So I guess that after checking and correcting the shorewall's
configuration files routing (eg connecting from LAN to the internet)
should work.
But in fact it doesn't.
Please log on my testing machine and check what could disable/block
shorewall :
http://drive.google.com/uc?export=view&id=1GMRU8w0EoZpfah9xiet4u-4Xhj5O4nJi
Currently I'm runing on simple configuration
(/etc/network/if-up.d/firewall -see below) and routing for LAN and WLAN
working just fine. I'd like to try shorewall but I don't know why it
doesn't work on my machine.
#!/bin/sh
WAN=enp1s0
/sbin/modprobe iptables > /dev/null 2>&1
/sbin/modprobe nf_conntrack > /dev/null 2>&1
/sbin/modprobe nf_conntrack_ftp > /dev/null 2>&1
/sbin/modprobe ip_nat_ftp > /dev/null 2>&1
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -P INPUT DROP
iptables -A INPUT ! -i ${WAN} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
iptables -I INPUT -p tcp --dport 22 -i ${WAN} -j ACCEPT
exit 0
Regards,
B
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
