[Shorewall-newbies] Can I add more than one ref to 1 interface?

Ow Mun Heng ow.mun.heng at wdc.com
Fri Dec 5 11:33:34 PST 2003



> -----Original Message-----
> From: Francesca C Smith [mailto:fsmith at ladylinux.com]
> Sent: Friday, December 05, 2003 10:57 AM
> To: Ow Mun Heng
> Cc: shorewall-newbies at lists.shorewall.net
> Subject: Re: [Shorewall-newbies] Can I add more than one ref to 1
> interface?
> 
> 
> Hello,
> 
> I am gonna take these one at a time
> 
> 
> At 09:36 PM 12/4/2003, you wrote:
> >dsl     ppp0    -       blacklist       (blacklist ad sites like
> >ad.doubleclick.net, got better way?)
> 
> 
> Yes .. www.privoxy.org .. Using the Blacklist would have tremendous 
> overhead ..

Thanks for the link.. will look it up

> Never tried to use IPTABLES with dialup .. Someone Else gonna 
> have to take 
> this one ..
Thanks Anyway

> Sounds like you need a script or a extension to switch environments ..
> 
> http://www.shorewall.net/configuration_file_basics.htm#Configs
> 
> Will give you a way to switch back and forth configs ..

Hmmm.. I thought I combed through the docs already. Guess I missed something

> 
> >Pinging to the net gets no response _at_all_. It's either 'sendto not
> >permitted' even when run as root or responses are being 
> dropped by the fw.
> >(shorewall logs)
> 
> 
> You are trying to ping from to where ..
> 
> If its loc ..
> 
> you need a rule like so
> 
> ACCEPT  loc     net     icmp    8

My Rules
accept	loc	fw	icmp	8
accept	fw	loc	icmp	8

accept	net	fw	icmp	8
accept	fw	net	icmp	8

accept	fw	dsl	icmp	8
accept	dsl	fw	icmp	8

So... I don't have a loc->net but like last night, I did a ping from the fw
(my laptop) to the dsl (internet).. I can see the ping go out but it gets
dropped as it comes back in.

I already have the rule about accept dsl->fw... ???


> 
> Hope This helps ..
> 
> And Welcome To The List!!


Any help is better than none... and thanks for welcoming me.. (I didn't know
that masq was simple as shorewall)

Though it's quite a read.

Good on your Mr. Tom Eastep


More information about the Shorewall-newbies mailing list