Help with SHOREWALL

From: Jules (jules_at_nowhere.com)
Date: 10/12/04


Date: Tue, 12 Oct 2004 03:52:34 GMT

My new installation of shorewall on a test machine is blocking
everything (as far as I can tell). To test it, I made the following
changes;

- remarked out all rules in RULES file
- put only one entry in the POLICY file - "all all ACCEPT info"
- remarked out all actions in /usr/share/shorewall/actions.std

I assume the above changes would make the system wide open, but it still
doesn't work - I can't ping anything. My log (/var/log/messages) says;

...Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=10.0.0.1 DST=10.0.0.99...

where 10.0.0.1 is the firewall machine and 10.0.0.99 is another host.
Eth1 is working (can ping other hosts ok when shorewall is stopped).

Have I misunderstood how shorewall works? I went through the quickstart
guide, documentation, FAQs, etc. and couldn't find the answer.

Thanks in advance.



Relevant Pages

  • Re: Help with SHOREWALL
    ... >>My new installation of shorewall on a test machine is blocking ... >>Eth1 is working (can ping other hosts ok when shorewall is stopped). ...
    (comp.security.firewalls)
  • Re: Help with SHOREWALL
    ... > My new installation of shorewall on a test machine is blocking ... > - remarked out all rules in RULES file ...
    (comp.security.firewalls)
  • RE: Securing Fedora Core 4
    ... >> Other people like shorewall. ... >> I think SELinux depends on some of the kernel hooks and such. ... > I installed LIDS and really liked the way it worked. ... Again with the host function segregation. ...
    (Focus-Linux)
  • Re: Is this problem solvable?
    ... working services you could use (rsh, vnc, X Server)? ... which presumably is to allow nothing except ping. ... I have to add pinholes in the ADSL modem to open ports, ... and also have to open ports in shorewall. ...
    (Fedora)
  • Shorewall and ping latency
    ... I'm setting up a firewall based on Shorewall 2.2 from Debian stable ... When shutting down Shorewall I have a ping latency at around 0.1 ms ... 10 packets transmitted, 10 packets received, 0% packet loss ...
    (comp.os.linux.networking)