[Shorewall-users] Shorewall newbie Question

Michel van der List michel@vanderlist.com
Sat, 26 Jan 2002 10:13:22 -0500


Tom Eastep wrote:

>>I recently downloaded shorewall and tried to get it set up. Used the
>>provided example two-interface model. Started with simply trying to
>>stop all incoming traffic. I noticed that not everything I expected to
>>be logged got logged, so I made some minor modifications, mostly around
>>adding ':info' to log more data, which did not seem to work. I went back
>>to the standard two-interface config.
>>
> 
> By default, Shorewall rate-limits logging and furthermore it drops some
> common sources of newbie questions about "What is this attack?"
> (broadcasts, SMB chatter, etc.). You can turn off rate limiting by setting:
> 
> LOGRATE=
> LOGBURST=
> 
> in /etc/shorewall/shorewall.conf


Did that, with little success. I'm going to redo my work this morning.
I did notice the few specific things that are blocked, which is why
I thought I must be doing something obviously wrong.


> 
> No forwarding

> 
> Did forwarding work before you tried to improve logging?


Nope.


> 
> 
>>I'm running RH7.2,updated with kernel-2.4.9-21, iptables-1.2.4-2. I use
>>roaring penguin rp-pppoe-3.3-1 to connect to the internet, I use ppp0
>>as my defined internet interface.
>>
> 
> Are you using the new CLAMPMSS setting in /etc/shorewall.conf? You should
> be.


rp-ppoe already does that, unless I turned it off by mistake. I'll
check.

Thanks for your time!


> 
> 
>>It seems nothing much is getting logged at this point, although I'm sure
>>a lot should be logged (which was the case when I ran rcf...). I noticed
>>that when I connect from the outside on port 8080 it gets logged as a
>>DROP (as expected), but when I try to connect on port 80, although it
>>appears to be dropped, nothing gets logged. I went to grc.com and had
>>it probe, which seemed to indicate the expected response. It did manage
>>to generate a lot of DROP messages, but not from port 80.
>>
> 
> See above.
> 
> -Tom
> 
> PS -- excuse the whimpy email client but I'm installing XP as a second OS on
> my main desktop system today.


I'm using the stok NS 6.2 mail client. You won't hear a peep from me!