| View previous topic :: View next topic |
| Author |
Message |
shanghai
Guru
Joined: 08 Feb 2004
Posts: 493
Location: Roma, Italia, GeekLand
|
 Posted: Tue Mar 23, 2004 5:01 pm Post subject: [solved]Shorewall useless... |
 |
|
Hi!
I'm having a problem with shorewall. I emerged it and i tried it but even if i close every port i can access to every service without problems!
So, my firewall is definitely NOT working! Does anyone know what i'm talking about? Help!
This is my policy file:
| Code: | root@tux shanghai # tail /etc/shorewall/policy
###############################################################################
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
fw net REJECT
net fw DROP info
#
# THE FOLLOWING POLICY MUST BE LAST
#
all all REJECT info
#LAST LINE -- DO NOT REMOVE
|
so NO traffic should be allowed now. This is the output when i launch shorewall
| Code: | root@tux shorewall # shorewall start
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Starting Shorewall...
Loading Modules...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Not available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Available
Determining Zones...
Zones: net
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: eth0:0.0.0.0/0
Processing /etc/shorewall/init ...
Deleting user chains...
Setting up Accounting...
Setting up User Sets...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Adding Common Rules
Adding rules for DHCP
Enabling RFC1918 Filtering
iptables: No chain/target/match by that name
Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
Terminated
|
and when i stop (which should also block everything...)
| Code: | root@tux shorewall # shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
done.
|
Please help, i'm going crazy!
_________________
Il sonno della ragione genera mostri.
Last edited by shanghai on Tue Mar 23, 2004 8:26 pm; edited 1 time in total |
|
| Back to top |
|
 |
mirko_3
l33t
Joined: 02 Nov 2003
Posts: 605
Location: Birreria
|
| Posted: Tue Mar 23, 2004 6:30 pm Post subject: |
|
|
Well, how are you trying to access the services? From another computer is how you should test; if you try from your own, the traffice isn't coming in from 'net', so it's not blocked by shorewall...
_________________
Non fa male! Non fa male! |
|
| Back to top |
|
|
ikaro
Advocate
Joined: 14 Jul 2003
Posts: 2527
Location: Denmark
|
| Posted: Tue Mar 23, 2004 6:33 pm Post subject: |
|
|
| Code: |
###############################################################################
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
fw net ACCEPT
net all DROP ULOG
#
# THE FOLLOWING POLICY MUST BE LAST
all all DROP ULOG
#LAST LINE -- DO NOT REMOVE
|
This is what I use, and it works pretty well.
I dont use ipforwarding or anything fancy, its just a single machine behind a router(hardware)
_________________
linux: #232767 |
|
| Back to top |
|
|
shanghai
Guru
Joined: 08 Feb 2004
Posts: 493
Location: Roma, Italia, GeekLand
|
| Posted: Tue Mar 23, 2004 8:26 pm Post subject: |
|
|
| Quote: | | if you try from your own, the traffice isn't coming in from 'net', so it's not blocked by shorewall... |
Heh, infact i was using a rule to block all the traffic (also the traffic coming from inside). 
Anyways i solved. The problem was in the kernel net configuration, now it seems to be ok.
Thank you
_________________
Il sonno della ragione genera mostri. |
|
| Back to top |
|
|
tarcin
n00b
Joined: 20 Mar 2004
Posts: 10
Location: Turkey-Istanbul
|
| Posted: Tue Mar 23, 2004 9:46 pm Post subject: |
|
|
At the code it writes that it is stopping shorewall because of not known network.
I tried to use it when i was using mandrake but know i prefer to use firestarter, try. |
|
| Back to top |
|
|
GamesBond
n00b
Joined: 15 Mar 2004
Posts: 66
Location: Amsterdam
|
| Posted: Tue Apr 06, 2004 2:16 pm Post subject: |
|
|
Anyways i solved. The problem was in the kernel net configuration, now it seems to be ok.
Thank you [/quote]
Could you please share with the rest of us what part in the kernel config was wrong? I used genkernel and saw a comment elsewhere in the forum that it is a complete waste of space. I think I have to agree on that, genkernel does suck
I compiled in support for iptables which was missing completely still I get the same error you described. |
|
| Back to top |
|
|
|
Networking & Security
