LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 07-18-2004, 07:10 PM   #1
peter72
Member
 
Registered: Oct 2002
Location: Charlottesville, VA
Distribution: Ubuntu (home), SLES (work)
Posts: 196
Blog Entries: 1

Rep: Reputation: 30
shorewall config question with /etc/shorewall/rules


Is there an easy way to open up all ports for a trusted device?

This is the current state of my rules file

ACCEPT net fw tcp 80,443,22 -
ACCEPT loc fw tcp 80,443,22 -

I would like to do something like the following if possible:

ACCEPT loc fw tcp all -

But, it isn't that easy. Is there a quick way?
 
Old 07-18-2004, 07:42 PM   #2
Bill Gates 666
Member
 
Registered: Dec 2003
Location: Cambridge
Distribution: Arch
Posts: 68

Rep: Reputation: 22
Yup,

ACCEPT loc fw tcp

or

ACCEPT loc fw tcp - -

should do it...

The default for unspecified ports is 'all'.

You might want to consider whether you want 'UDP' connections as well?? (Not sure what you're doing so couldn't comment :-)
_________
Bill G. #666
 
Old 07-18-2004, 09:28 PM   #3
peter72
Member
 
Registered: Oct 2002
Location: Charlottesville, VA
Distribution: Ubuntu (home), SLES (work)
Posts: 196
Blog Entries: 1

Original Poster
Rep: Reputation: 30
Thanks! Perfect
Here is my set-up, in case anyone cares. My machine (with firewall) has nis, nfs automount and smbfs shared on eth0, and eth1 is connected to cable modem.

Before, I was using a D-Link Di704P router, (lately port forwarding has been really flakey). Through the drakconf (mandrake 10), I set up nis and automount for 3 other machines in my house. Everything is perfect. I then removed the router, added a new ethernet card in my nis server and set up internet sharing. Worked great, however nis stopped on client machines. When I went to configure the firewall, it applied the settings to both devices.

This fixed it:

ACCEPT net fw tcp 22 -
ACCEPT loc fw tcp
ACCEPT loc fw udp
ACCEPT loc fw icmp echo-request -
REDIRECT loc 3128 tcp www -

Thanks again for the help.
 
Old 01-01-2007, 10:33 PM   #4
kiraninfotech
LQ Newbie
 
Registered: Jun 2005
Location: Mumbai,India
Distribution: Fedora 8 x86_64
Posts: 15

Rep: Reputation: 0
Quote:
Originally Posted by peter72
Thanks! Perfect
Here is my set-up, in case anyone cares. My machine (with firewall) has nis, nfs automount and smbfs shared on eth0, and eth1 is connected to cable modem.

Before, I was using a D-Link Di704P router, (lately port forwarding has been really flakey). Through the drakconf (mandrake 10), I set up nis and automount for 3 other machines in my house. Everything is perfect. I then removed the router, added a new ethernet card in my nis server and set up internet sharing. Worked great, however nis stopped on client machines. When I went to configure the firewall, it applied the settings to both devices.

This fixed it:

ACCEPT net fw tcp 22 -
ACCEPT loc fw tcp
ACCEPT loc fw udp
ACCEPT loc fw icmp echo-request -
REDIRECT loc 3128 tcp www -

Thanks again for the help.
How do i block ssh for the world and allow only from my ip. Is that possible with shorewall.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shorewall .....rules or tos? matthewa Linux - Security 3 06-26-2005 02:57 PM
Shorewall ignores the rules? N3K0KUN Linux - Security 3 09-06-2004 03:48 PM
shorewall - rules for multiple local sites gjmwalsh Linux - Security 9 06-19-2004 11:06 PM
Config shorewall-two-interface question satimis Linux - Networking 0 11-04-2003 11:32 AM
Shorewall policies + rules richlawson Linux - Networking 2 06-29-2003 12:35 PM


All times are GMT -5. The time now is 05:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration