I_ have no Idea. Based on the ifconfig file I think my interface
should be wan0 (see attached file ' H - Shorewall Not Working -- wan0)
From: Harry Lachanas <[email protected]>
To: [email protected], Shorewall Users
<[email protected]>
Subject: Re: [Shorewall-users] Wan0 Cannot Connect to Internet
Date: 05/01/2011 04:14:57 AM
On 05/01/2011 08:51 AM, Horace Franklin Jr wrote:
Tom,
>
> I am trying to install shorewall on my laptop. I am connecting to
> the INTERNET via a usb modem that is plugged in to a wireless router.
>
> See attached files.
>
> Horace
> I am puzzled ...
However I think that your net interface is
wlan0 ???
That Is
Interfaces file
#ZONE INTERFACE BROADCAST OPTIONS
net wlan0 detect dhcp,tcpflags
#------ End of file no more stuff in here ???
Could this be it ???
Cheers
From: Tom Eastep <[email protected]>
To: [email protected]
Subject: Re: [Shorewall-users] Cannot connect to the internet]
Date: 04/23/2011 07:32:25 AM
I don't know. The one thing we ask users to send us when they have
connection problems is the output of 'shorewall dump' collected as
described at http://www.shorewall.net/support.htm#Guidelines. That
output must be accompanied by a better problem description that 'I can't
connect to the internet'.
My point was, and still is, that unless you are running servers on the
Shorewall box, the macro-based rules that you are trying to add are
completely unnecessary in the first place.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
I have no Idea. That is why I provided a diagram of how my system is
connected.
Shorewall 4.4.6 Dump at horace-laptop - Sun May 1 09:04:23 PDT 2011
Counters reset Sun May 1 08:23:19 PDT 2011
Chain INPUT (policy DROP 147 packets, 12998 bytes)
pkts bytes target prot opt in out source destination
58202 70M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
1 60 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 ACCEPT udp -- wan0 * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT udp -- eth0 eth0 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 ACCEPT udp -- ppp0 ppp0 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 ACCEPT udp -- wan0 wan0 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
Chain OUTPUT (policy ACCEPT 36450 packets, 1935K bytes)
pkts bytes target prot opt in out source destination
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 72 packets, 25752 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 860 packets, 55153 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 860 packets, 55153 bytes)
pkts bytes target prot opt in out source destination
Mangle Table
Chain PREROUTING (policy ACCEPT 58410 packets, 70M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 58350 packets, 70M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 36450 packets, 1935K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 36554 packets, 1942K bytes)
pkts bytes target prot opt in out source destination
Raw Table
Chain PREROUTING (policy ACCEPT 58410 packets, 70M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 36450 packets, 1935K bytes)
pkts bytes target prot opt in out source destination
Conntrack Table (25 out of 65536)
udp 17 31 src=192.168.0.198 dst=192.168.0.1 sport=47488 dport=53 packets=2
bytes=132 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=47488 packets=2
bytes=286 [ASSURED] mark=0 secmark=0 use=2
udp 17 18 src=192.168.0.198 dst=192.168.0.1 sport=45622 dport=53 packets=2
bytes=132 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=45622 packets=2
bytes=270 [ASSURED] mark=0 secmark=0 use=2
udp 17 31 src=192.168.0.198 dst=192.168.0.1 sport=33700 dport=53 packets=2
bytes=122 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=33700 packets=2
bytes=352 [ASSURED] mark=0 secmark=0 use=2
udp 17 27 src=192.168.0.198 dst=192.168.0.1 sport=35124 dport=53 packets=2
bytes=126 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=35124 packets=2
bytes=276 [ASSURED] mark=0 secmark=0 use=2
tcp 6 104 TIME_WAIT src=192.168.0.198 dst=204.154.94.81 sport=35324
dport=443 packets=25 bytes=2970 src=204.154.94.81 dst=192.168.0.198 sport=443
dport=35324 packets=23 bytes=13277 [ASSURED] mark=0 secmark=0 use=2
tcp 6 14 TIME_WAIT src=192.168.0.198 dst=64.147.162.160 sport=40524
