LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-03-2007, 09:51 PM   #1
tagbantay
LQ Newbie
 
Registered: Jun 2007
Posts: 7

Rep: Reputation: 0
Shorewall Configuration....


Hi to all, i need your help with some configuration on my firewall...
I'm new to linux and new to systems administration, i'm currently trying to set up a firewall using Ubuntu and Shorewall, currently i'm not having problems with it. But there is something that i would want to do. Below are the contents of some of the configuration files of my shorewall.

/etc/shorewall/interfaces
#ZONE INTERFACES BROADCAST
net eth3 detect
loc eth2 192.168.2.0
admin eth1 192.168.3.0
fac eth0 192.138.4.0

/etc/shorewall/masq

#INTERFACE SUBNET ADDRESS
eth3 eth2
eth3 eth1
eth3 eth0


/etc/shorewall/rules

#ACTION SOURCE DESTINATION PROTOCOL

#for checking only
ping/ACCEPT fac:192.168.4.45 admin:192.168.3.3
ACCEPT fac:192.168.4.45 admin:192.168.3.3 icmp


ACCEPT fac:192.168.4.45 admin:192.168.3.3 tcp
ACCEPT fac:192.168.4.45 admin:192.168.3.3 udp


i want my the host 192.168.4.45 (fac:192.168.4.45) to be able to connect to the database at 192.168.3.3 (admin:192.168.3.3). Currently, i can ping 192.168.3.3 from 192.168.4.45, and i can even brows some shared files, however, when i try to connect to the database, running on MS SQL Server, i cant connect to it.

Can anybody give me some ideas on what i have done wrong? and what i should do the get this to work?
 
Old 10-04-2007, 02:56 PM   #2
tellef
LQ Newbie
 
Registered: Aug 2005
Location: Norway
Distribution: Slackware & Debian.
Posts: 23

Rep: Reputation: 15
It appears that you have not told your shorewall which ports to open.
It is not sufficient to just say "tcp" in the line for your rule, you must also state what port to allow traffic on in the given protocol (tcp=transmission control protocol).

I found this, you can try and see:
1433/tcp ms-sql-s Microsoft-SQL-Server
1433/udp ms-sql-s Microsoft-SQL-Server
1434/tcp ms-sql-m Microsoft-SQL-Monitor
1434/udp ms-sql-m Microsoft-SQL-Monitor

Your rules line would be like:
ACCEPT fac:192.168.4.45 admin:192.168.3.3 tcp:1433
ACCEPT fac:192.168.4.45 admin:192.168.3.3 udp:1433

Maybe it has to go both ways, i dont know.


Remember to read the logs with "shorewall show log" og just read /var/log/messages manually when it does not work

A tip:
Webmin can be installed on your ubuntu box, and it has a very good, tutoring interface to administer shorewall. I use it myself on a daily basis- give that a try as it makes many of these things clearer if you do not have an internet-map in the head

Last edited by tellef; 10-04-2007 at 02:58 PM.
 
Old 10-05-2007, 07:22 AM   #3
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 230Reputation: 230Reputation: 230
Is this a perimeter, personal, or dual-purpose firewall?
 
Old 10-07-2007, 07:15 PM   #4
tagbantay
LQ Newbie
 
Registered: Jun 2007
Posts: 7

Original Poster
Rep: Reputation: 0
Dear archtoad6,

its actually a dual firewall.


-tagbantay
 
  


Reply

Tags
configuration, shorewall


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shorewall rules Configuration.... tagbantay Linux - Security 1 10-03-2007 09:55 PM
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 09:33 PM
Shorewall configuration help required tranceash Linux - Security 1 09-19-2006 10:27 PM
Shorewall configuration question nazs Linux - Security 1 11-08-2005 04:55 PM
Shorewall configuration ('run_iptables' - problem) Quintus14 Linux - Security 3 02-03-2005 08:16 AM


All times are GMT -5. The time now is 11:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration