Jza Posted July 7, 2006 Report Share Posted July 7, 2006 I have my laptop on DMZ from my LAN however I dont want to be completley unprotected so I want to configure shorewall and have some services active on my lan but blocked to the outside internet. I know shorewall does this by using zones, I havent been able to find much documentation of shorewall what I need is basically create and manage the zone on shorewall and then block the port on the WEB zone and open on the LAN one. Any suggestion? Quote Link to comment Share on other sites More sharing options...
Murda Posted July 7, 2006 Report Share Posted July 7, 2006 Hi. Why are you using your laptop on a DMZ? You should put it to the LAN side. Otherwise, it might be a bit difficult. Checking your firewall's configuration might also help. Check this too: DMZ Quote Link to comment Share on other sites More sharing options...
SoulSe Posted July 7, 2006 Report Share Posted July 7, 2006 What you're trying to do is possible, but I would reccommend buffing yourself up with some iptables knoweldge first. The easier approach would be to use a router / hardware firewall to achieve this. How are you connecting to the 'net? Got a router already? Most of them have simple wizards for setting up port forwarding to the outside world and limiting port availability outside of that schema. There are some nice projects out there that allow you to turn an old computer into an easy-to-manage, dedicated router. Mandriva has one such project, but I like smoothwall more. I was posting at the same time as Murda - he is right about the DMZ classification and what I suggested handles this in the correct manner (by protecting LAN traffic and only provisioning outside ports where specified). Quote Link to comment Share on other sites More sharing options...
Jza Posted July 20, 2006 Author Report Share Posted July 20, 2006 What you're trying to do is possible, but I would reccommend buffing yourself up with some iptables knoweldge first. The easier approach would be to use a router / hardware firewall to achieve this. How are you connecting to the 'net? Got a router already? Most of them have simple wizards for setting up port forwarding to the outside world and limiting port availability outside of that schema. There are some nice projects out there that allow you to turn an old computer into an easy-to-manage, dedicated router. Mandriva has one such project, but I like smoothwall more. I was posting at the same time as Murda - he is right about the DMZ classification and what I suggested handles this in the correct manner (by protecting LAN traffic and only provisioning outside ports where specified). Not sure what you mean, I have a hardware router. But that is not what I asked, I already mention I am on the DMZ zone from the Linksys router. I have my shorewall activated on my laptop and I want to configure it so I can open the ports to a LAN zone which includes my other 2 machines. Quote Link to comment Share on other sites More sharing options...
scoonma Posted July 20, 2006 Report Share Posted July 20, 2006 Not sure what you mean, I have a hardware router. But that is not what I asked, I already mention I am on the DMZ zone from the Linksys router. I have my shorewall activated on my laptop and I want to configure it so I can open the ports to a LAN zone which includes my other 2 machines. A (very short and abstract) concept of a firewall is as followed: LAN ----- DMZ -------- Internet Servers in the DMZ are partially exposed to the internet, (i.e. why the zone is DM,no?) Where is your router within this sceme? Where is your Laptop? Regards, Scoonma Quote Link to comment Share on other sites More sharing options...
tyme Posted July 20, 2006 Report Share Posted July 20, 2006 Usually with a router and a DMZ it'd be something like: LAN | | Router -- Internet | | DMZ Because, if I'm reading him correctly, his router has a DMZ port on it. Either that or the router allows you to just say "make this port a DMZ" and that port on the router becomes a figurative "DMZ". Quote Link to comment Share on other sites More sharing options...
camelrider Posted July 21, 2006 Report Share Posted July 21, 2006 For Shorewall documentation and archives of Shorewall-users mailing list see: www.shorewall.net. Quote Link to comment Share on other sites More sharing options...
Jza Posted July 21, 2006 Author Report Share Posted July 21, 2006 (edited) A (very short and abstract) concept of a firewall is as followed: LAN ----- DMZ -------- Internet Servers in the DMZ are partially exposed to the internet, (i.e. why the zone is DM,no?) Where is your router within this sceme? Where is your Laptop? I understand the concept of DMZ what I am not sure you are aware is that we are talking about 2 firewalls. one is the hardware firewall (linksys) and the one in my laptop (shorewall) whch is the mandriva has. The mandriva firewall currently is blocking all the necesary ports that I need to the internet AND the LAN. What I want is to generate a zone for the LAN IP's and open some ports like networking without opening the port to the greater internet. For Shorewall documentation and archives of Shorewall-users mailing list see:www.shorewall.net. Yes that is my question, how can I create a zone for the LAN (192.168.x.x) and open the conection for x protocols. The documentation didn't explain how to do it, it just gave the definitions of the firewall, that is why I am asking here but everyone is more concern about explaining network topology. While my question is directed to how to configure the shorewall firewall by creating a zone for my LAN and port forwarding the services that I need. Edited July 21, 2006 by Jza Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.