dport=80 packets=17 bytes=1319 src=64.147.162.160 dst=192.168.0.198 sport=80
dport=40524 packets=16 bytes=13855 [ASSURED] mark=0 secmark=0 use=2
tcp 6 59 TIME_WAIT src=192.168.0.198 dst=98.129.160.155 sport=48008
dport=443 packets=12 bytes=2433 src=98.129.160.155 dst=192.168.0.198 sport=443
dport=48008 packets=12 bytes=5654 [ASSURED] mark=0 secmark=0 use=2
udp 17 18 src=192.168.0.198 dst=192.168.0.1 sport=53480 dport=53 packets=2
bytes=122 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=53480 packets=2
bytes=336 [ASSURED] mark=0 secmark=0 use=2
udp 17 27 src=192.168.0.198 dst=192.168.0.1 sport=55743 dport=53 packets=2
bytes=140 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=55743 packets=2
bytes=290 [ASSURED] mark=0 secmark=0 use=2
udp 17 31 src=192.168.0.198 dst=192.168.0.1 sport=33605 dport=53 packets=2
bytes=124 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=33605 packets=2
bytes=686 [ASSURED] mark=0 secmark=0 use=2
udp 17 27 src=192.168.0.198 dst=192.168.0.1 sport=47015 dport=53 packets=2
bytes=124 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=47015 packets=2
bytes=274 [ASSURED] mark=0 secmark=0 use=2
tcp 6 299 ESTABLISHED src=192.168.0.198 dst=91.189.88.46 sport=52280
dport=80 packets=10226 bytes=411004 src=91.189.88.46 dst=192.168.0.198 sport=80
dport=52280 packets=17462 bytes=21773884 [ASSURED] mark=0 secmark=0 use=2
tcp 6 14 TIME_WAIT src=192.168.0.198 dst=74.125.155.101 sport=58080
dport=80 packets=10 bytes=2504 src=74.125.155.101 dst=192.168.0.198 sport=80
dport=58080 packets=7 bytes=1448 [ASSURED] mark=0 secmark=0 use=2
udp 17 27 src=192.168.0.198 dst=192.168.0.1 sport=49026 dport=53 packets=2
bytes=130 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=49026 packets=2
bytes=280 [ASSURED] mark=0 secmark=0 use=2
udp 17 0 src=192.168.0.198 dst=192.168.0.1 sport=48210 dport=53 packets=1
bytes=59 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=48210 packets=1
bytes=142 mark=0 secmark=0 use=2
tcp 6 15 TIME_WAIT src=192.168.0.198 dst=199.239.136.200 sport=45511
dport=80 packets=34 bytes=1953 src=199.239.136.200 dst=192.168.0.198 sport=80
dport=45511 packets=34 bytes=34174 [ASSURED] mark=0 secmark=0 use=2
udp 17 27 src=192.168.0.198 dst=192.168.0.1 sport=46867 dport=53 packets=2
bytes=132 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=46867 packets=2
bytes=282 [ASSURED] mark=0 secmark=0 use=2
udp 17 18 src=192.168.0.198 dst=192.168.0.1 sport=43689 dport=53 packets=2
bytes=124 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=43689 packets=2
bytes=574 [ASSURED] mark=0 secmark=0 use=2
tcp 6 15 TIME_WAIT src=192.168.0.198 dst=209.191.122.70 sport=53644
dport=80 packets=40 bytes=3611 src=209.191.122.70 dst=192.168.0.198 sport=80
dport=53644 packets=47 bytes=52124 [ASSURED] mark=0 secmark=0 use=2
udp 17 31 src=192.168.0.198 dst=192.168.0.1 sport=38478 dport=53 packets=2
bytes=116 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=38478 packets=2
bytes=480 [ASSURED] mark=0 secmark=0 use=2
tcp 6 431976 ESTABLISHED src=192.168.0.198 dst=83.150.67.33 sport=60373
dport=80 packets=6 bytes=928 src=83.150.67.33 dst=192.168.0.198 sport=80
dport=60373 packets=3 bytes=807 [ASSURED] mark=0 secmark=0 use=2
udp 17 30 src=192.168.0.198 dst=192.168.0.1 sport=56015 dport=53 packets=2
bytes=118 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=56015 packets=2
bytes=350 [ASSURED] mark=0 secmark=0 use=2
udp 17 18 src=192.168.0.198 dst=192.168.0.1 sport=56721 dport=53 packets=2
bytes=116 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=56721 packets=2
bytes=400 [ASSURED] mark=0 secmark=0 use=2
udp 17 30 src=192.168.0.198 dst=192.168.0.1 sport=35494 dport=53 packets=2
bytes=150 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=35494 packets=2
bytes=668 [ASSURED] mark=0 secmark=0 use=2
udp 17 17 src=192.168.0.198 dst=192.168.0.1 sport=34734 dport=53 packets=2
bytes=118 src=192.168.0.1 dst=192.168.0.198 sport=53 dport=34734 packets=2
bytes=382 [ASSURED] mark=0 secmark=0 use=2
IP Configuration
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
inet 127.0.0.1/8 scope host lo
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 192.168.0.198/24 brd 192.168.0.255 scope global wlan0
IP Stats
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
10390 142 0 0 0 0
