Menu
▾
▴
Re: [leaf-user] leaf-user Digest, Vol 204, Issue 3
|
From: Erich T. <eri...@th...> - 2025-11-25 23:22:34
|
Hi Folks If I understand this issue correctly it started with a AI built config, not with something set in either the shorewall documentation or with a simple config as distributed with LEAF. Please correct me if this is not the case. It appears to me that the OP does not have a strong conceptual understanding of his network topology. I would suggest to lay down the concept of this installation instead of explaining what alledgedly is not working, e.g. the logical and physical layout of the network(s). Based on this I am positive that the group can suggest solutions. I understand that the shorewall documentation by Tom is complex. It shows at what high abstraction level Tom was able to think when he designed, wrote and documented shorewall. I understand also that many if not all of us will not easily absorb this, at least I need to reread often. My 2 cents. cheers ET Am 25.11.2025 um 22:01 schrieb Sławek Adamski via leaf-user: > Big thanks. It's very nice that you want to help me. But your solution > doesn't work. For clarity, I added the IP numbers I approved to > /etc/shorewall/rules as you wrote. And /etc/shorewall/policy was > (I added line numbers): > > 1 # > 2 # Shorewall -- /etc/shorewall/policy > 3 # > 4 # For information about entries in this file, type "man > shorewall-policy" > 5 # > 6 # The manpage is also online at > 7 # http://www.shorewall.net/manpages/shorewall-policy.html > 8 # > 9 > ############################################################################### > 10 #SOURCE DEST POLICY LOGLEVEL LIMIT CONNLIMIT > 11 #loc net ACCEPT > 12 loc fw REJECT > 13 net all DROP > 14 # If you want open access to the Internet from your Firewall > 15 # remowe the comment from the following line. > 16 #fw net ACCEPT > 17 # THE FOLLOWING POLICY MUST BE LAST > 18 # > 19 all all REJECT NFLOG(4,0,4) > > I commented out line 11 and added line 12. And it doesn't work. > No local IP has internet. I uncommented line 11 without sucses. > Still no net. So I commented line 12. And every local IP has access > again. Probably the problem is in other place. > > W dniu 25.11.2025 o 13:19, lea...@li... pisze: >> Message: 1 >> Date: Mon, 24 Nov 2025 08:36:05 -0500 >> From: "Robert K Coffman Jr. -Info From Data Corp." >> <bco...@in...> >> To:lea...@li... >> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 1 >> Message-ID:<e43...@in...> >> Content-Type: text/plain; charset="UTF-8" >> >> If I am understanding you correctly, this is how I would accomplish >> that. I'm assuming Shorewall (the default firewall on Leaf, unless >> that has changed) is running. You can confirm by: >> shorewall status >> You should see a message including "Shorewall is running." >> If you do, edit /etc/shorewall/policy and look for the line that is >> similar to this: >> loc fw ACCEPT >> In that line, change ACCEPT to REJECT >> Then, in /etc/shorewall/rules, add these rules for the IPs you >> want to >> allow from your lan to connect to your firewall, one line for each >> IP: >> ACCEPT loc:192.168.0.5/24 fw all >> The /24 assumes that your subnet mask for your firewall is >> 255.255.255.0. If it is different, you will need to modify that, and >> of course make the IP address match your config. >> After you make that edit, run: >> >> shorewall restart >> >> Verify it was successful, and you should be good to go. >> >> - Robert >> >> On 11/22/2025 10:44:33 AM, S?awek Adamski via leaf-user wrote: >> >> Hello Robert, >> Thanks a lot for your response. Hmm... the documentation of leaf >> Bering uClibc is unavailable again: >> " >> Sorry! This site is experiencing technical difficulties. >> Try waiting a few minutes and reloading. >> (Cannot access the database) >> " A month ago I copied near all of that as html files. My answer >> for you question: I haven't even tried. I don't know how. Marco >> described another solution for me, but I'm not a Linux man. I didn't >> understand that. So I did what I described. It works, but not exactly >> how I wanted. W dniu 22.11.2025 o 13:14, [1]leaf-user- >> re...@li... pisze: Message: 1 Date: Fri, 21 Nov 2025 >> 12:39:03 -0500 From: "Robert K Coffman Jr. -Info From Data Corp." >> [2]<bco...@in...> >> [3]To:lea...