Firewall Setup / Shoreline

Bruce Marshall bmarsh at bmarsh.com
Fri Nov 23 23:31:38 UTC 2007


On Friday 23 November 2007, Karl-Heinz Schulz wrote:
> I have followed the tutorial to set up the firewall (shoreline) but I
> still cannot my box from the outside via http or ssh/
>
> The output of the shoreline test shows
> -----------------------------------------------------------------
> Checking...
> Initializing...
> Determining Zones...
>    IPv4 Zones: net loc
>    Firewall Zone: fw
> Validating interfaces file...
> Validating hosts file...
> Pre-processing Actions...
>    Pre-processing /usr/share/shorewall/action.Drop...
>    Pre-processing /usr/share/shorewall/action.Reject...
> Validating Policy file...
> Determining Hosts in Zones...
>    net Zone: eth0:0.0.0.0/0
>    WARNING: Zone loc is empty
> Deleting user chains...
> Checking /etc/shorewall/routestopped ...
> Creating Interface Chains...
> Checking Common Rules
> Adding Anti-smurf Rules
> Enabling RFC1918 Filtering
> Checking TCP Flags checking...
> Checking Kernel Route Filtering...
> Checking Martian Logging...
> Compiling IP Forwarding...
> Checking /etc/shorewall/rules...
> Checking Actions...
> Checking /usr/share/shorewall/action.Drop for Chain Drop...
> Checking /usr/share/shorewall/action.Reject for Chain Reject...
> Checking /etc/shorewall/policy...
> Checking Traffic Control Rules...
> Checking Rule Activation...
> Shorewall configuration verified
>
> .. your firewall configuration looks OK.
> -----------------------------------------------------------------
>
> the output of my rules are
>
> # PORT PORT(S) DEST LIMIT GROUP
> ACCEPT  net     $FW     icmp    8
> ACCEPT  $FW     net     icmp
> ACCEPT net fw tcp ssh,www,https,smtp,pop3,pop3s,imap2,imaps,submi
> ssion
> ACCEPT  net     $FW     udp     https
>
> and of my zones:
>
> fw      firewall
> net     ipv4                            #
> loc     ipv4
>
>
> What am I missing?
>
> TIA

Is your  firewall machine the one you want to talk to?   or do you want to 
talk to some other machine on your LAN?






More information about the ubuntu-users mailing list