Re: Help with SHOREWALL
From: Jules (jules_at_nowhere.com)
Date: 10/12/04
- Next message: Steven Ung: "Re: Pix Firewall: How to Block MSN?"
- Previous message: Don Kelloway: "Re: Pix Firewall: How to Block MSN?"
- In reply to: Bit Twister: "Re: Help with SHOREWALL"
- Next in thread: Bit Twister: "Re: Help with SHOREWALL"
- Reply: Bit Twister: "Re: Help with SHOREWALL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 12 Oct 2004 04:48:22 GMT
Bit Twister wrote:
> On Tue, 12 Oct 2004 03:52:34 GMT, Jules wrote:
>
>>My new installation of shorewall on a test machine is blocking
>>everything (as far as I can tell). To test it, I made the following
>>changes;
>>
>>- remarked out all rules in RULES file
>>- put only one entry in the POLICY file - "all all ACCEPT info"
>>- remarked out all actions in /usr/share/shorewall/actions.std
>>
>>I assume the above changes would make the system wide open, but it still
>>doesn't work - I can't ping anything. My log (/var/log/messages) says;
>>
>>...Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=10.0.0.1 DST=10.0.0.99...
>>
>>where 10.0.0.1 is the firewall machine and 10.0.0.99 is another host.
>>Eth1 is working (can ping other hosts ok when shorewall is stopped).
>
>
> Why are you using 10.0.0.* It would be better to use 192.168.x.x
>
> Guessing the rfc1918 list gotcha
>
Wouldn't I have to enable 'norfc1918' on any interfaces? I haven't.
Besides, wouldn't 10. private networks be common?
- Next message: Steven Ung: "Re: Pix Firewall: How to Block MSN?"
- Previous message: Don Kelloway: "Re: Pix Firewall: How to Block MSN?"
- In reply to: Bit Twister: "Re: Help with SHOREWALL"
- Next in thread: Bit Twister: "Re: Help with SHOREWALL"
- Reply: Bit Twister: "Re: Help with SHOREWALL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
