"Art Beane" <[EMAIL PROTECTED]> writes: > shorewall-1.3.11-1mdk > > There doesn't seem to be any more recent version on the updates/mnf8.2 > mirrors.
you can use the latest cooker shorewall version ... but the DNAT forwarding may be broken ... because the syntax has changed ... > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Florin > Sent: Tuesday, May 25, 2004 4:13 PM > To: [EMAIL PROTECTED] > Subject: Re: [Security Firewall] Shorewall:rfc1918:DROP issue > > "Art Beane" <[EMAIL PROTECTED]> writes: > > > SBC (formerly Southwestern Bell) has begun routing addresses in the > > 70.240.0.0 - 70.240.255.255 address range onto the public Internet. One of > > my user's DSL link has been reassigned into that range. I've had the > > untrusted/WAN interface on mnf8.2 set to NORFC1918 and discovered that > these > > addresses are being blocked: > > > > May 25 14:46:34 firewall kernel: Shorewall:rfc1918:DROP:IN=eth1 OUT=eth0 > > SRC=70.240.xxx.xxx DST=192.168.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=111 > > ID=6403 DF PROTO=TCP SPT=1076 DPT=25 WINDOW=64240 RES=0x00 SYN URGP=0 > > May 25 14:56:11 firewall kernel: Shorewall:rfc1918:DROP:IN=eth1 OUT=eth0 > > SRC=70.240.xxx.xxx DST=192.168.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=239 > > ID=26257 DF PROTO=TCP SPT=4710 DPT=143 WINDOW=0 RES=0x00 ACK RST URGP=0 > > > > I've shut off the NORFC1918 on the interface, so the user can now connect > to > > his email. But, I'd like to get this resolved and get RFC1918 blocking > > turned back on. > > > > 1) Why is MNF treating 70/8 network as RFC1918? > > 2) Is there a way to make RFC1918 blocking strictly adhere to 10/8, > > 172.16/12 and 192.168/16? > > > > Thanks for any help. > > What shorewall version are we talking about ? -- Florin Grad http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
