LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-19-2014, 09:46 PM   #1
hdeh
LQ Newbie
 
Registered: Aug 2014
Posts: 2

Rep: Reputation: Disabled
Shorewall won't "ACCEPT" IP address


Hello,

I have a pretty simple setup.
  • eth1 -> internet connection, has DHCP (net)
  • eth2 -> local network (lan)

I plug eth1 into the a router/internet connection, plug a laptop or AP into eth2 and get connected.

I am automatically redirecting all traffic (using an ipset called cpwhitelistme) to a local page on a local server port 80 (captive portal):
Code:
#REDIRECT       lan:!+cpwhitelistime    80,443  tcp     80,443
I am trying to exclude a certain URL (143.95.38.203) from that redirect and want that URL to always work. I tried:
Code:
ACCEPT          all             net:143.95.38.203       all
But it doesn't work. Any idea how I can "whitelist" and NOT redirect that particular IP?

Here's my complete shorewall RULES file:

Code:
##################################################################
#ACTION         SOURCE          DEST            PROTO   DEST PORT
#
#SECTION ALL
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW

#       Don't allow connection pickup from the net
#
Invalid(DROP)   net             all
#
#       Accept DNS connections from the firewall to the network
#
DNS(ACCEPT)     $FW             net
#
#       Accept SSH connections from the local network for administration
#
SSH(ACCEPT)     lan             $FW
#
#       Allow Ping from the local network
#
Ping(ACCEPT)    lan             $FW

#
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#

Ping(DROP)      net             $FW

ACCEPT          $FW             lan             icmp
ACCEPT          $FW             net             icmp

#
#       CUSTOM config below
#
ACCEPT          all             net:143.95.38.203       all
#REDIRECT       lan:!+cpwhitelistime    80,443  tcp     80,443
#REDIRECT       lan             3128            tcp     www
#
Thanks in advance!

Last edited by hdeh; 08-19-2014 at 09:47 PM.
 
Old 08-22-2014, 03:16 PM   #2
hdeh
LQ Newbie
 
Registered: Aug 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
... Is this a dumb question, or are people just not super familiar with iptables/shorewall rules?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Reuse socket fails "Address already in use" or "Connection refused" dec10 Programming 3 05-15-2010 01:14 PM
Occasionally-- "connected with self-assigned address," "deactivating device eth0" MaxIBoy Debian 4 10-04-2009 11:50 AM
IPTables has a "drop all anywhere" and "accept all anywhere" Zero187 Linux - Security 4 06-18-2009 08:09 PM
Hardy won't startup, stops with a "fail" and I have to "ctrl+alt+del" to boot. brjoon1021 Ubuntu 10 12-15-2008 07:29 PM
difference between "Web server local URL" and "IPv4 address"? kpachopoulos Linux - General 2 09-17-2004 02:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration