Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-03-2007, 09:51 PM   #1
LQ Newbie
Registered: Jun 2007
Posts: 7

Rep: Reputation: 0
Shorewall Configuration....

Hi to all, i need your help with some configuration on my firewall...
I'm new to linux and new to systems administration, i'm currently trying to set up a firewall using Ubuntu and Shorewall, currently i'm not having problems with it. But there is something that i would want to do. Below are the contents of some of the configuration files of my shorewall.

net eth3 detect
loc eth2
admin eth1
fac eth0


eth3 eth2
eth3 eth1
eth3 eth0



#for checking only
ping/ACCEPT fac: admin:
ACCEPT fac: admin: icmp

ACCEPT fac: admin: tcp
ACCEPT fac: admin: udp

i want my the host (fac: to be able to connect to the database at (admin: Currently, i can ping from, and i can even brows some shared files, however, when i try to connect to the database, running on MS SQL Server, i cant connect to it.

Can anybody give me some ideas on what i have done wrong? and what i should do the get this to work?
Old 10-04-2007, 02:56 PM   #2
LQ Newbie
Registered: Aug 2005
Location: Norway
Distribution: Slackware & Debian.
Posts: 23

Rep: Reputation: 15
It appears that you have not told your shorewall which ports to open.
It is not sufficient to just say "tcp" in the line for your rule, you must also state what port to allow traffic on in the given protocol (tcp=transmission control protocol).

I found this, you can try and see:
1433/tcp ms-sql-s Microsoft-SQL-Server
1433/udp ms-sql-s Microsoft-SQL-Server
1434/tcp ms-sql-m Microsoft-SQL-Monitor
1434/udp ms-sql-m Microsoft-SQL-Monitor

Your rules line would be like:
ACCEPT fac: admin: tcp:1433
ACCEPT fac: admin: udp:1433

Maybe it has to go both ways, i dont know.

Remember to read the logs with "shorewall show log" og just read /var/log/messages manually when it does not work

A tip:
Webmin can be installed on your ubuntu box, and it has a very good, tutoring interface to administer shorewall. I use it myself on a daily basis- give that a try as it makes many of these things clearer if you do not have an internet-map in the head

Last edited by tellef; 10-04-2007 at 02:58 PM.
Old 10-05-2007, 07:22 AM   #3
Senior Member
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 234Reputation: 234Reputation: 234
Is this a perimeter, personal, or dual-purpose firewall?
Old 10-07-2007, 07:15 PM   #4
LQ Newbie
Registered: Jun 2007
Posts: 7

Original Poster
Rep: Reputation: 0
Dear archtoad6,

its actually a dual firewall.



configuration, shorewall

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Shorewall rules Configuration.... tagbantay Linux - Security 1 10-03-2007 09:55 PM
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 09:33 PM
Shorewall configuration help required tranceash Linux - Security 1 09-19-2006 10:27 PM
Shorewall configuration question nazs Linux - Security 1 11-08-2005 04:55 PM
Shorewall configuration ('run_iptables' - problem) Quintus14 Linux - Security 3 02-03-2005 08:16 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:22 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration