[Shorewall-users] Shorewall newbie Question

Tom Eastep teastep@shorewall.net
Fri, 25 Jan 2002 15:09:42 -0800


> I recently downloaded shorewall and tried to get it set up. Used the
> provided example two-interface model. Started with simply trying to
> stop all incoming traffic. I noticed that not everything I expected to
> be logged got logged, so I made some minor modifications, mostly around
> adding ':info' to log more data, which did not seem to work. I went back
> to the standard two-interface config.

By default, Shorewall rate-limits logging and furthermore it drops some
common sources of newbie questions about "What is this attack?"
(broadcasts, SMB chatter, etc.). You can turn off rate limiting by setting:

LOGRATE=
LOGBURST=

in /etc/shorewall/shorewall.conf

No forwarding.
>

Did forwarding work before you tried to improve logging?

>
> I'm running RH7.2,updated with kernel-2.4.9-21, iptables-1.2.4-2. I use
> roaring penguin rp-pppoe-3.3-1 to connect to the internet, I use ppp0
> as my defined internet interface.

Are you using the new CLAMPMSS setting in /etc/shorewall.conf? You should
be.

>
> It seems nothing much is getting logged at this point, although I'm sure
> a lot should be logged (which was the case when I ran rcf...). I noticed
> that when I connect from the outside on port 8080 it gets logged as a
> DROP (as expected), but when I try to connect on port 80, although it
> appears to be dropped, nothing gets logged. I went to grc.com and had
> it probe, which seemed to indicate the expected response. It did manage
> to generate a lot of DROP messages, but not from port 80.

See above.

-Tom

PS -- excuse the whimpy email client but I'm installing XP as a second OS on
my main desktop system today.
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users