Justin et al;
Thanks for you help, but I do not fully understand what is going on here.
I still have the MNF default rule:
15 ACCEPT lan wan tcp http
So I am not sure how adding your suggestion will help. I added it
anyways, but to no avail :( ...
About my isp, issue you mention to turn on more verbose logging.
]#ps -ef |grep ppp
Root 27162 27151 0 21:40 ? 00:00:00 /usr/sbin/pppd pty /usr/sbin/ppp
Root 27163 27162 0 21:40 ? 00:00:00 /usr/sbin/pppoe -p /var/run/-ads
So this tells me what options are being used with pppoe.
So I would change this to pppoe -p -D /var/log/myAdslLog.log ?
But I cannot find any where pppoe is being invoked, do you?
I checked /etc/init.d/adsl and others but it alludes me.
And what rule would I have to write to allow ppp keepalives?
Allow wan fw icmp ? That seems undesirable.
Thanks again,
Ryan
-----Original Message-----
From: Justin Grote [mailto:[EMAIL PROTECTED]
Sent: Monday, September 06, 2004 22:04
To: Home User
Cc: [EMAIL PROTECTED]
Subject: Re: [Security Firewall] Newbie setup questions
HU> kernel: Shorewall:fw2all:REJECT:IN= OUT=eth0 SRC=192.168.1.1
DST=192.168.1.200
HU> LEN=68 TOS=0x00 PREC=0xC0 TTL=255 ID=37196
HU> PROTO=ICMP TYPE=3 CODE=0
HU> [SRC=192.168.1.200 DST=212.85.147.168
HU> LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=42555 DF
HU> PROTO=TCP SPT=4259 DPT=80 WINDOW=63927 RES=0x00 ACK FIN URGP=0 ]
What you're seeing here is requests coming from 192.168.1.200 (SRC) and
going to 212.85.147.168 (DST) on port 80. These are most likely web
requests, and can probably be solved with a simple rule something to the
extent of:
ALLOW Source:LAN Destination:NET Port:80
substituting in whatever you named your local and outside zones.
HU> 2. Again from syslog, I see this message regularly as well:
HU> ez-ipupdate: ez-ipupdate shutdown failed
I believe this is a dynamic DNS program. Not sure why it would be failing
shutdown (not configured correctly?) but you shouldn't worry about it.
You can always do a chkconfig --del ez-ipupdate and never see it again.
HU> 3. Finally I have been having issues with my isp, I see this
HU> set of messages in syslog, way too often, are they telling me that
HU> MNF is disconnecting from the isp, the other way around, or is the
HU> connection being dropped due to network error?
Hard to tell, but it looks like the connection was terminated
unexpectedly. You can turn on more verbose PPP messages to get a clearer
message, but it's hard to tell from that information what might be your
problem. Maybe your firewall is blocking ppp keepalives? just a thought.
-Justin Grote
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.754 / Virus Database: 504 - Release Date: 9/6/2004
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
