Mandrake Linux Archives: security-firewall@mandrivalinux.org
Mandrake Linux: security-firewall@mandrivalinux.org
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
- From: Jim
- Subject: [Security Firewall] I give up
- Date: 6 May 2005 23:21:05 -0000
I've tried everything I can think of and although this worked in MNF1 now I have to figure something out because this no longer works in MNF2. I have two servers connected to the same switch that are part of two separate subnets but part of the same DMZ. 64.x.x.x/26 216.x.x.x/26 - Now to make things interesting, the firewall's DMZ IP is 10.x.x.x and the public IP's are Proxy ARP'ed. I have tried a number of rules but I keep getting this in the firewall logs: May 6 18:43:06 firewall kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=64.x.x.x DST=216.x.x.x LEN=55 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=32840 DPT=53 LEN=35 Now MNF1 would allow this by creating a rule as follows. ACCEPT dmz:64.x.x.x dmz:216.x.x.x tcp domain - 216.x.x.x This doesn't work in MNF2 obviously. I've tried so many different combinations and I'm sure it would be easier if the interface had those IPs... or I created another zone... let's say for this particular example that's not possible. And yes, I've looked at shorewall.net. :) Thanks in advance. Jim
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
- Replies:
- Re: [Security Firewall] I give up
- From: florin
- Re: [Security Firewall] I give up
- Prev by Date: [Security Firewall] ports firewall
- Next by Date: [Security Firewall] how much space is needed?
- Previous by thread: [Security Firewall] ports firewall
- Next by thread: Re: [Security Firewall] I give up
- Index(es):