Shorewall Configuration....
Hi to all, i need your help with some configuration on my firewall...
I'm new to linux and new to systems administration, i'm currently trying to set up a firewall using Ubuntu and Shorewall, currently i'm not having problems with it. But there is something that i would want to do. Below are the contents of some of the configuration files of my shorewall. /etc/shorewall/interfaces #ZONE INTERFACES BROADCAST net eth3 detect loc eth2 192.168.2.0 admin eth1 192.168.3.0 fac eth0 192.138.4.0 /etc/shorewall/masq #INTERFACE SUBNET ADDRESS eth3 eth2 eth3 eth1 eth3 eth0 /etc/shorewall/rules #ACTION SOURCE DESTINATION PROTOCOL #for checking only ping/ACCEPT fac:192.168.4.45 admin:192.168.3.3 ACCEPT fac:192.168.4.45 admin:192.168.3.3 icmp ACCEPT fac:192.168.4.45 admin:192.168.3.3 tcp ACCEPT fac:192.168.4.45 admin:192.168.3.3 udp i want my the host 192.168.4.45 (fac:192.168.4.45) to be able to connect to the database at 192.168.3.3 (admin:192.168.3.3). Currently, i can ping 192.168.3.3 from 192.168.4.45, and i can even brows some shared files, however, when i try to connect to the database, running on MS SQL Server, i cant connect to it. Can anybody give me some ideas on what i have done wrong? and what i should do the get this to work? |
It appears that you have not told your shorewall which ports to open.
It is not sufficient to just say "tcp" in the line for your rule, you must also state what port to allow traffic on in the given protocol (tcp=transmission control protocol). I found this, you can try and see: 1433/tcp ms-sql-s Microsoft-SQL-Server 1433/udp ms-sql-s Microsoft-SQL-Server 1434/tcp ms-sql-m Microsoft-SQL-Monitor 1434/udp ms-sql-m Microsoft-SQL-Monitor Your rules line would be like: ACCEPT fac:192.168.4.45 admin:192.168.3.3 tcp:1433 ACCEPT fac:192.168.4.45 admin:192.168.3.3 udp:1433 Maybe it has to go both ways, i dont know. Remember to read the logs with "shorewall show log" og just read /var/log/messages manually when it does not work;) A tip: Webmin can be installed on your ubuntu box, and it has a very good, tutoring interface to administer shorewall. I use it myself on a daily basis- give that a try as it makes many of these things clearer if you do not have an internet-map in the head :) |
Is this a perimeter, personal, or dual-purpose firewall?
|
Dear archtoad6,
its actually a dual firewall. -tagbantay |
All times are GMT -5. The time now is 03:05 AM. |