shorewall / iptables. I just did some tweaking with it and on the one
hand got bumped off of ICS and on the other suddenly my name service works.
So now I just have to nail down what it is specifically. I suppose it
is about time I learned iptables, although it ain't like I don't have
enough to keep me off the streets at night. ;-)
I note that shorewall prints the following as it is starting up. Port
53 can be seen in a number of places, as well as "domain".
> [root@enigma jcolling]# service shorewall start
> Processing /etc/shorewall/shorewall.conf ...
> Processing /etc/shorewall/params ...
> Starting Shorewall...
> Loading Modules...
> Initializing...
> Determining Zones...
> Zones: net masq loc
> Validating interfaces file...
> Validating hosts file...
> Validating Policy file...
> Determining Hosts in Zones...
> Net Zone: eth0:0.0.0.0/0
> Masquerade Zone: eth1:0.0.0.0/0
> Warning: Zone loc is empty
> Deleting user chains...
> Creating input Chains...
> Configuring Proxy ARP
> Setting up NAT...
> Adding Common Rules
> Adding rules for DHCP
> IP Forwarding Enabled
> Processing /etc/shorewall/tunnels...
> Processing /etc/shorewall/rules...
> Rule "ACCEPT net fw udp 53 -" added.
> Rule "ACCEPT net fw tcp 80,443,53,22,20,21 -" added.
> Rule "ACCEPT masq fw udp 53 -" added.
> Rule "ACCEPT masq fw tcp 80,443,53,22,20,21 -" added.
> Rule "ACCEPT loc fw udp 53 -" added.
> Rule "ACCEPT loc fw tcp 80,443,53,22,20,21 -" added.
> Rule "ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -" added.
> Rule "ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -" added.
> Rule "ACCEPT fw masq tcp 631,137,138,139 -" added.
> Rule "ACCEPT fw masq udp 631,137,138,139 -" added.
> Setting up ICMP Echo handling...
> Processing /etc/shorewall/policy...
> Policy ACCEPT for fw to net using chain fw2net
> Policy REJECT for fw to masq using chain all2all
> Policy DROP for net to fw using chain net2all
> Policy REJECT for masq to fw using chain all2all
> Policy ACCEPT for masq to net using chain masq2net
> Policy REJECT for loc to fw using chain all2all
> Policy ACCEPT for loc to net using chain loc2net
> Masqueraded Subnets and Hosts:
> To 0.0.0.0/0 from 192.168.1.0/255.255.255.0 through eth0
> Processing /etc/shorewall/tos...
> Rule "all all tcp - ssh 16" added.
> Rule "all all tcp ssh - 16" added.
> Rule "all all tcp - ftp 16" added.
> Rule "all all tcp ftp - 16" added.
> Rule "all all tcp ftp-data - 8" added.
> Rule "all all tcp - ftp-data 8" added.
> Activating Rules...
> Shorewall Started
> [root@enigma jcolling]#
Alice Lafox wrote:
> On 22 ������� 2002 23:43, Jim C wrote:
>
> It seems to me that here is your problem:
>
>>level 6 prefix `Shorewall:FORWARD:REJECT:'
>>reject all -- 0.0.0.0/0 0.0.0.0/0
>
>
> When I've installed Shorewall, I've got the same problem.
> You may or setup correctly Shorewall (I don't know how yet:/)
> or clear firewall rules:
>
> # /etc/init.d/iptables stop
> # iptables save
> # /etc/init.d/iptables start
>
> and add after only needed rules
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
