From: Fajar Priyanto <fajarpri@arinet.org>
To: netfilter@lists.netfilter.org
Subject: shorewall: how to open high port
Date: Thu, 1 Apr 2004 10:13:26 +0700 [thread overview]
Message-ID: <200404011013.29208.fajarpri@arinet.org> (raw)
[-- Attachment #1: clearsigned data --]
[-- Type: Text/Plain, Size: 2547 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear all,
Anyone using shorewall?
I have this strange case. In my notebook, I set the policy and rules like
this:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
net $FW DROP ULOG
$FW net ACCEPT ULOG
loc net ACCEPT ULOG
all all DROP ULOG
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT PORT(S) DEST
ACCEPT:ULOG loc $FW tcp 110 -
ACCEPT:ULOG loc $FW tcp 25 -
ACCEPT:ULOG loc $FW tcp 22,21 -
ACCEPT:ULOG $FW net tcp 5050 -
ACCEPT:ULOG $FW all all - -
DROP:ULOG net $FW all - -
ACCEPT:ULOG net $FW tcp 80 -
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
And in my local server, very similar:
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
fw net ACCEPT
net fw DROP info
#net all DROP info
all all REJECT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT PORT(S) DEST
ACCEPT net fw udp 53 -
ACCEPT net fw tcp
80,443,53,22,20,21,25,109,110,143,783,993,10000 -
ACCEPT fw net all -
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
But the PROBLEM is:
I can't connect to my server using FTP, nor from the server to my notebook. In
/var/log/messages of the server, it drops high port:
Mar 31 21:14:20 server2 kernel: Shorewall:net2fw:DROP:IN=eth0 OUT=
MAC=00:09:6b:a5:b1:65:00:c0:9f:28:15:65:08:00 SRC=192.168.0.234
DST=192.168.0.236 LEN=60 TOS=0x08 PREC=0x00 TTL=64 ID=29064 DF PROTO=TCP
SPT=20 DPT=32802 WINDOW=5840 RES=0x00 SYN URGP=0
Can anyone give me direction here? Why the setting doesn't work? How do I open
this "high port"? Is it safe to do so?
TIA
- --
Fajar Priyanto | Reg'd Linux User #327841 | http://linux.arinet.org
20:20:11 up 12:23, Mandrake Linux release 9.2 (FiveStar) for i586
public key: https://www.arinet.org/fajar-pub.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAa4jYkp5CsIXuxqURAsxsAKDF2ODM1Kj3qSdduM95kW/STnSU7wCfYq1P
pNiSJWmQtqEU4dPLqfpHPfo=
=Paal
-----END PGP SIGNATURE-----
[-- Attachment #2: message.footer --]
[-- Type: text/plain, Size: 244 bytes --]
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
next reply other threads:[~2004-04-01 3:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-01 3:13 Fajar Priyanto [this message]
2004-04-01 5:28 ` shorewall: how to open high port Rob Sterenborg
2004-04-01 14:27 ` Tom Eastep
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200404011013.29208.fajarpri@arinet.org \
--to=fajarpri@arinet.org \
--cc=netfilter@lists.netfilter.org \
--cc=newbie@linux-mandrake.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox