LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 07-28-2003, 05:29 PM   #1
Newman_SCO
Member
 
Registered: Jul 2003
Location: Scotland, Fife
Distribution: Mandrake 9.1
Posts: 31

Rep: Reputation: 15
Putty and Shorewall.. need help with firewall


Hi there,

I am trying to get putty to work remotely over a lan with my mandrake 9.1 box.

I am using xp. When attempting to connect to linux box. It displays "connection refused"

This is down to the shorewall firewall on the linux box.

I have opened ports on shorewall before.

This time I want to be double sure that the port which is going to be opened will not be open to the net. But only the lan.


I have read info about how to do. (below)
=========================================================================
At this point, edit your /etc/shorewall/policy and make any changes that you wish.

Enabling other Connections
If you wish to enable connections from the internet to your firewall, the general format is:
ACTION SOURCE DESTINATION PROTOCOL PORT SOURCE PORT ORIGINAL ADDRESS
ACCEPT net fw <protocol> <port>
Example - You want to run a Web Server and a POP3 Server on your firewall system:

ACTION SOURCE DESTINATION PROTOCOL PORT SOURCE PORT ORIGINAL ADDRESS
ACCEPT net fw tcp 80
ACCEPT net fw tcp 110

If you don't know what port and protocol a particular application uses, see here.
Important: I don't recommend enabling telnet to/from the internet because it uses clear text (even for login!). If you want shell access to your firewall from the internet, use SSH:

ACTION SOURCE DESTINATION PROTOCOL PORT SOURCE PORT ORIGINAL ADDRESS
ACCEPT net fw tcp 22

At this point, edit /etc/shorewall/rules to add other connections as desired
================================================




What I need to do is.

ACCEPT networkadaptername fw tcp 23


-Is this correct to open the port on my linux box to the network?
-And this will not be accessible via the net?

Thank you very much for reading.

And have a good day
 
Old 07-28-2003, 05:41 PM   #2
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 55
Well, I believe instead of source you need to put your network address, such as 10.0.0.0 if you configured your LAN for use 10.0.0.0/8 address space, then as the port use 22 not 23, 23 is telnet, unless you configured sshd to accept connections on port 23 and disabled telnet.
 
Old 07-28-2003, 06:47 PM   #3
Newman_SCO
Member
 
Registered: Jul 2003
Location: Scotland, Fife
Distribution: Mandrake 9.1
Posts: 31

Original Poster
Rep: Reputation: 15
Name it as Network address(ip).. ok..righty then.
And I use port 22. I assumed it was 23 because that was the default no. when I downloaded putty. But as you said that is the telnet default.

I want to use ssh as it is said to be more secure.

Thank you very much Neo77777
 
Old 07-29-2003, 12:07 PM   #4
Newman_SCO
Member
 
Registered: Jul 2003
Location: Scotland, Fife
Distribution: Mandrake 9.1
Posts: 31

Original Poster
Rep: Reputation: 15
Failed to work..

I opened port 22 and 23 to local network in shorewall rules file.

I still get refused connections in putty.


Wrote something like this.
ACCEPT loc fw tcp 22,23

I'm baffled.

Anyone got an idea?
 
Old 08-04-2003, 11:07 AM   #5
Bungholio
LQ Newbie
 
Registered: Jul 2003
Location: Ottawa
Distribution: Mandrake 9.1
Posts: 23

Rep: Reputation: 15
did you try your local ip instead of loc ?
 
Old 08-04-2003, 03:43 PM   #6
mindnumbed
Member
 
Registered: Jul 2003
Location: Scotland
Distribution: Debian
Posts: 74

Rep: Reputation: 15
try disconnecting your mandrake box from the net and then trying:
# shorewall clear
(someone check if this is right?)

it would be useful just to confirm that it is indeed the firewall and not just sshd that is refusing your connection
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
configuring shorewall (firewall) mrbig Linux - Software 2 09-09-2005 11:15 AM
Shorewall Firewall Help Pls kumarsundaram Linux - Security 1 07-16-2005 01:32 AM
Shorewall or other firewall??? SlipAway172 Linux - Security 5 01-25-2005 12:42 AM
Please help me: Shorewall firewall can only ping out neilcpp Linux - Security 2 10-21-2003 03:24 PM
Shorewall Firewall Questions bLaDe Linux - Security 3 08-13-2003 08:46 PM


All times are GMT -5. The time now is 05:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration