| View previous topic :: View next topic |
| Author |
Message |
rah03
n00b
Joined: 26 Feb 2005
Posts: 19
|
 Posted: Thu Jul 05, 2007 7:50 pm Post subject: [SOLVED] Shorewall and Java applets |
 |
|
Hi,
I've been using shorewall on my router box for a while now so I'm quite familiar with it.
I just set it up on my desktop too and have configured it to let all traffic out and to block all ports coming in apart from those I specify in the rules. My policy and rules files are given below.
/etc/shorewall/policy
| Code: |
#
loc net ACCEPT
fw net ACCEPT
net all DROP info
#
# THE FOLLOWING POLICY MUST BE LAST
#
all all REJECT info
|
/etc/shorewall/rules
| Code: |
#
# SSH:
ACCEPT net fw tcp 22
ACCEPT net fw udp 22
# BitTorrent:
ACCEPT net fw tcp 6881
ACCEPT net fw tcp 14688
AllowPing net fw
|
All seems to work as expected except for Java applets. With shorewall off (and iptables cleared), applets work fine. If I start shorewall (no other changes to iptables) then they take forever to start (Java applets that is), but they do eventually seem to start (like 5 minutes later in some cases). firefox freezes to user input while they are starting. This is the case for every Java applet I have tried. As I said, I'm not blocking outgoing connections at all so I can't see why this happening. Furthermore, shorewall is _not_ logging anything so it would appear it isn't intercepting anything, but it clearly is since everything is fine when I disable it.
Am stumped... anyone got any ideas?
Thanks,
Richard Hayden.
Last edited by rah03 on Sat Jul 07, 2007 6:46 pm; edited 1 time in total |
|
| Back to top |
|
 |
thewtex
Tux's lil' helper
Joined: 22 Jun 2007
Posts: 93
|
| Posted: Thu Jul 05, 2007 7:59 pm Post subject: |
|
|
maybe looking at
| Code: | | watch 'netstat --inet -p' |
while trying to open an applet will provide some clues |
|
| Back to top |
|
|
rah03
n00b
Joined: 26 Feb 2005
Posts: 19
|
| Posted: Thu Jul 05, 2007 8:11 pm Post subject: |
|
|
Hi,
Trying the applet at http://www.javatester.org/version.html yields just the following connections emanating from firefox (nothing from java or java_vm):
| Code: |
tcp 0 0 richardh:45997 linhost140.prod.me:http ESTABLISHED 17961/firefox-bin
tcp 0 0 richardh:45998 linhost140.prod.me:http ESTABLISHED 17961/firefox-bin
|
Cheers,
Richard. |
|
| Back to top |
|
|
thewtex
Tux's lil' helper
Joined: 22 Jun 2007
Posts: 93
|
| Posted: Fri Jul 06, 2007 8:27 pm Post subject: |
|
|
I tested the java link you posted on my desktop with shorewall and it worked.
I don't have a loc zone configured on my box, and I am blocking outgoing traffic. |
|
| Back to top |
|
|
rah03
n00b
Joined: 26 Feb 2005
Posts: 19
|
| Posted: Sat Jul 07, 2007 6:46 pm Post subject: |
|
|
OK, sorted this by starting from scratch with a new set of configuration files - I was basing what I was doing on old ones from before I properly understood shorewall. I must've been doing something silly.
Cheers! |
|
| Back to top |
|
|
|
Networking & Security
