[Shorewall-newbies] Can I add more than one ref to 1 interface?
Ow Mun Heng
ow.mun.heng at wdc.com
Fri Dec 5 11:33:34 PST 2003
> -----Original Message-----
> From: Francesca C Smith [mailto:fsmith at ladylinux.com]
> Sent: Friday, December 05, 2003 10:57 AM
> To: Ow Mun Heng
> Cc: shorewall-newbies at lists.shorewall.net
> Subject: Re: [Shorewall-newbies] Can I add more than one ref to 1
> I am gonna take these one at a time
> At 09:36 PM 12/4/2003, you wrote:
> >dsl ppp0 - blacklist (blacklist ad sites like
> >ad.doubleclick.net, got better way?)
> Yes .. www.privoxy.org .. Using the Blacklist would have tremendous
> overhead ..
Thanks for the link.. will look it up
> Never tried to use IPTABLES with dialup .. Someone Else gonna
> have to take
> this one ..
> Sounds like you need a script or a extension to switch environments ..
> Will give you a way to switch back and forth configs ..
Hmmm.. I thought I combed through the docs already. Guess I missed something
> >Pinging to the net gets no response _at_all_. It's either 'sendto not
> >permitted' even when run as root or responses are being
> dropped by the fw.
> >(shorewall logs)
> You are trying to ping from to where ..
> If its loc ..
> you need a rule like so
> ACCEPT loc net icmp 8
accept loc fw icmp 8
accept fw loc icmp 8
accept net fw icmp 8
accept fw net icmp 8
accept fw dsl icmp 8
accept dsl fw icmp 8
So... I don't have a loc->net but like last night, I did a ping from the fw
(my laptop) to the dsl (internet).. I can see the ping go out but it gets
dropped as it comes back in.
I already have the rule about accept dsl->fw... ???
> Hope This helps ..
> And Welcome To The List!!
Any help is better than none... and thanks for welcoming me.. (I didn't know
that masq was simple as shorewall)
Though it's quite a read.
Good on your Mr. Tom Eastep
More information about the Shorewall-newbies