Re: [Shorewall-users] www / ftp / ping

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

If I understand this correctly, I am assuming your firewall server and =
your web server are served from the same machine.

If this is so, you need to realize your firewall machine is in the fw =
zone, and not the local zone.  Add or modify rules to allow net-to-fw =
rather than net-to-local if this is in fact true.  That should solve at =
least your www issue.

FTP is a special case, but since it's working local-to-net, it should =
also work if you add a fw-to-net as well.

John Stroud
  ----- Original Message -----=20
  From: Yogesh Sharma=20
  To: Shorewall Users=20
  Sent: Sunday, December 09, 2001 11:05 AM
  Subject: [Shorewall-users] www / ftp / ping

  Hi group,

  Please help !!

  1. How can I provide www access to outside world to my website running =
at my server:
  2. From outside I cannot ping my server
  3. I cannot download using ftp from any of the website (from my =
server) but If I do ftp from any network laptop/pc I am able to do that.

  server is acting as router/ip masq/firewall/dhcp server
  eth1 connected to internet
  eth0 connected to internal hub=20

  I added following rules:
  accept net local tcp www
  accept local net tcp www

  This is coming in /var/log/message for www access:

  <datetime> <servername> kernel: Shorewall:net2all:DROP:IN=3Deth1 =
OUT=3D MAC=3D<idofcard> SRC=3D<src ip> DST=3D<ip of my eth1> LEN-60 =
TOS=3D0x00 PREC=3D0x00 TTL=3D61 ID=3D32230 DF PROTO=3DTCP SPT=3D3752 =
DPT=3D80 WINDOW=3D32120 RES=3D0x00 SYN URGP=3D0

  This is coming in /var/log/message when I am trying to connect to any =
ftpserver from my server:

  <datetime> <servername> kernel: Shorewall:all2all:REJECT:IN=3D =
OUT=3Deth1 SRC=3D< ip of my server> DST=3D<ftpserver ip> LEN-60 =
TOS=3D0x10 PREC=3D0x00 TTL=3D64 ID=3D14336 PROTO=3DTCP SPT=3D33342 =
DPT=3D21 WINDOW=3D5840 RES=3D0x00 SYN URGP=3D0

  Thanks