I'm doing shorewall configuration based webmin,
I use 3 NIC, where the order
eth0 --> net
eth1 --> loc
eth2 --> loc
in the webmin module, the module shorewall, I make the settings
zones on the network, I made the setting
Code:
#
# Shorewall version 4 - Zones File
#
# For information about this file, type "man shorewall-zones"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-zones.html
#
###############################################################################
#ZONE TYPE OPTIONS IN OPTIONS OUT OPTIONS
#
fw firewall
net ipv4
loc ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
interface on the network, i made setting
Code:
#
# Shorewall version 4 - Interfaces File
#
# For information about entries in this file, type "man shorewall-interfaces"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-interfaces.html
#
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect
loc eth1 detect
loc eth2 detect
#LAST LINE – add your entries before this line – DO NOT REMOVE
on the policies, i made settings
Code:
#
# Shorewall version 4 - Policy File
#
# For information about entries in this file, type "man shorewall-policy"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-policy.html
#
###############################################################################
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
$fw net ACCEPT
loc net ACCEPT
net all DROP
all all REJECT
#LAST LINE – add your entries before this line – DO NOT REMOVE
on the rules, i made setting
Code:
#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
####################################################################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#
# accept connection DNS ( Port DNS 53 )
ACCEPT loc $fw tcp 53
ACCEPT loc $fw udp 53
# accept proxy squid( transparent proxy port 3128 )
ACCEPT loc $fw tcp 3128
DROP net $fw tcp 3128
# accept connection ftp
ACCEPT loc $fw tcp 21
#webmin
ACCEPT loc $fw
ACCEPT $fw loc
# accept connection to SSH
ACCEPT loc $fw tcp 22
#Ping status
ACCEPT loc $fw icmp 8
# Transparent proxy
REDIRECT loc tcp 80
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
and after I do a shorewall start of this then I get the results so
Code:
Module Index
Error
Failed to start firewall :
Compiling...
Initializing...
Determining Zones...
IPv4 Zones: net loc
Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
ERROR: Invalid TARGET in rule "COUNT "
/sbin/shorewall: line 384: 4362 Terminated $command $SHOREWALL_SHELL $sc $@
<- Return to previous page
can you help me, this problem?