Noel Sant
2003-Mar-02 15:40 UTC
[Shorewall-users] Why is the Internet talking to me at all?
I''m afraid I''m missing something crucial about Shorewall. I have a Linux server running Red Hat 8.0 and a tiny home network with a couple of Windows 98SE PCs. I''ve installed the Shorewall rpm (after being told how to get round the RH8.0 rpm bug), and it isn''t working as I expect. "net" is defined in the "zones" file, and in "interfaces" as being what talks to my eth0 NIC (via a cable modem). The only time it is mentioned as a "source", as far as I can see, is in "policy" where the rule is DROP, and in "rules" where ICMP on port 8 is ACCEPTed. So I should never be able to get anything in from the internet, should I?. Yet I can browse the internet and ftp from the Linux and Windows boxes with no problem. I''m using "squish" as a proxy server, so is this somehow bypassing the Shorewall rules? Even for my Linux box? And I get mail to the Linux box using Mozilla, though not to the Windows PCs, but I suspect that must be something to do with sendmail and/or DNS. Also, when I tried to use "chrony" to put my clock right by a time server in London, it failed and at exactly that time on the "messages" log an incoming message on port 443 (if that''s what DPT=443 means) was DROPped. Could be a coincidence, though, but at least some treaffic is being stopped.. So my question is: if there''s no rule to allow incoming traffic, why do I get any at all? I''ve looked at the FAQs and everyone there seems to know exactly what they''re talking about, but want to do something really complicated. Please help a poor beginner!
John Andersen
2003-Mar-02 16:09 UTC
[Shorewall-users] Why is the Internet talking to me at all?
On Sunday 02 March 2003 02:53 pm, Noel Sant wrote:> So my question is: if there''s no rule to allow incoming traffic, why do > I get any at all? I''ve looked at the FAQsNo you havent.... You didn''t even mention if you have two nics or one in your computer. Presumably two??? Go to www.shorewall.net and read the quick start guide that pertains to the number of interfaces you have in your machine. Follow that step by step... -- John Andersen - NORCOM http://www.norcomsoftware.com/