Shorewall users - Jan 2013 - Configuration with Openvpn and Tomcat

On 1/28/13 8:08 AM, "Dierk Pfeiffer / Metabolic Online"
<metaboliconline@gmail.com> wrote:
>     
>  Hi, 
>  
>  I try to configure Shorewall on a Ubuntu Server 12.04 with
>  
>  1. Openvpn 
>  2. Tomcat
>  
>  So a client can connect to the Server and work with TOMCAT
>  
>  I have already some rules for Mail, WEB, FTP, SSH
>  
>  Openvpn is installed and I can connect, but can not reach to the tomcat on
> Port 8080.
>  
>  I include the configuration Files for Shorewall and Openvpn
We would prefer the output of ''shorewall dump'' collected as
described at
http://www.shorewall.net/support.htm#Guidelines.

Thanks,
-Tom
You do not need a parachute to skydive. You only need a parachute to skydive
twice.





------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d

Hi Dierk,

To be a little more secure. Instead of enabling this in the policy file.
You can make it more restrictive by adding a rules line to enable road
-> fw only for tcp port 8080. 

Regards,
Roy

On Tue, 2013-01-29 at 08:57 +0100, Dierk Pfeiffer / Metabolic Online
wrote:
> Hi Tom,
> 
> thanks for the hint, after debugging the log message. 
> 
> Shorewall:road2fw:REJECT:IN=tun0 OUT= MAC= SRC=10.8.0.6 DST=10.8.0.1
> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=59035 DF PROTO=TCP SPT=33504
> DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 
> 
> I saw that road has no access to FW so I added to policy 
> 
> road    fw     ACCEPT
> 
> After this, it works fine and I can access over Openvpn the tomcat. 
> 
> Is it safe to let road access to the fw Zone?  
> 
> Thanks 
> Dierk
> 
> 
> Am 28.01.2013 18:50, schrieb Tom Eastep:
> 
> > On 1/28/13 8:08 AM, "Dierk Pfeiffer / Metabolic Online"
> > <metaboliconline@gmail.com> wrote:
> > 
> > 
> >         Hi, 
> >         
> >         I try to configure Shorewall on a Ubuntu Server 12.04 with 
> >         
> >         1. Openvpn 
> >         2. Tomcat
> >         
> >         So a client can connect to the Server and work with TOMCAT
> >         
> >         I have already some rules for Mail, WEB, FTP, SSH
> >         
> >         Openvpn is installed and I can connect, but can not reach to
> >         the tomcat on Port 8080.
> >         
> >         I include the configuration Files for Shorewall and Openvpn
> > 
> > 
> > We would prefer the output of ''shorewall dump''
collected as
> > described at http://www.shorewall.net/support.htm#Guidelines.
> > 
> > 
> > Thanks,
> > -Tom
> > You do not need a parachute to skydive. You only need a parachute to
> > skydive twice.
> > 
> > 
> > 
> > 
> >
------------------------------------------------------------------------------
> > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills
current
> > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> > MVPs and experts. ON SALE this month only -- learn more at:
> > http://p.sf.net/sfu/learnnow-d2d
> > 
> > 
> > _______________________________________________
> > Shorewall-users mailing list
> > Shorewall-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/shorewall-users
> 
>
------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnnow-d2d
> _______________________________________________ Shorewall-users mailing
list Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
-- 
Netzary InfoDynamics
"Making IT to Work for You"

website         : http://www.netzary.com
hand Phone      : +91 8088503811
telephone       : +91 80 41738665
fax             : +91 80 22075212


------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d