[shadesOfGray]

Hi to all, i need your help with some configuration on my firewall...
I'm new to linux and new to systems administration, i'm currently trying to set up a firewall using Ubuntu and Shorewall, currently i'm not having problems with it. But there is something that i would want to do. Below are the contents of some of the configuration files of my shorewall.

/etc/shorewall/interfaces
#ZONE INTERFACES BROADCAST
net eth3 detect
loc eth2 192.168.2.0
admin eth1 192.168.3.0
fac eth0 192.138.4.0

/etc/shorewall/masq

#INTERFACE SUBNET ADDRESS
eth3 eth2
eth3 eth1
eth3 eth0


/etc/shorewall/rules

#ACTION SOURCE DESTINATION PROTOCOL

#for checking only
ping/ACCEPT fac:192.168.4.45 admin:192.168.3.3
ACCEPT fac:192.168.4.45 admin:192.168.3.3 icmp


ACCEPT fac:192.168.4.45 admin:192.168.3.3 tcp
ACCEPT fac:192.168.4.45 admin:192.168.3.3 udp


i want my the host 192.168.4.45 (fac:192.168.4.45) to be able to connect to the database at 192.168.3.3 (admin:192.168.3.3). Currently, i can ping 192.168.3.3 from 192.168.4.45, and i can even brows some shared files, however, when i try to connect to the database, running on MS SQL Server, i cant connect to it.

Can anybody give me some ideas on what i have done wrong? and what i should do the get this to work?

[lotuseclat79]

Can you login to admin and ping host from your account?

Its not so much as having done anything wrong, per se, but only that the firewall rules need to be sorted out.

From the looks of it you probably need rules that are the reverse of what you have posted, such as (I'm guessing):

ACCEPT admin:192.168.3.3 fac:192.168.4.45 tcp
ACCEPT admin:192.168.3.3 fac:192.168.4.45 udp

I would try the above to see if it works and if not back them out, as it may be something else - and its never a good thing to have the wrong firewall rules.

Have you consulted any Shorewall documentation?

-- Tom

[shadesOfGray]

first, thank you for sharing your idea, and i'll give it a try, but honestly, i dont think it'll work, because if i do change it to

ACCEPT admin:192.168.3.3 fac:192.168.4.45 tcp
ACCEPT admin:192.168.3.3 fac:192.168.4.45 udp

it would mean that the source would be the admin:192.168.3.3 and the destination would be fac:192.168.4.45? which is the opposit of what i would want.

i'm really missing something here co'z, like i've said, i can PING to the host and even browse through some shared files on admin:192.168.3.3...

do i have to make some changes witht he set up of my MS SQL server to grant connection from fac:192.168.4.45?

[lotuseclat79]

Hi shadesOfGray,

Shorewall is an alternative to Firestarter. It allows more options to be set, but is more difficult to use. It can be administered from a GUI using Webmin.

Read Getting Started with Shorewall here.

I do not know about the MS SQL server requirements - possibly.

-- Tom

[shadesOfGray]

Dear Lotuseclat79,

Thank you so much for you help, as a newbie i really need some guiding hand.
I'll read the tutorial, or Shorewall guide once again as advised by you. Maybe i just forgot to read some lines there...

Once again, thank you very much....

[lotuseclat79]

Hi shadesOfGray,

Saw this and thought it might be of interest to you. Note: Debian and Ubuntu are very close, so the info should also work on Ubuntu.

-- Tom