Re: Help with SHOREWALL

From: Bit Twister (BitTwister_at_localhost.localdomain)
Date: 10/12/04


Date: Tue, 12 Oct 2004 15:31:14 GMT

On Tue, 12 Oct 2004 04:48:22 GMT, Jules wrote:
>
> Wouldn't I have to enable 'norfc1918' on any interfaces? I haven't.

Told you I was guessing, how would I have known. :)

> Besides, wouldn't 10. private networks be common?

True, that was why I suggested 192.168, the ISP could be using 10.
Comcast is using it to chat at my cable modem.

Dang, thought I had seen a flag to set to see shorewall process rules but
cannot find it.

> - remarked out all rules in RULES file
> - put only one entry in the POLICY file - "all all ACCEPT info"

Here are mine without comments
cat policy
fw net ACCEPT
net all DROP info
all all REJECT info

> - remarked out all actions in /usr/share/shorewall/actions.std

Hmmm, as I mis-understand it, you copy those files to /etc/shorwall
and modify them there. the /etc/shorewall files superceed the
/usr/share/shorewall/ files.

cat interfaces
net eth0 detect

cat zones
net Net Internet zone