[Shorewall-users] Shorewall newbie Question

Michel van der List michel@vanderlist.com
Fri, 25 Jan 2002 16:55:10 -0500


I recently downloaded shorewall and tried to get it set up. Used the
provided example two-interface model. Started with simply trying to
stop all incoming traffic. I noticed that not everything I expected to
be logged got logged, so I made some minor modifications, mostly around
adding ':info' to log more data, which did not seem to work. I went back 
to the standard two-interface config. No forwarding.

I'm running RH7.2,updated with kernel-2.4.9-21, iptables-1.2.4-2. I use
roaring penguin rp-pppoe-3.3-1 to connect to the internet, I use ppp0
as my defined internet interface.

It seems nothing much is getting logged at this point, although I'm sure
a lot should be logged (which was the case when I ran rcf...). I noticed
that when I connect from the outside on port 8080 it gets logged as a
DROP (as expected), but when I try to connect on port 80, although it
appears to be dropped, nothing gets logged. I went to grc.com and had
it probe, which seemed to indicate the expected response. It did manage
to generate a lot of DROP messages, but not from port 80.

Looked through the status display and I noticed nothing that would
indicate that port 80 is in any way special. I'm somewhat baffled, I'm
obviously missing something. I've also tried port forwarding, which does
not seem to work either (I used to have this working with rcf when I was
still running a 2.2 kernel).

Any pointers?

Michel