Shorewall configuration

Discussion in 'Linux & BSD' started by ep0niks, Jun 1, 2004.

  1. ep0niks

    ep0niks OSNN Junior Addict

    Messages:
    40
    Location:
    Montreal
    Hi.

    I have MDK 10 Official on a old box, sharing the net to my windows boxes.
    I want to allow access of any computers to the box (all ip from 192.168.1.*)

    I tried configuring two interfaces.. like my ppp0 (56k external modem blah) and the eth0 to make the bridge between other computers.

    My problem : within Shorewall GUI, i can for example allow DNS server, SSH server and HTTPD on eth0, but i cannot (or i'm not able to) block these ports for ppp0

    I know the shorewall.net have some nice docs, but i didn't find anything for my problem

    You can look at my files at http://www.level-14.ca/linux/shorewall

    :(
     
  2. ep0niks

    ep0niks OSNN Junior Addict

    Messages:
    40
    Location:
    Montreal
    hummph.. I did fix my problem by myself.. that was freaking easy..

    i'm dumb today ;)
     
  3. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
    Perhaps share your solution so others can benefit :)
     
  4. ep0niks

    ep0niks OSNN Junior Addict

    Messages:
    40
    Location:
    Montreal
    Oh well yeah.

    I "simply" looked at RULES

    At the end of the file :

    #################################################################
    #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
    # PORT PORT(S) DEST LIMIT GROUP
    ACCEPT net fw udp 53 -
    ACCEPT net fw tcp 53,22,5900:5902,3128 -
    ACCEPT loc fw udp 53 -
    ACCEPT loc fw tcp 53,22,5900:5902,3128 -
    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

    changed for :

    #################################################################
    #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
    # PORT PORT(S) DEST LIMIT GROUP
    DROP net fw udp 53 -
    DROP net fw tcp 53,22,5900:5902,3128 -
    ACCEPT loc fw udp 53 -
    ACCEPT loc fw tcp 53,22,5900:5902,3128 -
    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

    DROP action on net (external network) to fw (firewall) means "ignore" a particular request to a specific port, while ACCEOT on loc (local network) to fw (firewall) are allowed

    I'm not an expert so.. if someone have security tips let me know :)