TX: bytes packets errors dropped carrier collsns
10390 142 0 0 0 0
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen
1000
link/ether 00:1d:72:e1:af:c9 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:21:5d:3a:35:ce brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
70617063 58328 0 0 0 0
TX: bytes packets errors dropped carrier collsns
3176484 36478 0 0 0 0
4: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
/proc
/proc/version = Linux version 2.6.32-30-generic (buildd@vernadsky) (gcc
version 4.4.3 (Ubuntu 4.4.3-4ubuntu5) ) #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC
2011
/proc/sys/net/ipv4/ip_forward = 0
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 0
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 0
/proc/sys/net/ipv4/conf/default/log_martians = 1
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 1
/proc/sys/net/ipv4/conf/vboxnet0/proxy_arp = 0
/proc/sys/net/ipv4/conf/vboxnet0/arp_filter = 0
/proc/sys/net/ipv4/conf/vboxnet0/arp_ignore = 0
/proc/sys/net/ipv4/conf/vboxnet0/rp_filter = 0
/proc/sys/net/ipv4/conf/vboxnet0/log_martians = 1
/proc/sys/net/ipv4/conf/wlan0/proxy_arp = 0
/proc/sys/net/ipv4/conf/wlan0/arp_filter = 0
/proc/sys/net/ipv4/conf/wlan0/arp_ignore = 0
/proc/sys/net/ipv4/conf/wlan0/rp_filter = 0
/proc/sys/net/ipv4/conf/wlan0/log_martians = 1
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 192.168.0.255 dev wlan0 proto kernel scope link src 192.168.0.198
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 192.168.0.0 dev wlan0 proto kernel scope link src 192.168.0.198
local 192.168.0.198 dev wlan0 proto kernel scope host src 192.168.0.198
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.198 metric 2
169.254.0.0/16 dev wlan0 scope link metric 1000
default via 192.168.0.1 dev wlan0 proto static
ARP
? (192.168.0.1) at 00:30:44:09:a1:49 [ether] on wlan0
Modules
iptable_filter 2271 1
iptable_mangle 2771 0
iptable_nat 4414 0
iptable_raw 1774 0
ip_tables 9991 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
ipt_addrtype 1631 0
ipt_ah 893 0
ipt_CLUSTERIP 5061 0
ipt_ecn 1121 0
ipt_ECN 1537 0
ipt_LOG 4542 0
ipt_MASQUERADE 1407 0
ipt_NETMAP 909 0
ipt_REDIRECT 917 0
ipt_REJECT 1928 0
ipt_ULOG 5406 0
nf_conntrack 61615 32
xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_h323,nf_nat_amanda,nf_conntrack_amanda,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_h323,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,iptable_nat,nf_conntrack_ipv6,xt_state,nf_nat_irc,nf_conntrack_irc,nf_nat_ftp,nf_nat,nf_conntrack_ipv4,nf_conntrack_ftp
nf_conntrack_amanda 2217 1 nf_nat_amanda
nf_conntrack_ftp 5381 1 nf_nat_ftp
nf_conntrack_h323 46926 1 nf_nat_h323
nf_conntrack_ipv4 10672 5 iptable_nat,nf_nat
nf_conntrack_ipv6 10447 9
nf_conntrack_irc 3332 1 nf_nat_irc
nf_conntrack_netbios_ns 1254 0
nf_conntrack_netlink 14323 0
nf_conntrack_pptp 4413 1 nf_nat_pptp
nf_conntrack_proto_gre 4021 1 nf_conntrack_pptp
nf_conntrack_proto_sctp 6424 0
nf_conntrack_sane 3079 0
nf_conntrack_sip 15389 1 nf_nat_sip
nf_conntrack_tftp 2893 1 nf_nat_tftp
nf_defrag_ipv4 1073 1 nf_conntrack_ipv4
nf_nat 15735 12
ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_proto_gre,nf_nat_h323,nf_nat_amanda,iptable_nat,nf_nat_irc,nf_nat_ftp
nf_nat_amanda 878 0
nf_nat_ftp 1836 0
nf_nat_h323 5077 0
nf_nat_irc 1124 0
nf_nat_pptp 1920 0
nf_nat_proto_gre 1259 1 nf_nat_pptp
nf_nat_sip 5108 0
nf_nat_snmp_basic 7716 0
nf_nat_tftp 716 0
xt_CLASSIFY 723 0
xt_comment 720 0
xt_connlimit 2884 0
xt_CONNMARK 1145 0
xt_connmark 985 0
xt_conntrack 2302 0
xt_dccp 1797 0
xt_dscp 1301 0
xt_DSCP 1677 0
xt_hashlimit 8204 0
xt_helper 1071 0
xt_hl 1113 4
xt_iprange 1357 0
xt_length 936 0
xt_limit 1382 8
xt_mac 772 0
xt_mark 711 0
xt_MARK 743 0
xt_multiport 2378 0
xt_NFLOG 841 0
xt_NFQUEUE 1832 0
xt_owner 906 0
xt_physdev 1507 0
xt_pkttype 848 0
xt_policy 2158 0
xt_realm 714 0
xt_recent 7037 0
xt_state 1098 11
xt_tcpmss 1197 0
xt_tcpudp 2011 50
xt_time 1805 0
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Extended Connection Tracking Match Support: Available
Old Connection Tracking Match Syntax: Not available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Physdev-is-bridged Support: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Extended MARK Target 2: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
