Menu
▾
▴
Re: [leaf-user] leaf-user Digest, Vol 204, Issue 3
|
From: Sławek A. <sa...@wa...> - 2025-11-25 21:01:37
|
Big thanks. It's very nice that you want to help me. But your solution doesn't work. For clarity, I added the IP numbers I approved to /etc/shorewall/rules as you wrote. And /etc/shorewall/policy was (I added line numbers): 1 # 2 # Shorewall -- /etc/shorewall/policy 3 # 4 # For information about entries in this file, type "man shorewall-policy" 5 # 6 # The manpage is also online at 7 # http://www.shorewall.net/manpages/shorewall-policy.html 8 # 9 ############################################################################### 10 #SOURCE DEST POLICY LOGLEVEL LIMIT CONNLIMIT 11 #loc net ACCEPT 12 loc fw REJECT 13 net all DROP 14 # If you want open access to the Internet from your Firewall 15 # remowe the comment from the following line. 16 #fw net ACCEPT 17 # THE FOLLOWING POLICY MUST BE LAST 18 # 19 all all REJECT NFLOG(4,0,4) I commented out line 11 and added line 12. And it doesn't work. No local IP has internet. I uncommented line 11 without sucses. Still no net. So I commented line 12. And every local IP has access again. Probably the problem is in other place. W dniu 25.11.2025 o 13:19, lea...@li... pisze: > Message: 1 > Date: Mon, 24 Nov 2025 08:36:05 -0500 > From: "Robert K Coffman Jr. -Info From Data Corp." > <bco...@in...> > To:lea...@li... > Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 1 > Message-ID:<e43...@in...> > Content-Type: text/plain; charset="UTF-8" > > If I am understanding you correctly, this is how I would accomplish > that. I'm assuming Shorewall (the default firewall on Leaf, unless > that has changed) is running. You can confirm by: > shorewall status > You should see a message including "Shorewall is running." > If you do, edit /etc/shorewall/policy and look for the line that is > similar to this: > loc fw ACCEPT > In that line, change ACCEPT to REJECT > Then, in /etc/shorewall/rules, add these rules for the IPs you want to > allow from your lan to connect to your firewall, one line for each IP: > ACCEPT loc:192.168.0.5/24 fw all > The /24 assumes that your subnet mask for your firewall is > 255.255.255.0. If it is different, you will need to modify that, and > of course make the IP address match your config. > After you make that edit, run: > > shorewall restart > > Verify it was successful, and you should be good to go. > > - Robert > > On 11/22/2025 10:44:33 AM, S?awek Adamski via leaf-user wrote: > > Hello Robert, > Thanks a lot for your response. Hmm... the documentation of leaf > Bering uClibc is unavailable again: > " > Sorry! This site is experiencing technical difficulties. > Try waiting a few minutes and reloading. > (Cannot access the database) > " A month ago I copied near all of that as html files. My answer for > you question: I haven't even tried. I don't know how. Marco described > another solution for me, but I'm not a Linux man. I didn't understand > that. So I did what I described. It works, but not exactly how I > wanted. W dniu 22.11.2025 o 13:14, > [1]lea...@li... pisze: Message: 1 Date: > Fri, 21 Nov 2025 12:39:03 -0500 From: "Robert K Coffman Jr. -Info From Data Corp." > [2]<bco...@in...> > [3]To:lea...@li... > Subject: Re: [leaf-user] Problem with configuration. > Message-ID:[4]<66b...@in... > > Content-Type: text/plain; charset="UTF-8" > S?awek, > Did you overcome the problems you had with this? > - Robert > On 10/28/2025 4:50:11 PM, S?awek Adamski via leaf-user wrote: > Hi, > Please forgive my poor English. > I have small success. My leaf bering boots from USB and works. > Near > properly. Near. > I have two PC. One with Windows 11 and second for leaf. Both > have > keyboards and monitors. > Steps I took: > 1. Using image Bering-uClibc_x86_vga.img and Rasberry Pi > Imager I > recorded the first USB with version 7.0.0. In Rasberry Pi > Imager I > set the login and password for that leaf. > 2. The partition on the USB had only 64 MB so using DiskGenius > I > expanded it to 128 MB. > 3. I logged into the booted from USB and upgraded doing: > upgrade > --release 7.5.1. > 4. I configured that a little. > And it works. My PC with Windows has access to net via > firewall. My > firewall ignores pings to him. And longing to him from net is > impossible. And I changed the IP4 number to one I made up. > But I need two things in configuration. First I want ignore > local > connections from IP doesn't accepted by me. I wrote the > accepted > list to hosts.allow. Something like that, of course with my > IP: > # Allow anything from the local net > #ALL: 192.168.1.0/255.255.255.0 > 192.168.1.x > 192.168.1.y > 192.168.1.z > where 192.168.1.x, 192.168.1.y and 192.168.1.z are the allowed > IP by > me. > But it doesn't work. I don' understood the guide. I'm not > linux man. > Probably it must be done in other way. > The second which I want is to have working webconf. Now it is > still > asking for login and password in not ending loop. From > Firefox, > Chrome and Edge. Seems something is wrong. > Best Regards > S?awek > > -------------------------------------------------------------------- > ---- > leaf-user mailing list: [[5]1]lea...@li... > [2][6]https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- [3][7]http://leaf-project.org/ > -- > Robert K Coffman Jr. > Info From Data Corp. > 3307249000 > [[8]4]su...@in... > References > [9]1.mailto:lea...@li... > 2.https://lists.sourceforge.net/lists/listinfo/leaf-user > 3.http://leaf-project.org/ > [10]4.mailto:su...@in... > ------------------------------ > ------------------------------ > Subject: Digest Footer > _______________________________________________ > leaf-user mailing list > [11]lea...@li... > [12]https://lists.sourceforge.net/lists/listinfo/leaf-user > ------------------------------ > End of leaf-user Digest, Vol 204, Issue 1 > ***************************************** > > -------------------------------------------------------------------- > ---- > leaf-user mailing list: [13]lea...@li... > [14]https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- [15]http://leaf-project.org/ > > -- > Robert K Coffman Jr. > Info From Data Corp. > 3307249000 > [16]su...@in... > > References > > 1.mailto:lea...@li... > 2.mailto:bco...@in... > 3.mailto:To:lea...@li... > 4.mailto:66b...@in... > 5.mailto:1]lea...@li... > 6.https://lists.sourceforge.net/lists/listinfo/leaf-user > 7.http://leaf-project.org/ > 8.mailto:4]su...@in... > 9.mailto:1.mailto:lea...@li... > 10.mailto:4.mailto:su...@in... > 11.mailto:lea...@li... > 12.https://lists.sourceforge.net/lists/listinfo/leaf-user > 13.mailto:lea...@li... > 14.https://lists.sourceforge.net/lists/listinfo/leaf-user > 15.http://leaf-project.org/ > 16.mailto:su...@in... > > > ------------------------------ > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > leaf-user mailing list > lea...@li... > https://lists.sourceforge.net/lists/listinfo/leaf-user > > > ------------------------------ > > End of leaf-user Digest, Vol 204, Issue 3 > ***************************************** |
