Package: fiaif Version: 1.21.1-16 Severity: normal The zone.int file includes the following setting enabled by default: REDIRECT_PROXY="tcp 80 0.0.0.0/0=>0.0.0.0/0 127.0.0.1 3128. As this redirects all browser traffic to localhost no web browsing is possible with a default fiaif installation in which fiaif is used as a gateway firewall. That doesn't seem to me to be a sane setting. I've been using fiaif for 6 years now and this setting in a new installation had me scratching my head for a while when I couldn't browse the internet, as this has never before been a default setting. This change in default settings is not documented in any changelogs in /usr/share/doc/fiaif.
The symptom of this setting when sniffing traffic from the desktop from which you are attempting to reach the internet is a packet with the rst,ack flags set and the source ip address reported as the actual ip address of the website you're trying to reach. If you don't notice the response time to the outbound ack packet it's not obvious at all that the website itself did not send the rst,ack response. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-trunk-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages fiaif depends on: ii bash 4.1-3 The GNU Bourne Again SHell ii coreutils 8.5-1 GNU core utilities ii cron 3.0pl1-113 process scheduling daemon ii debconf [debconf-2.0] 1.5.33 Debian configuration management sy ii debianutils 3.4 Miscellaneous utilities specific t ii dnsutils 1:9.7.0.dfsg.P1-1 Clients provided with BIND ii grep 2.6.3-3 GNU grep, egrep and fgrep ii iptables 1.4.8-3 administration tools for packet fi ii logtail 1.3.10 Print log file lines that have not ii net-tools 1.60-23 The NET-3 networking toolkit ii sed 4.2.1-7 The GNU sed stream editor ii wget 1.12-2 retrieves files from the web fiaif recommends no packages. Versions of packages fiaif suggests: ii iproute 20100519-3 networking and traffic control too ii linux-image-2.6.32-trunk-amd6 2.6.32-5 Linux 2.6.32 for 64-bit PCs pn ulogd <none> (no description available) -- Configuration Files: /etc/fiaif/aliases [Errno 13] Permission denied: u'/etc/fiaif/aliases' /etc/fiaif/fiaif.conf [Errno 13] Permission denied: u'/etc/fiaif/fiaif.conf' /etc/fiaif/private_networks [Errno 13] Permission denied: u'/etc/fiaif/private_networks' -- debconf information: fiaif/enable_initd: true * fiaif/warning: fiaif/enable_cron: true fiaif/cron_logfile: -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