Old Hashlimit Match: Not available
NFQUEUE Target: Available
Realm Match: Available
Helper Match: Available
Connlimit Match: Available
Time Match: Available
Goto Support: Available
LOGMARK Target: Not available
IPMARK Target: Not available
LOG Target: Available
Persistent SNAT: Available
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
1960/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
1882/master
tcp 0 0 0.0.0.0:666 0.0.0.0:* LISTEN
1738/darkstat
tcp 0 0 192.168.0.198:52280 91.189.88.46:80 ESTABLISHED
3560/http
tcp 0 0 192.168.0.198:35324 204.154.94.81:443 TIME_WAIT
-
tcp 0 0 192.168.0.198:60373 83.150.67.33:80 ESTABLISHED
2684/firefox-bin
tcp6 0 0 ::1:631 :::* LISTEN
1960/cupsd
udp 0 0 0.0.0.0:68 0.0.0.0:*
2499/dhclient
udp 0 0 0.0.0.0:5353 0.0.0.0:*
1058/avahi-daemon:
udp 0 0 0.0.0.0:35330 0.0.0.0:*
1058/avahi-daemon:
Traffic Control
Device eth0:
qdisc mq 0: root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
class mq :1 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :2 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :5 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
Device wlan0:
qdisc mq 0: root
Sent 2447140 bytes 36482 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
class mq :1 root
Sent 5466 bytes 23 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :2 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :3 root
Sent 2441674 bytes 36459 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
class mq :4 root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
TC Filters
Device eth0:
Device wlan0:
My OS is Linux Mint 9 'Isadora'
My installed firewall is Shorewall 4.4.6-1
My system is connected as follows:
*********************************************
**** MY SYSTEM WIRELESS ROUTER ****
*********************************************
------------------------- ---------------------
| | |
| | |
--------------------------
LAPTOP | | WIRELESS ROUTER | |
|
| | |------ USB Modem
|
| | |------ (Broadband)
|
------------------------- --------------------- |
|
|
--------------------------
| |
|-----------------------------------------------------------
(WIRELESS CONNECTION)
$ IFCONFIG
eth0 Link encap:Ethernet HWaddr 00:1d:72:e1:af:c9
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:16
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:734 errors:0 dropped:0 overruns:0 frame:0
TX packets:734 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:56450 (56.4 KB) TX bytes:56450 (56.4 KB)
wlan0 Link encap:Ethernet HWaddr 00:21:5d:3a:35:ce
inet addr:192.168.0.198 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::221:5dff:fe3a:35ce/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:51683 errors:0 dropped:0 overruns:0 frame:0
TX packets:31403 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:73720192 (73.7 MB) TX bytes:2636092 (2.6 MB)
$ IP ROUTE SHOW
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.198
metric 2
169.254.0.0/16 dev wlan0 scope link metric 1000
default via 192.168.0.1 dev wlan0 proto static
horace@horace-laptop ~ $ sudo shorewall start
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
Compiling ...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain
Reject...
Compiling ...
Processing /usr/share/shorewall/action.Drop for chain Drop...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting Shorewall....
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Disabled!
done.
horace@horace-laptop ~ $
MY SHOREWALL SETTINGS
/etc/default/shorewall
startup = 1
/etc/shorewall/shorewall.conf
STARTUP_ENABLED=Yes
/etc/shorewall/zones
#ZONE TYPE OPTIONS IN
OUT
# OPTIONS
OPTIONS
fw firewall
net ipv4
/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 detect
dhcp,tcpflags,logmartians,nosmurfs
net ppp0 detect dhcp,tcpflags
net wan0 detect dhcp,tcpflags
/etc/shorewall/policy
#SOURCE DEST POLICY -LOG
BURST :LIMIT CONNLIMIT:MASK:
$FW net ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
/etc/shorewall/rules
#ACTION SOURCE DEST PROTO DEST
SOURCE ORIGINAL RATE USER/ MARK
# PORT
PORT(S) DEST LIMIT GROUP
# Drop Ping from the "bad" net zone.. and prevent your log from
being flooded..
Ping(DROP) net $FW
# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net icmp
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
