start shorewall because of that: aporta@proxy:~$ sudo shorewall check Checking... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Checking /etc/shorewall/zones... Checking /etc/shorewall/interfaces... Determining Hosts in Zones... Locating Action Files... Checking /usr/share/shorewall/action.Drop for chain Drop... Checking /usr/share/shorewall/action.Reject for chain Reject... Checking /etc/shorewall/policy... Adding rules for DHCP Checking Kernel Route Filtering... Checking Martian Logging... Checking /etc/shorewall/masq... Checking MAC Filtration -- Phase 1... Checking /etc/shorewall/rules... ERROR: Unknown Host (mail.shorewall.net) : /etc/shorewall/rules (line 33) I checked in the /etc/shorewall/rules and i veryfy that i can use only local host and the FW take it (ACCEPT:$LOG loc:FELIPE-MSI.local. net tcp 3200 # SAP) but if i search for WAN host it didnt take (REJECT:$LOG loc net:mail.shorewall.net tcp 80), my rules is in the adjunt file.!!!!! Do you speak spanish??? regards, felipe 2011/8/26 Tom Eastep <teastep@shorewall.net> Do you know how to set up DNS name configuration in the next files: /etc/resolv.conf is wrong then your firewall won't start. If your /etc/nsswitch.conf is wrong then your firewall won't start. If your Name Server(s) is(are) down then your firewall won't start. If your startup scripts try to start your firewall before starting your DNS server then your firewall won't start. Factors totally outside your control (your ISP's router is down for example), can prevent your firewall from starting. You must bring up your network interfaces prior to starting your firewall. Each DNS name must be fully qualified and include a minimum of two periods (although one may be trailing). This restriction is imposed by Shorewall to insure backward compatibility with existing configuration files. Those are just warnings about what may go wrong when you use DNS names. -Tom ------------------------------------------------------------------------- ----- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users