Hello, I currently have port 80 ACCEPT from net to $FW. I am trying to also access other servers through $FW. I know part of this is virtual servers. proxypass, etc., but I also think I do not have the port setup correctly. The net interface is a public IP and the lan interface is private. I poked around the FAQs, but could not find anything that addressed my issue (at least I could not find it). Any ideas? Thanks in advance. Have a great day, Donald S. Doyle President G.E.M. Computer Consulting, LLC 317.250.4448 <http://www.gemcc.com> www.gemcc.com <http://www.gemcc.com/> gem-logo CONFIDENTIALITY NOTICE The materials enclosed with this electronic transmission are private and confidential and are the properties of the sender. The information contained in the material is privileged and is intended only for the use of the individual(s) or entity (ies) named above. If you are not the intended recipient, be advised that any unauthorized disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify us by telephone. ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel''s independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
On Thu, Mar 28, 2013 at 03:20:29AM -0400, Donald S. Doyle wrote:> Hello, > > > > I currently have port 80 ACCEPT from net to $FW. I am trying to also > access other servers through $FW. I know part of this is virtual servers. > proxypass, etc., but I also think I do not have the port setup correctly. > The net interface is a public IP and the lan interface is private. I > poked around the FAQs, but could not find anything that addressed my issue > (at least I could not find it). >Hi Donald, Is the webserver running on the firewall box? If not, then you will need a rule like: ACCEPT/HTTP net dmz:1.2.3.4 (or loc instead of dmz depending on how you have named the zones and where the webserver is located) If that is not it, please provide the output of ''shorewall dump'' so that we can have a look and provide more precise assistance. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel''s independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
Hello, Actually, I have two web servers and I want to have http/port 80 access to the router that Shorewall is on and the 2 web servers. I do not have a dmz, just eth0(wan), $fw & eth1(lan). Having said that, should I ACCEPT wan to ANY? Thanks for your help. Have a great day, Donald S. Doyle President G.E.M. Computer Consulting, LLC 317.250.4448 www.gemcc.com CONFIDENTIALITY NOTICE The materials enclosed with this electronic transmission are private and confidential and are the properties of the sender. The information contained in the material is privileged and is intended only for the use of the individual(s) or entity (ies) named above. If you are not the intended recipient, be advised that any unauthorized disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify us by telephone. -----Original Message----- From: Roberto C. Sánchez [mailto:roberto@connexer.com] Sent: Thursday, March 28, 2013 9:09 AM To: Shorewall Users Subject: Re: [Shorewall-users] Port 80 On Thu, Mar 28, 2013 at 03:20:29AM -0400, Donald S. Doyle wrote:> Hello, > > > > I currently have port 80 ACCEPT from net to $FW. I am trying to also > access other servers through $FW. I know part of this is virtualservers.> proxypass, etc., but I also think I do not have the port setupcorrectly.> The net interface is a public IP and the lan interface is private. I > poked around the FAQs, but could not find anything that addressed myissue> (at least I could not find it). >Hi Donald, Is the webserver running on the firewall box? If not, then you will need a rule like: ACCEPT/HTTP net dmz:1.2.3.4 (or loc instead of dmz depending on how you have named the zones and where the webserver is located) If that is not it, please provide the output of ''shorewall dump'' so that we can have a look and provide more precise assistance. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel''s independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
On Thu, Mar 28, 2013 at 11:04:33AM -0400, Donald S. Doyle wrote:> Hello, > > Actually, I have two web servers and I want to have http/port 80 access to > the router that Shorewall is on and the 2 web servers. I do not have a dmz, > just eth0(wan), $fw & eth1(lan). Having said that, should I ACCEPT wan to > ANY? >That would be a bad idea. Assuming your two webservers on the LAN have public IP addresses, I would do this: ACCEPT/HTTP wan lan:1.2.3.4,1.2.3.5 That will allow port 80 traffic entering from the WAN to only go to the two webserver hosts. If you accept traffic to ''any'' that allows port 80 traffic to enter and go to any host on your network (if you have an UPS or a router running a web interface for administration, that could be a bad thing). Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel''s independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
Shouldn''t it be HTTP/ACCEPT? If I do ACCEPT/HTTP, Shorewall crashes. Have a great day, Donald S. Doyle President G.E.M. Computer Consulting, LLC 317.250.4448 www.gemcc.com CONFIDENTIALITY NOTICE The materials enclosed with this electronic transmission are private and confidential and are the properties of the sender. The information contained in the material is privileged and is intended only for the use of the individual(s) or entity (ies) named above. If you are not the intended recipient, be advised that any unauthorized disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify us by telephone. -----Original Message----- From: Roberto C. Sánchez [mailto:roberto@connexer.com] Sent: Thursday, March 28, 2013 11:16 AM To: Shorewall Users Subject: Re: [Shorewall-users] Port 80 On Thu, Mar 28, 2013 at 11:04:33AM -0400, Donald S. Doyle wrote:> Hello, > > Actually, I have two web servers and I want to have http/port 80 > access to the router that Shorewall is on and the 2 web servers. I do > not have a dmz, just eth0(wan), $fw & eth1(lan). Having said that, > should I ACCEPT wan to ANY? >That would be a bad idea. Assuming your two webservers on the LAN have public IP addresses, I would do this: ACCEPT/HTTP wan lan:1.2.3.4,1.2.3.5 That will allow port 80 traffic entering from the WAN to only go to the two webserver hosts. If you accept traffic to ''any'' that allows port 80 traffic to enter and go to any host on your network (if you have an UPS or a router running a web interface for administration, that could be a bad thing). Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel''s independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
On 3/28/13 8:35 AM, "Donald S. Doyle" <dsdoyle@gemcc.com> wrote:>Shouldn''t it be HTTP/ACCEPT? If I do ACCEPT/HTTP, Shorewall crashes.Yes -- or the more preferred HTTP(ACCEPT). -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel''s independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
Do I still have the des port as 80 even though I have HTTP(ACCEPT)? Have a great day, Donald S. Doyle President G.E.M. Computer Consulting, LLC 317.250.4448 www.gemcc.com CONFIDENTIALITY NOTICE The materials enclosed with this electronic transmission are private and confidential and are the properties of the sender. The information contained in the material is privileged and is intended only for the use of the individual(s) or entity (ies) named above. If you are not the intended recipient, be advised that any unauthorized disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify us by telephone. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Thursday, March 28, 2013 11:45 AM To: Shorewall Users Subject: Re: [Shorewall-users] Port 80 On 3/28/13 8:35 AM, "Donald S. Doyle" <dsdoyle@gemcc.com> wrote:>Shouldn''t it be HTTP/ACCEPT? If I do ACCEPT/HTTP, Shorewall crashes.Yes -- or the more preferred HTTP(ACCEPT). -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ---------------------------------------------------------------------------- -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel''s independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel''s independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
On 03/28/2013 08:52 AM, Donald S. Doyle wrote:> Do I still have the des port as 80 even though I have HTTP(ACCEPT)? >No. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel''s independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
On Thu, Mar 28, 2013 at 11:35:08AM -0400, Donald S. Doyle wrote:> Shouldn''t it be HTTP/ACCEPT? If I do ACCEPT/HTTP, Shorewall crashes. >Sorry about that. I should have double-checked in the man page. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel''s independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2