[Shorewall-users] Shorewall newbie Question
Fri, 25 Jan 2002 15:09:42 -0800
> I recently downloaded shorewall and tried to get it set up. Used the
> provided example two-interface model. Started with simply trying to
> stop all incoming traffic. I noticed that not everything I expected to
> be logged got logged, so I made some minor modifications, mostly around
> adding ':info' to log more data, which did not seem to work. I went back
> to the standard two-interface config.
By default, Shorewall rate-limits logging and furthermore it drops some
common sources of newbie questions about "What is this attack?"
(broadcasts, SMB chatter, etc.). You can turn off rate limiting by setting:
Did forwarding work before you tried to improve logging?
> I'm running RH7.2,updated with kernel-2.4.9-21, iptables-1.2.4-2. I use
> roaring penguin rp-pppoe-3.3-1 to connect to the internet, I use ppp0
> as my defined internet interface.
Are you using the new CLAMPMSS setting in /etc/shorewall.conf? You should
> It seems nothing much is getting logged at this point, although I'm sure
> a lot should be logged (which was the case when I ran rcf...). I noticed
> that when I connect from the outside on port 8080 it gets logged as a
> DROP (as expected), but when I try to connect on port 80, although it
> appears to be dropped, nothing gets logged. I went to grc.com and had
> it probe, which seemed to indicate the expected response. It did manage
> to generate a lot of DROP messages, but not from port 80.
PS -- excuse the whimpy email client but I'm installing XP as a second OS on
my main desktop system today.
> Shorewall-users mailing list