[Shorewall-users] Shorewall newbie Question

Michel van der List michel@vanderlist.com
Sat, 26 Jan 2002 10:13:22 -0500

Tom Eastep wrote:

>>I recently downloaded shorewall and tried to get it set up. Used the
>>provided example two-interface model. Started with simply trying to
>>stop all incoming traffic. I noticed that not everything I expected to
>>be logged got logged, so I made some minor modifications, mostly around
>>adding ':info' to log more data, which did not seem to work. I went back
>>to the standard two-interface config.
> By default, Shorewall rate-limits logging and furthermore it drops some
> common sources of newbie questions about "What is this attack?"
> (broadcasts, SMB chatter, etc.). You can turn off rate limiting by setting:
> in /etc/shorewall/shorewall.conf

Did that, with little success. I'm going to redo my work this morning.
I did notice the few specific things that are blocked, which is why
I thought I must be doing something obviously wrong.

> No forwarding

> Did forwarding work before you tried to improve logging?


>>I'm running RH7.2,updated with kernel-2.4.9-21, iptables-1.2.4-2. I use
>>roaring penguin rp-pppoe-3.3-1 to connect to the internet, I use ppp0
>>as my defined internet interface.
> Are you using the new CLAMPMSS setting in /etc/shorewall.conf? You should
> be.

rp-ppoe already does that, unless I turned it off by mistake. I'll

>>It seems nothing much is getting logged at this point, although I'm sure
>>a lot should be logged (which was the case when I ran rcf...). I noticed
>>that when I connect from the outside on port 8080 it gets logged as a
>>DROP (as expected), but when I try to connect on port 80, although it
>>appears to be dropped, nothing gets logged. I went to grc.com and had
>>it probe, which seemed to indicate the expected response. It did manage
>>to generate a lot of DROP messages, but not from port 80.
> See above.
> -Tom
