You are not logged in.

Pages: 1

#1 2006-11-19 13:08:52

soylent_green_is_hamster
Member
Registered: 2006-11-15
Posts: 109

Shorewall wisdom required please!

Hi,
I've used shorewall to configure the iptable for my simple LAN, Everything seems to work, and I pass online firewall tests, but I was hoping someone wise could take a quick look to check it makes sense!
I have a pc with 2 ethernet cards, one connected to a cable modem (which gets its ip using dhcp), the other connected to another network device using crossover cable
zones: 

fw      firewall
net     ipv4
loc     ipv4

interface: 

net     eth0            detect          dhcp
loc     eth1            192.168.0.1

policy: 

loc             net             ACCEPT
fw              net             ACCEPT
net             all             DROP
all             all             REJECT

rules 

ACCEPT    net   fw            tcp     63331

The rule is to allow the Azureus bittorrent client to accept on 63331
Does this look reasonable, no glaring errors??
cheers!

Offline

#2 2006-11-20 13:17:37

FUBAR
Member
From: Belgium
Registered: 2004-12-08
Posts: 1,029
Website

Re: Shorewall wisdom required please!

If you are running Azureus on the firewall, that will work. If not, change "fw" into "loc".

A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.

Offline

#3 2006-11-20 20:24:11

soylent_green_is_hamster
Member
Registered: 2006-11-15
Posts: 109

Re: Shorewall wisdom required please!

great - thanks for that confirmation (yes azureus is running on the firewall)
I should have mentioned I also added the following as well:

masq: 

eth0                    eth1

was slightly confused by the following entry in my sysctl.conf 

# Disable packet forwarding
net.ipv4.ip_forward=0

what does this actually do?

and does anyone how do I enable my shorewall rules at boot up?

thanks for your help[/b]

Offline

#4 2006-11-21 08:36:27

FUBAR
Member
From: Belgium
Registered: 2004-12-08
Posts: 1,029
Website

Re: Shorewall wisdom required please!

Add "shorewall" to the daemons list in /etc/rc.conf.

A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.

Offline

#5 2006-11-23 14:27:06

soylent_green_is_hamster
Member
Registered: 2006-11-15
Posts: 109

Re: Shorewall wisdom required please!

thanks

Offline

#6 2006-11-23 18:30:50

Snowman
Developer/Forum Fellow
From: Montreal, Canada
Registered: 2004-08-20
Posts: 5,212

Re: Shorewall wisdom required please!

Make sure that shorewall is listed before network so  that the firewall is running  before the network is started.

Offline

#7 2006-11-27 12:26:27

FUBAR
Member
From: Belgium
Registered: 2004-12-08
Posts: 1,029
Website

Re: Shorewall wisdom required please!

Can you explain why?

A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.

Offline

#8 2006-12-16 16:29:48

dolby
Member
From: 1992
Registered: 2006-08-08
Posts: 1,581

Re: Shorewall wisdom required please!

assuming you got a broadband connection u'd want your firewall to be running when you go online.
although if u use detect to BROADCAST in /etc/shorewall/interfaces u need to add it after network

There shouldn't be any reason to learn more editor types than emacs or vi -- mg (1)
[You learn that sarcasm does not often work well in international forums.  That is why we avoid it. -- ewaller (arch linux forum moderator)

Offline

Pages: 1

Board footer

Powered by FluxBB