Re: Help with SHOREWALL

From: Jules (jules_at_nowhere.com)
Date: 10/12/04


Date: Tue, 12 Oct 2004 04:48:22 GMT

Bit Twister wrote:
> On Tue, 12 Oct 2004 03:52:34 GMT, Jules wrote:
>
>>My new installation of shorewall on a test machine is blocking
>>everything (as far as I can tell). To test it, I made the following
>>changes;
>>
>>- remarked out all rules in RULES file
>>- put only one entry in the POLICY file - "all all ACCEPT info"
>>- remarked out all actions in /usr/share/shorewall/actions.std
>>
>>I assume the above changes would make the system wide open, but it still
>>doesn't work - I can't ping anything. My log (/var/log/messages) says;
>>
>>...Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=10.0.0.1 DST=10.0.0.99...
>>
>>where 10.0.0.1 is the firewall machine and 10.0.0.99 is another host.
>>Eth1 is working (can ping other hosts ok when shorewall is stopped).
>
>
> Why are you using 10.0.0.* It would be better to use 192.168.x.x
>
> Guessing the rfc1918 list gotcha
>

Wouldn't I have to enable 'norfc1918' on any interfaces? I haven't.
Besides, wouldn't 10. private networks be common?