Firewall Setup / Shoreline
Bruce Marshall
bmarsh at bmarsh.com
Fri Nov 23 23:31:38 UTC 2007
On Friday 23 November 2007, Karl-Heinz Schulz wrote:
> I have followed the tutorial to set up the firewall (shoreline) but I
> still cannot my box from the outside via http or ssh/
>
> The output of the shoreline test shows
> -----------------------------------------------------------------
> Checking...
> Initializing...
> Determining Zones...
> IPv4 Zones: net loc
> Firewall Zone: fw
> Validating interfaces file...
> Validating hosts file...
> Pre-processing Actions...
> Pre-processing /usr/share/shorewall/action.Drop...
> Pre-processing /usr/share/shorewall/action.Reject...
> Validating Policy file...
> Determining Hosts in Zones...
> net Zone: eth0:0.0.0.0/0
> WARNING: Zone loc is empty
> Deleting user chains...
> Checking /etc/shorewall/routestopped ...
> Creating Interface Chains...
> Checking Common Rules
> Adding Anti-smurf Rules
> Enabling RFC1918 Filtering
> Checking TCP Flags checking...
> Checking Kernel Route Filtering...
> Checking Martian Logging...
> Compiling IP Forwarding...
> Checking /etc/shorewall/rules...
> Checking Actions...
> Checking /usr/share/shorewall/action.Drop for Chain Drop...
> Checking /usr/share/shorewall/action.Reject for Chain Reject...
> Checking /etc/shorewall/policy...
> Checking Traffic Control Rules...
> Checking Rule Activation...
> Shorewall configuration verified
>
> .. your firewall configuration looks OK.
> -----------------------------------------------------------------
>
> the output of my rules are
>
> # PORT PORT(S) DEST LIMIT GROUP
> ACCEPT net $FW icmp 8
> ACCEPT $FW net icmp
> ACCEPT net fw tcp ssh,www,https,smtp,pop3,pop3s,imap2,imaps,submi
> ssion
> ACCEPT net $FW udp https
>
> and of my zones:
>
> fw firewall
> net ipv4 #
> loc ipv4
>
>
> What am I missing?
>
> TIA
Is your firewall machine the one you want to talk to? or do you want to
talk to some other machine on your LAN?
More information about the ubuntu-users
mailing list