Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-30-2004, 01:24 AM   #1
Registered: Jun 2004
Location: Denver, Colorado
Distribution: Ubuntu
Posts: 240

Rep: Reputation: 31
Shorewall nested zones

Ok, I've managed to screw up on the shorewall config. I'm on another system so I can type this, so let's see if I can accurately get across what my configuration looks like right now.

I'm setting up a pretty basic network. I have a cable modem connected to a wireless router talking to a wireless bridge. The bridge is connected to a switch on which reside all my computers at the moment. The three permanant ones are WinXP, Win98SE, and MDK 9.2.

I'd like to set up the mandrake box as a web server, but also have it trust my local machines (so ... set them up as a specific zone and allow broader access to that zone). I'm not using the linux box as a firewall for the network, but more as a client/server /on/ the network, so I've only got one ethernet card installed.

I set up the interfaces file something like this:
-        eth0,
#ZONE       HOST(S)               OPTIONS
loc1        eth0:
loc2        eth0:
fw          eth0:     # is this necessary?
The router is, bridge is, linux box is The windows boxes are given DHCP addresses by the router ranging from to

policy - I opened it to troubleshoot
all        all       ACCEPT    info
rules - opened this also for troubleshooting
#                                              PORT(S)  DEST
ACCEPT   all     all    icmp    echo-request
Now I ping the linux box. I can't ping it even as localhost from the linux box. No information pops up in the /var/log/messages file for that. When I try to ping from outside (from the windows boxes), I get a "Request Timed Out" from that box, and the linux box records:
"loc2fw" ACCEPT ... the one strange thing I noticed is that the source address is correct, but the destination address seems to always be for some reason. I'm not pinging a hostname, I'm using ping to try and ping the linux box.

Originally I'd posted a resemblance of this problem on the network forum here because I didn't know what was causing it. They directed me to shorewall and I've found a lot and am basically starting over with that program.

I've been reading and re-reading the shoreline firewall page and documentation, but I just can't seem to get anything to work the way I'd like.

Any suggestions?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 10:33 PM
Starting a nested X (or something like that :-D) oribd Linux - Newbie 2 10-21-2005 08:33 AM
C++ nested classes enemorales Programming 5 05-23-2005 04:40 PM
Nested structures :S? alitrix Programming 11 11-15-2003 08:13 PM
dns zones jmono Linux - Networking 3 05-19-2003 10:39 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:37 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration