| 1 |
> > > I don't know, now that I've set up shorewall on my router it seems |
| 2 |
> > > like a simple matter to set it up on another machine. I should only |
| 3 |
> > > need to edit a few config files with very light additions. |
| 4 |
> > > |
| 5 |
> > > - Grant |
| 6 |
> > |
| 7 |
> > Understand - to be honest I have moved to shorewall on almost all my |
| 8 |
> > machines for uniformity, even though its rather more complex than |
| 9 |
> > needed. |
| 10 |
> > |
| 11 |
> > |
| 12 |
> > BillK |
| 13 |
> |
| 14 |
> How does this /etc/shorewall/rules look for my router? |
| 15 |
> |
| 16 |
> DNS/ACCEPT $FW net |
| 17 |
> Ping/REJECT net $FW |
| 18 |
> DNAT net loc:192.168.0.3 tcp 50000 |
| 19 |
> DNAT net loc:192.168.0.3 udp 50000 |
| 20 |
> ACCEPT $FW loc icmp |
| 21 |
> ACCEPT $FW net icmp |
| 22 |
> |
| 23 |
> Does this reject ssh requests from the net zone or do I need to |
| 24 |
> specify that? It looks like maybe there is another set of basic |
| 25 |
> ACCEPT/REJECT configs that this is modifying. Does anyone know which |
| 26 |
> file that might reside in? If this looks good I'll set up something |
| 27 |
> similar on the laptop. |
| 28 |
> |
| 29 |
> - Grant |
| 30 |
|
| 31 |
I was looking for the /etc/shorewall/policy file. Something weird |
| 32 |
though. I have this in my policy file: |
| 33 |
|
| 34 |
net $FW DROP |
| 35 |
net loc DROP |
| 36 |
net all DROP |
| 37 |
|
| 38 |
And yet I'm able to ssh from a machine on the local network to the |
| 39 |
router via the external IP address. Does the router still know I'm |
| 40 |
coming from the inside and thus allow it or is something wrong here? |
| 41 |
|
| 42 |
- Grant |
| 43 |
-- |
| 44 |
gentoo-user@g.o mailing list |
Archives