LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-30-2004, 01:24 AM   #1
JohnLocke
Member
 
Registered: Jun 2004
Location: Denver, Colorado
Distribution: Ubuntu
Posts: 240

Rep: Reputation: 31
Shorewall nested zones


Ok, I've managed to screw up on the shorewall config. I'm on another system so I can type this, so let's see if I can accurately get across what my configuration looks like right now.

I'm setting up a pretty basic network. I have a cable modem connected to a wireless router talking to a wireless bridge. The bridge is connected to a switch on which reside all my computers at the moment. The three permanant ones are WinXP, Win98SE, and MDK 9.2.

I'd like to set up the mandrake box as a web server, but also have it trust my local machines (so ... set them up as a specific zone and allow broader access to that zone). I'm not using the linux box as a firewall for the network, but more as a client/server /on/ the network, so I've only got one ethernet card installed.

I set up the interfaces file something like this:
Code:
#ZONE    INTERFACE    BROADCAST    OPTIONS
-        eth0         192.168.1.127,192.168.1.255
hosts:
Code:
#ZONE       HOST(S)               OPTIONS
loc1        eth0:192.168.1.0/25
loc2        eth0:192.168.1.128/25
fw          eth0:192.168.1.3     # is this necessary?
The router is 192.168.1.1, bridge is 192.168.1.2, linux box is 192.168.1.3. The windows boxes are given DHCP addresses by the router ranging from 192.168.1.128 to 192.168.1.255.

policy - I opened it to troubleshoot
Code:
#SOURCE    DEST      POLICY    LOG LEVEL    LIMIT:BURST
all        all       ACCEPT    info
rules - opened this also for troubleshooting
Code:
#ACTION  SOURCE  DEST   PROTO   DEST PORT(S)   SOURCE   ORIGINAL
#                                              PORT(S)  DEST
ACCEPT   all     all    icmp    echo-request
Now I ping the linux box. I can't ping it even as localhost from the linux box. No information pops up in the /var/log/messages file for that. When I try to ping from outside (from the windows boxes), I get a "Request Timed Out" from that box, and the linux box records:
"loc2fw" ACCEPT ... the one strange thing I noticed is that the source address is correct, but the destination address seems to always be 192.168.1.255 for some reason. I'm not pinging a hostname, I'm using ping 192.168.1.3 to try and ping the linux box.

Originally I'd posted a resemblance of this problem on the network forum here because I didn't know what was causing it. They directed me to shorewall and I've found a lot and am basically starting over with that program.

I've been reading and re-reading the shoreline firewall page and documentation, but I just can't seem to get anything to work the way I'd like.

Any suggestions?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 10:33 PM
Starting a nested X (or something like that :-D) oribd Linux - Newbie 2 10-21-2005 08:33 AM
C++ nested classes enemorales Programming 5 05-23-2005 04:40 PM
Nested structures :S? alitrix Programming 11 11-15-2003 08:13 PM
dns zones jmono Linux - Networking 3 05-19-2003 10:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration