LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Shorewall Routing Rules? (https://www.linuxquestions.org/questions/linux-security-4/shorewall-routing-rules-948393/)

y0_gesh 06-04-2012 01:54 AM
Shorewall Routing Rules?
 
I have a file server in subnet 192.168.2.0. This is subnet A. Subnet B is 172.16.1.0.

A can access B whereas B cannot access A.

How can i configure my shorewall to allow computers in subnet B to get access only to the file server in subnet A.

Noway2 06-05-2012 07:59 AM
This sounds like you need some form of reflexive NAT rule. What is curious is that one subnet can access the other. Does this one subnet perchance have a router associated with it that knows how to get to the other range and is doing some form of address translation?

To try to summarize, your Shorewall will need to know how to translate traffic from one zone, which it may try to route to the 'public' interface and reflect this back to the private interface of the other zone, while providing address translation to the new zone. I don't know the commands to tell you specifically how to do this in Shorewall (as I use a different security appliance), but I had to create some rules to this effect.


All times are GMT -5. The time now is 05:36 PM.