LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Shorewall Configuration.... (https://www.linuxquestions.org/questions/linux-security-4/shorewall-configuration-589265/)

tagbantay 10-03-2007 09:51 PM
Shorewall Configuration....
 
Hi to all, i need your help with some configuration on my firewall...
I'm new to linux and new to systems administration, i'm currently trying to set up a firewall using Ubuntu and Shorewall, currently i'm not having problems with it. But there is something that i would want to do. Below are the contents of some of the configuration files of my shorewall.

/etc/shorewall/interfaces
#ZONE INTERFACES BROADCAST
net eth3 detect
loc eth2 192.168.2.0
admin eth1 192.168.3.0
fac eth0 192.138.4.0

/etc/shorewall/masq

#INTERFACE SUBNET ADDRESS
eth3 eth2
eth3 eth1
eth3 eth0


/etc/shorewall/rules

#ACTION SOURCE DESTINATION PROTOCOL

#for checking only
ping/ACCEPT fac:192.168.4.45 admin:192.168.3.3
ACCEPT fac:192.168.4.45 admin:192.168.3.3 icmp


ACCEPT fac:192.168.4.45 admin:192.168.3.3 tcp
ACCEPT fac:192.168.4.45 admin:192.168.3.3 udp


i want my the host 192.168.4.45 (fac:192.168.4.45) to be able to connect to the database at 192.168.3.3 (admin:192.168.3.3). Currently, i can ping 192.168.3.3 from 192.168.4.45, and i can even brows some shared files, however, when i try to connect to the database, running on MS SQL Server, i cant connect to it.

Can anybody give me some ideas on what i have done wrong? and what i should do the get this to work?

tellef 10-04-2007 02:56 PM
It appears that you have not told your shorewall which ports to open.
It is not sufficient to just say "tcp" in the line for your rule, you must also state what port to allow traffic on in the given protocol (tcp=transmission control protocol).

I found this, you can try and see:
1433/tcp ms-sql-s Microsoft-SQL-Server
1433/udp ms-sql-s Microsoft-SQL-Server
1434/tcp ms-sql-m Microsoft-SQL-Monitor
1434/udp ms-sql-m Microsoft-SQL-Monitor

Your rules line would be like:
ACCEPT fac:192.168.4.45 admin:192.168.3.3 tcp:1433
ACCEPT fac:192.168.4.45 admin:192.168.3.3 udp:1433

Maybe it has to go both ways, i dont know.


Remember to read the logs with "shorewall show log" og just read /var/log/messages manually when it does not work;)

A tip:
Webmin can be installed on your ubuntu box, and it has a very good, tutoring interface to administer shorewall. I use it myself on a daily basis- give that a try as it makes many of these things clearer if you do not have an internet-map in the head :)

archtoad6 10-05-2007 07:22 AM
Is this a perimeter, personal, or dual-purpose firewall?

tagbantay 10-07-2007 07:15 PM
Dear archtoad6,

its actually a dual firewall.


-tagbantay


All times are GMT -5. The time now is 03:05 AM.