Quote:
Originally Posted by mongo86
[snip]
The problem is that when I attempt to connect to the UI from another machine, I can see the connection requests being rejected by shorewall. [snip]
Im fairly comfortable with command-line OSs and understand basic Linux commands, etc, but I have no idea how to stop shorewall blocking my connections.
[snip]
|
For reference, Shorewall, like (almost) all Linux OS based firewalls, use iptables v4 &|R v6. To open or close connections, one adjusts the iptables "rules" which can be done from (most) firewall interfaces, or, if fairly adept with iptables rules, edit the file and appropriate lines of code directly.
It may sound hard but once the language of iptables is learned, it is not. It
is dangerous because the wrong code can block or open everything( not sure which is worse ...
) so one needs to be careful.
The point being that whether one is using a local firewall like Shorewall or an external dedicated firewall(or both as in OP's case), an understanding iptables is essential to managing the application. Expert knowledge is not needed for management but the basics are.
FWIW, I have not had to edit the iptables directly for years. The
Smoothwall interface(web & openssh) is clumsy but sufficient to get the tasks done. I do not use Shorewall as having two firewalls running was redundant and, as it appeared, a total waste of time( I'm not that paranoid. ). Not having the iptables and Shorewall overhead on the local system(s) makes the system easier to use for many things. I basically replaced Shorewall with
clamav... and, dependent upon general security problems|alerts, IDS(
snort, which, BTW, can run on the dedicated Smoothwall firewall).