instalation shorewall on the webmin

Discussion in 'Installation/Configuration' started by kipluxer, May 30, 2009.

  1. kipluxer

    kipluxer New Member

    I'm doing shorewall configuration based webmin,
    I use 3 NIC, where the order
    eth0 --> net
    eth1 --> loc
    eth2 --> loc

    in the webmin module, the module shorewall, I make the settings

    zones on the network, I made the setting

    Code:
     #
    # Shorewall version 4 - Zones File
    #
    # For information about this file, type "man shorewall-zones"
    #
    # The manpage is also online at
    # http://www.shorewall.net/manpages/shorewall-zones.html
    #
    ###############################################################################
    #ZONE	TYPE		OPTIONS		IN OPTIONS			OUT OPTIONS
    #
    fw	firewall
    net     ipv4 
    loc     ipv4 
    #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
    
    interface on the network, i made setting

    Code:
    #
    # Shorewall version 4 - Interfaces File
    #
    # For information about entries in this file, type "man shorewall-interfaces"
    #
    # The manpage is also online at
    # http://www.shorewall.net/manpages/shorewall-interfaces.html
    #
    ###############################################################################
    #ZONE	INTERFACE	BROADCAST	OPTIONS
    net 	eth0 		detect 		
    loc 	eth1 		detect
    loc     eth2            detect
    #LAST LINE – add your entries before this line – DO NOT REMOVE
     
    on the policies, i made settings

    Code:
    #
    # Shorewall version 4 - Policy File
    #
    # For information about entries in this file, type "man shorewall-policy"
    #
    # The manpage is also online at
    # http://www.shorewall.net/manpages/shorewall-policy.html
    #
    ###############################################################################
    #SOURCE	DEST	POLICY		LOG	LIMIT:		CONNLIMIT:
    #				LEVEL	BURST		MASK
    
    $fw 	net 	ACCEPT
    loc 	net 	ACCEPT
    net 	all 	DROP
    all 	all 	REJECT
    #LAST LINE – add your entries before this line – DO NOT REMOVE
     
    on the rules, i made setting

    Code:
    #
    # Shorewall version 4 - Rules File
    #
    # For information on the settings in this file, type "man shorewall-rules"
    #
    # The manpage is also online at
    # http://www.shorewall.net/manpages/shorewall-rules.html
    #
    ####################################################################################################################################################
    #ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL
    RATE		USER/	MARK	CONNLIMIT	TIME
    #							PORT	PORT(S)		DEST		LIMIT		GROUP
    #
    
    # accept connection DNS ( Port DNS 53 )
    ACCEPT	loc	$fw	tcp	53
    ACCEPT	loc	$fw	udp	53
    
    # accept proxy squid( transparent proxy port 3128 )
    ACCEPT	loc	$fw	tcp	3128
    DROP	net	$fw	tcp	3128
    
    # accept connection ftp
    ACCEPT loc $fw tcp 21
    
    #webmin
    ACCEPT loc $fw
    ACCEPT $fw loc
    
    # accept connection to SSH
    ACCEPT loc $fw tcp 22
    
    #Ping status
    ACCEPT	loc	$fw	icmp	8
    
    # Transparent proxy
    REDIRECT loc	tcp	80
    
    
    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
     

    and after I do a shorewall start of this then I get the results so

    Code:
    Module Index
    	Error 	
    Failed to start firewall :
    
    Compiling...
    Initializing...
    Determining Zones...
       IPv4 Zones: net loc
       Firewall Zone: fw
    Validating interfaces file...
    Validating hosts file...
    Pre-processing Actions...
       Pre-processing /usr/share/shorewall/action.Drop...
       ERROR: Invalid TARGET in rule "COUNT        "
    /sbin/shorewall: line 384:  4362 Terminated              $command $SHOREWALL_SHELL $sc $@
    
    <-  Return to previous page
     

    can you help me, this problem?
     
    Last edited: May 30, 2009

Share This Page