@li... >> Subject: Re: [leaf-user] Problem with configuration. >> Message-ID:[4]<66b68c95- >> ace...@in... > >> Content-Type: text/plain; charset="UTF-8" >> S?awek, >> Did you overcome the problems you had with this? >> - Robert >> On 10/28/2025 4:50:11 PM, S?awek Adamski via leaf-user wrote: >> Hi, >> Please forgive my poor English. >> I have small success. My leaf bering boots from USB and >> works. >> Near >> properly. Near. >> I have two PC. One with Windows 11 and second for leaf. Both >> have >> keyboards and monitors. >> Steps I took: >> 1. Using image Bering-uClibc_x86_vga.img and Rasberry Pi >> Imager I >> recorded the first USB with version 7.0.0. In Rasberry Pi >> Imager I >> set the login and password for that leaf. >> 2. The partition on the USB had only 64 MB so using >> DiskGenius >> I >> expanded it to 128 MB. >> 3. I logged into the booted from USB and upgraded doing: >> upgrade >> --release 7.5.1. >> 4. I configured that a little. >> And it works. My PC with Windows has access to net via >> firewall. My >> firewall ignores pings to him. And longing to him from net is >> impossible. And I changed the IP4 number to one I made up. >> But I need two things in configuration. First I want ignore >> local >> connections from IP doesn't accepted by me. I wrote the >> accepted >> list to hosts.allow. Something like that, of course with my >> IP: >> # Allow anything from the local net >> #ALL: 192.168.1.0/255.255.255.0 >> 192.168.1.x >> 192.168.1.y >> 192.168.1.z >> where 192.168.1.x, 192.168.1.y and 192.168.1.z are the >> allowed >> IP by >> me. >> But it doesn't work. I don' understood the guide. I'm not >> linux man. >> Probably it must be done in other way. >> The second which I want is to have working webconf. Now it is >> still >> asking for login and password in not ending loop. From >> Firefox, >> Chrome and Edge. Seems something is wrong. >> Best Regards >> S?awek >> >> >> -------------------------------------------------------------------- >> ---- >> leaf-user mailing list: [[5]1]lea...@li... >> [2][6]https://lists.sourceforge.net/lists/listinfo/leaf-user >> Support Request -- [3][7]http://leaf-project.org/ >> -- >> Robert K Coffman Jr. >> Info From Data Corp. >> 3307249000 >> [[8]4]su...@in... >> References >> [9]1.mailto:lea...@li... >> 2.https://lists.sourceforge.net/lists/listinfo/leaf-user >> 3.http://leaf-project.org/ >> [10]4.mailto:su...@in... >> ------------------------------ >> ------------------------------ >> Subject: Digest Footer >> _______________________________________________ >> leaf-user mailing list >> [11]lea...@li... >> [12]https://lists.sourceforge.net/lists/listinfo/leaf-user >> ------------------------------ >> End of leaf-user Digest, Vol 204, Issue 1 >> ***************************************** >> >> >> -------------------------------------------------------------------- >> ---- >> leaf-user mailing list: [13]lea...@li... >> [14]https://lists.sourceforge.net/lists/listinfo/leaf-user >> Support Request -- [15]http://leaf-project.org/ >> >> -- >> Robert K Coffman Jr. >> Info From Data Corp. >> 3307249000 >> [16]su...@in... >> >> References >> >> 1.mailto:lea...@li... >> 2.mailto:bco...@in... >> 3.mailto:To:lea...@li... >> 4.mailto:66b...@in... >> 5.mailto:1]lea...@li... >> 6.https://lists.sourceforge.net/lists/listinfo/leaf-user >> 7.http://leaf-project.org/ >> 8.mailto:4]su...@in... >> 9.mailto:1.mailto:lea...@li... >> 10.mailto:4.mailto:su...@in... >> 11.mailto:lea...@li... >> 12.https://lists.sourceforge.net/lists/listinfo/leaf-user >> 13.mailto:lea...@li... >> 14.https://lists.sourceforge.net/lists/listinfo/leaf-user >> 15.http://leaf-project.org/ >> 16.mailto:su...@in... >> >> >> ------------------------------ >> >> >> >> ------------------------------ >> >> Subject: Digest Footer >> >> _______________________________________________ >> leaf-user mailing list >> lea...@li... >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> >> >> ------------------------------ >> >> End of leaf-user Digest, Vol 204, Issue 3 >> ***************************************** > > > ------------------------------------------------------------------------ > leaf-user mailing list: lea...@li... > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ -- „Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“ ―Friedrich Nietzsche |
