LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 08-01-2004, 02:04 PM   #1
peter72
Member
 
Registered: Oct 2002
Location: Charlottesville, VA
Distribution: Ubuntu (home), SLES (work)
Posts: 196
Blog Entries: 1

Rep: Reputation: 30
shorewall problem with firewall itself


I'm stumped on this. I'm running my machine as a router/firewall with 2 nics, one to the cable modem, one 2 my home network. All the client machines are fine. I can mount nfs, do nis, and ssh around and out of my network. However, on my firewall, I can get outside of my network ( www/ssh/ftp etc), but cannot ssh/www/ftp to my local machines. I know this has to be an easy fix. Here are my rules file from /etc/shorewall:

ACCEPT net fw tcp 20022 -
ACCEPT loc fw tcp
ACCEPT loc fw udp
ACCEPT loc fw icmp echo-request -
REDIRECT loc - tcp - -


I also tried to see if it was a redirection problem, but got the same result:

ACCEPT net fw tcp 20022 -
ACCEPT loc fw tcp
ACCEPT loc fw udp
ACCEPT loc fw icmp echo-request -
#REDIRECT loc - tcp - -

This is the error that I get when I try to nmap a local machine:

[root@firewall root]# nmap localmachine

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-08-01 14:00 EDT
sendto in send_ip_raw: sendto(4, packet, 28, 0, 192.168.0.25, 16) => Operation not permitted
sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.0.25, 16) => Operation not permitted
sendto in send_ip_raw: sendto(4, packet, 28, 0, 192.168.0.25, 16) => Operation not permitted
sendto in send_tcp_raw: sendto(3, packet, 40, 0, 192.168.0.25, 16) => Operation not permitted
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.050 seconds

I did a nmap -P0 localmachine with the same results. If I do a shorewall clear, and shut down the firewall I can connect. I think that it has some thing to do with the redirect.

Thanks in advance,

Pete
 
Old 08-01-2004, 02:09 PM   #2
peter72
Member
 
Registered: Oct 2002
Location: Charlottesville, VA
Distribution: Ubuntu (home), SLES (work)
Posts: 196
Blog Entries: 1

Original Poster
Rep: Reputation: 30
A little bad karma here posting to my own question, but I fixed it. Kinda silly. But here is the fix.

ACCEPT net fw tcp 20022 -
ACCEPT loc fw tcp
ACCEPT fw loc tcp
ACCEPT loc fw udp
ACCEPT fw loc udp
ACCEPT loc fw icmp echo-request -
ACCEPT fw loc icmp echo-request -

I set up a rule for going from the fw (firewall) to the loc ( locale network ).

Sorry
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
configuring shorewall (firewall) mrbig Linux - Software 2 09-09-2005 12:15 PM
shorewall firewall problem wisdom Linux - Security 1 02-02-2005 09:27 PM
Shorewall or other firewall??? SlipAway172 Linux - Security 5 01-25-2005 01:42 AM
Shorewall Firewall Questions bLaDe Linux - Security 3 08-13-2003 09:46 PM
Problem with Shorewall Firewall & IPTables Led*Zep Linux - Networking 1 03-15-2003 10:49 PM


All times are GMT -5. The time now is 03:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration