Re: Help with SHOREWALL
From: Bit Twister (BitTwister_at_localhost.localdomain)
Date: Tue, 12 Oct 2004 15:31:14 GMT
On Tue, 12 Oct 2004 04:48:22 GMT, Jules wrote:
> Wouldn't I have to enable 'norfc1918' on any interfaces? I haven't.
Told you I was guessing, how would I have known. :)
> Besides, wouldn't 10. private networks be common?
True, that was why I suggested 192.168, the ISP could be using 10.
Comcast is using it to chat at my cable modem.
Dang, thought I had seen a flag to set to see shorewall process rules but
cannot find it.
> - remarked out all rules in RULES file
> - put only one entry in the POLICY file - "all all ACCEPT info"
Here are mine without comments
fw net ACCEPT
net all DROP info
all all REJECT info
> - remarked out all actions in /usr/share/shorewall/actions.std
Hmmm, as I mis-understand it, you copy those files to /etc/shorwall
and modify them there. the /etc/shorewall files superceed the
net eth0 detect
net Net Internet zone