Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-18-2004, 06:10 PM
|
#1
|
Member
Registered: Oct 2002
Location: Charlottesville, VA
Distribution: Ubuntu (home), SLES (work)
Posts: 196
Rep:
|
shorewall config question with /etc/shorewall/rules
Is there an easy way to open up all ports for a trusted device?
This is the current state of my rules file
ACCEPT net fw tcp 80,443,22 -
ACCEPT loc fw tcp 80,443,22 -
I would like to do something like the following if possible:
ACCEPT loc fw tcp all -
But, it isn't that easy. Is there a quick way?
|
|
|
07-18-2004, 06:42 PM
|
#2
|
Member
Registered: Dec 2003
Location: Cambridge
Distribution: Arch, Gentoo, OpenSUSE
Posts: 70
Rep:
|
Yup,
ACCEPT loc fw tcp
or
ACCEPT loc fw tcp - -
should do it...
The default for unspecified ports is 'all'.
You might want to consider whether you want 'UDP' connections as well?? (Not sure what you're doing so couldn't comment :-)
_________
Bill G. #666
|
|
|
07-18-2004, 08:28 PM
|
#3
|
Member
Registered: Oct 2002
Location: Charlottesville, VA
Distribution: Ubuntu (home), SLES (work)
Posts: 196
Original Poster
Rep:
|
Thanks! Perfect
Here is my set-up, in case anyone cares. My machine (with firewall) has nis, nfs automount and smbfs shared on eth0, and eth1 is connected to cable modem.
Before, I was using a D-Link Di704P router, (lately port forwarding has been really flakey). Through the drakconf (mandrake 10), I set up nis and automount for 3 other machines in my house. Everything is perfect. I then removed the router, added a new ethernet card in my nis server and set up internet sharing. Worked great, however nis stopped on client machines. When I went to configure the firewall, it applied the settings to both devices.
This fixed it:
ACCEPT net fw tcp 22 -
ACCEPT loc fw tcp
ACCEPT loc fw udp
ACCEPT loc fw icmp echo-request -
REDIRECT loc 3128 tcp www -
Thanks again for the help.
|
|
|
01-01-2007, 09:33 PM
|
#4
|
LQ Newbie
Registered: Jun 2005
Location: Mumbai,India
Distribution: Fedora 8 x86_64
Posts: 15
Rep:
|
Quote:
Originally Posted by peter72
Thanks! Perfect
Here is my set-up, in case anyone cares. My machine (with firewall) has nis, nfs automount and smbfs shared on eth0, and eth1 is connected to cable modem.
Before, I was using a D-Link Di704P router, (lately port forwarding has been really flakey). Through the drakconf (mandrake 10), I set up nis and automount for 3 other machines in my house. Everything is perfect. I then removed the router, added a new ethernet card in my nis server and set up internet sharing. Worked great, however nis stopped on client machines. When I went to configure the firewall, it applied the settings to both devices.
This fixed it:
ACCEPT net fw tcp 22 -
ACCEPT loc fw tcp
ACCEPT loc fw udp
ACCEPT loc fw icmp echo-request -
REDIRECT loc 3128 tcp www -
Thanks again for the help.
|
How do i block ssh for the world and allow only from my ip. Is that possible with shorewall.
|
|
|
All times are GMT -5. The time now is 03:37 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|