1 |
> > > I don't know, now that I've set up shorewall on my router it seems |
2 |
> > > like a simple matter to set it up on another machine. I should only |
3 |
> > > need to edit a few config files with very light additions. |
4 |
> > > |
5 |
> > > - Grant |
6 |
> > |
7 |
> > Understand - to be honest I have moved to shorewall on almost all my |
8 |
> > machines for uniformity, even though its rather more complex than |
9 |
> > needed. |
10 |
> > |
11 |
> > |
12 |
> > BillK |
13 |
> |
14 |
> How does this /etc/shorewall/rules look for my router? |
15 |
> |
16 |
> DNS/ACCEPT $FW net |
17 |
> Ping/REJECT net $FW |
18 |
> DNAT net loc:192.168.0.3 tcp 50000 |
19 |
> DNAT net loc:192.168.0.3 udp 50000 |
20 |
> ACCEPT $FW loc icmp |
21 |
> ACCEPT $FW net icmp |
22 |
> |
23 |
> Does this reject ssh requests from the net zone or do I need to |
24 |
> specify that? It looks like maybe there is another set of basic |
25 |
> ACCEPT/REJECT configs that this is modifying. Does anyone know which |
26 |
> file that might reside in? If this looks good I'll set up something |
27 |
> similar on the laptop. |
28 |
> |
29 |
> - Grant |
30 |
|
31 |
I was looking for the /etc/shorewall/policy file. Something weird |
32 |
though. I have this in my policy file: |
33 |
|
34 |
net $FW DROP |
35 |
net loc DROP |
36 |
net all DROP |
37 |
|
38 |
And yet I'm able to ssh from a machine on the local network to the |
39 |
router via the external IP address. Does the router still know I'm |
40 |
coming from the inside and thus allow it or is something wrong here? |
41 |
|
42 |
- Grant |
43 |
-- |
44 |
gentoo-user@g.o mailing list |