webmin/shorewall

Bungholio · 08-03-2003, 09:14 PM

Hi, thanks for looking (i did search).

Ive got webmin setup on my linuxbox which is a firewall/webserver, and i have one win2kpro computer networked via dhcp.

I can access webmin from the linuxbox, https://192.168.0.1:10000 no problems ... however when i try to access from my windows computer, or for anyone else to try, it doesnt work

... (my linuxbox is mandrake9.1 w/ shorewall)

this is what ive tried so far:

in miniserv.conf ive tried adding both

allow=192.168.1.1 (the ip for eth1 in my linuxbox thats connected to the winbox)

and

allow=192.168.1.253 (the ip the winbox has taken)

neither worked

so i tried removing the allow lines, and theoretically if i had no firewall, anyone should be able to access webmin.

however i do have shorewall, so i tried adding a rule for port 10000 in /etc/shorewall/rules

ACCEPT loc fw tcp 10000 - -
ACCEPT loc fw udp 10000 - -

from what i understand, those two rules will allow any connection on my local network (loc) to access tcp/udp transfers on port 10000, however after restarting shorewall, it still did not work

im not sure what to do

.. if you need more info, ill be happy to post, thanks for any tips or advice,
Al

Bungholio · 08-04-2003, 05:44 PM

ok, ive also tried these rules too

ACCEPT loc:192.168.1.253,192.168.1.1 fw tcp 10000 -
ACCEPT loc:192.168.1.253,192.168.1.1 fw udp 10000 -

and also tried adding this to my /etc/shorewall/policy

ACCEPT loc fw

no luck yet ... i can access http://192.168.0.1 from the winbox, but not https://192.168.0.1:10000

please help

echidna · 09-02-2003, 09:44 AM

I was suffering the same problem (mdk9.1 + win98).
Adding this rule worked for me;

# Allow Webmin access from local net
#
ACCEPT loc fw tcp 10000
#

where loc is the local zone and fw is the inbuilt firewall zone.
Do you need the Ip address specifications here?
also don't forget to restart shorewall ie. /sbin/shorewall restart so that it sees the new rules.
good luck

hobylinux · 09-16-2003, 12:50 AM

hey, guys. mind if i jump in here and ask how you defined your local zone? i've had trouble defining it. i'm running shorewall on two clients behind a linksys firewall/router, with the ips 192.168.1.100 and 192.168.1.101, respectively. both computers have only one interface. i tried adding "loc eth0:192.168.1.0/24" to my /etc/shorewall/hosts file, and then adding "loc fw ACCEPT" to my /etc/shorewall/policy file, but i still can't connect my two machines together. any suggestions?

sorry to jump into your thread like this.