Hi, i have a problem concerning my previous shorewall installation.
I tried to use shorewall to configure my firewall, but i couldn't get NAT to work. So i decided to remove shorewall and tried it with plain iptables. This is now working for me but everytime when i start my network connection it seems that my handmade iptable rules are overwritten. I have to manually run my iptables-script, do "iptables save" and "iptables restart" to get it back working. I have compared INPUT FORWARD and OUTPUT chains which are changed with my previous shorewall configuration and they are the same, so i think there are some things from shorewall remaining on my system which are restored when i start my internet conection. I have searched my system completely to find any remaining parts of shorewall but i couldn't find anything which could cause this problem. I am using Gentoo Linux and i tried to solve this problem already with help of the gentoo mailing list. You can find the relevant thread here http://thread.gmane.org/gmane.linux.gentoo.user/177640 and here http://thread.gmane.org/gmane.linux.gentoo.user/177639 This thread shows my initial problem with shorewall and my actual problem. I loked in your Shorewall Support Guide but my problem doesn't fit in scheme, so i give the information i have, but when you need anything further feel free to ask for it! The shorewall version which caused this trouble was 3.0.8. Below you see my current iptable-rules: Chain INPUT (policy ACCEPT) target prot opt source destination block all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED block all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain block (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW DROP all -- anywhere anywhere This are the rules i have after i started my internet connection: Chain INPUT (policy ACCEPT) target prot opt source destination LOG udp -- anywhere anywhere udp dpts:0:1023 LOG level warning LOG tcp -- anywhere anywhere tcp dpts:0:1023 LOG level warning DROP udp -- anywhere anywhere udp dpts:0:1023 DROP tcp -- anywhere anywhere tcp dpts:0:1023 LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN DROP icmp -- anywhere anywhere icmp echo-request Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain block (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state NEW DROP all -- anywhere anywhere Any assistance would be appreciated! Thank you in advance, Daniel Pielmeier ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
