Re: Shorewall
To |
"Debian CZ/SK project discussion list" <czdebian-l zavinac debian bod cz> |
From |
Dodik zavinac xnetpn bod sk |
Date |
Fri, 10 Mar 2006 14:12:06 +0100 (CET) |
Importance |
Normal |
User-agent |
SquirrelMail/1.4.6 [CVS] |
No asi som zle napisal co potrebujem :)
Mal som skor na mylimi nieco take, ze net mi ide cez eth0 a na eth1 mam
siet 192.168.111.x a 192.168.112.x a na 111.x by som chcel niektore
sluzby zakazat a na 112.x by som chcel toho povolit viac...
> mozne to je, lehce se to lisi, v zavislosti na verzi shorewallu -- nicmene
> odlisnosti nejsou tak zasadni. napr. pro v.3.0 (debian unstable):
>
> klicovy je soubor hosts, kde se nastavi prave ty rozsahy, pak uz je to
> snadny
> -- kazdy rozsah je pojmenovan (vlastni zona) a lze s nim zachazet jako se
> zonou.
>
> predpokladam, ze ucel je, aby pocitace z lokalni site mohli pristupovat na
> ruzne sluzby, zatimco pocitace z internetu se k temto sluzbam nedostali,
> pricemz pocitac ma jen jedno rozhrani a pocitace z internetu se k nemu
> dostanou
> nepr. pres port forwarding? nize vyseky z me konfigurace:
>
> - - - - /etc/shorewall/hosts
>
> #ZONE HOST(S) OPTIONS
>
> net eth0:!192.168.2.0/24
> loc eth0:192.168.2.0/24
>
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
>
> - - - - /etc/shorewall/interfaces
>
> #ZONE INTERFACE BROADCAST OPTIONS
>
> - eth0 detect dhcp
>
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> - - - - /etc/shorewall/policy
>
> #SOURCE DEST POLICY LOG
> LIMIT:BURST
> # LEVEL
>
> $FW net ACCEPT
> net all DROP info
> all all REJECT info
>
> $FW loc ACCEPT
> loc $FW ACCEPT
>
> #LAST LINE -- DO NOT REMOVE
>
> - - - - /etc/shorewall/zones
>
> #ZONE TYPE OPTIONS IN OUT
> # OPTIONS OPTIONS
>
> fw firewall
> net ipv4
> loc ipv4
>
> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
>
> - - - - /etc/shorewall/rules
>
> ACCEPT net $FW tcp ssh
> ACCEPT net $FW tcp 8080
> ACCEPT net $FW tcp 8443
> ACCEPT net $FW tcp 2401
> ACCEPT net $FW tcp 5901
> ACCEPT net $FW tcp 5902
>
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> doufam ze pomohlo.
>
> pro dalsi info se lze obratit na dokumentaci shorewallu.
>
> m.
>
> On Thu, Mar 09, 2006 at 06:12:44PM +0100, Dodik zavinac xnetpn bod sk wrote:
>> Dobry den,
>> chcel by som vediet ci je mozne(a ak ano tak ako) nastavit shorewall tak
>> aby pre ip 192.168.111.x platili ine nastavenia(napriklad blokovanie
>> portov) ako pre ip 192.168.112.x ???
>>
>> A este jedna otazka ktoru som mal polozit asi skor je, ze ci je mozne
>> aby
>> shorewall pracoval s dvoma rozsahmi(111.x a 112.x) na eth1???
>>
>> za odpovede velmi pekne dakujem...
>>
>> S pozdravom Dodik
>> ________________________________________________
>> CZdebian-l maillist - CZdebian-l zavinac debian bod cz
>> http://www.debian.cz/mailman/listinfo/czdebian-l
>> E-mail (un)subscriptions: czdebian-l-request zavinac debian bod cz
> ________________________________________________
> CZdebian-l maillist - CZdebian-l zavinac debian bod cz
> http://www.debian.cz/mailman/listinfo/czdebian-l
> E-mail (un)subscriptions: czdebian-l-request zavinac debian bod cz
>
>
> ________ Information from NOD32 ________
> This message was checked by NOD32 Antivirus System for Linux Mail Server.
> http://www.nod32.com
>
Partial thread listing:
- Re: Shorewall, (pokračuje)