Shorewall users - Dec 2002 - Strangeness since switching to Shorewall

Hi, all.

I switched to Shorewall a couple of weeks back, and since then I have discovered
some strange "problems" when web-browsing.

when I try to access "document" file-types from remote sites (mp3,
PDF, Word Doc, etc...) I cannot connect.  This is happening on my internal Linux
box, as well as my internal Windows boxes.  Also, I cannot FTP from inside the
firewall to a remote, external server.

Can someone (Tom?) suggest where I can start looking to fix this?  If I need to
post some files, please let me know what..

Thanks,
Geordon

--On Thursday, December 12, 2002 02:58:26 PM -0600 gvantass@interaccess.com 
wrote:
> Hi, all.
>
> I switched to Shorewall a couple of weeks back, and since then I have
> discovered some strange "problems" when web-browsing.
>
> when I try to access "document" file-types from remote sites
(mp3, PDF,
> Word Doc, etc...) I cannot connect.
There has to be some other factor than that -- a packet filter like 
NetFilter has absolutely no knowledge of packet payload contents, let alone 
document types. What type of internet connection do you have?
> This is happening on my internal
> Linux box, as well as my internal Windows boxes.  Also, I cannot FTP from
> inside the firewall to a remote, external server.
To _A_ remote server or _any_ remote server?

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net

--On Thursday, December 12, 2002 10:25:38 PM +0100 Axel@congos.net wrote:
>
> From my expirence this sounds more like a cable modem or DSL issue using
> PPPE. MTU size might be the problem.
>
I agree - that''s why I asked the type of internet connection.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
               \ http://shorewall.sf.net
                \ teastep@shorewall.net

>From my expirence this sounds more like a cable modem or DSL issue using
PPPE. MTU size might be the problem.

Axel Westerhold

-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net]=20
Sent: Donnerstag, 12. Dezember 2002 22:04
To: shorewall-users@shorewall.net
Subject: Re: [Shorewall-users] Strangeness since switching to Shorewall



--On Thursday, December 12, 2002 02:58:26 PM -0600
gvantass@interaccess.com=20
wrote:
> Hi, all.
>
> I switched to Shorewall a couple of weeks back, and since then I have
> discovered some strange "problems" when web-browsing.
>
> when I try to access "document" file-types from remote sites
(mp3,
PDF,
> Word Doc, etc...) I cannot connect.
There has to be some other factor than that -- a packet filter like=20
NetFilter has absolutely no knowledge of packet payload contents, let
alone=20
document types. What type of internet connection do you have?
> This is happening on my internal
> Linux box, as well as my internal Windows boxes.  Also, I cannot FTP
from
> inside the firewall to a remote, external server.
To _A_ remote server or _any_ remote server?

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net

_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users

----- Original Message -----
From: Tom Eastep <teastep@shorewall.net>
Date: Thursday, December 12, 2002 3:03 pm
Subject: Re: [Shorewall-users] Strangeness since switching to Shorewall
> 
> 
> --On Thursday, December 12, 2002 02:58:26 PM -0600 
> gvantass@interaccess.com 
> wrote:
> 
> > Hi, all.
> >
> > I switched to Shorewall a couple of weeks back, and since then I 
> have> discovered some strange "problems" when web-browsing.
> >
> > when I try to access "document" file-types from remote sites
> (mp3, PDF,
> > Word Doc, etc...) I cannot connect.
> 
> There has to be some other factor than that -- a packet filter 
> like 
> NetFilter has absolutely no knowledge of packet payload contents, 
> let alone 
> document types. What type of internet connection do you have?
That''s what I thought.. But, Shorewall was the only thing that changed
in the configuration.
> > This is happening on my internal
> > Linux box, as well as my internal Windows boxes.  Also, I cannot 
> FTP from
> > inside the firewall to a remote, external server.
> 
> To _A_ remote server or _any_ remote server?
*any* remote server has demonstrates this issue.  Additionally, my connection is
an IDSL with static IP, no PPOE, etc.

If there you have any suggestions on where else to look, I would greatly
appreciate it.  I''m putting my hair out!
> -Tom
Oh, and Tom?  Your Shorewall is a WONDER!  I wish I had it a couple of years
ago, when I was trying to configure IPCHAINS by hand.  Oi! :)

thanks,
Geordon

--On Thursday, December 12, 2002 03:43:33 PM -0600 gvantass@interaccess.com 
wrote:
>
>
> ----- Original Message -----
> From: Tom Eastep <teastep@shorewall.net>
> Date: Thursday, December 12, 2002 3:03 pm
> Subject: Re: [Shorewall-users] Strangeness since switching to Shorewall
>
>>
>>
>> --On Thursday, December 12, 2002 02:58:26 PM -0600
>> gvantass@interaccess.com
>> wrote:
>>
>> > Hi, all.
>> >
>> > I switched to Shorewall a couple of weeks back, and since then I
>> have> discovered some strange "problems" when
web-browsing.
>> >
>> > when I try to access "document" file-types from remote
sites
>> (mp3, PDF,
>> > Word Doc, etc...) I cannot connect.
>>
>> There has to be some other factor than that -- a packet filter
>> like
>> NetFilter has absolutely no knowledge of packet payload contents,
>> let alone
>> document types. What type of internet connection do you have?
>
> That''s what I thought.. But, Shorewall was the only thing that
changed in
> the configuration.
>
>> > This is happening on my internal
>> > Linux box, as well as my internal Windows boxes.  Also, I cannot
>> FTP from
>> > inside the firewall to a remote, external server.
>>
>> To _A_ remote server or _any_ remote server?
>
> *any* remote server has demonstrates this issue.  Additionally, my
> connection is an IDSL with static IP, no PPOE, etc.
When you try to connect with a command line ftp client, what happens?
>
> If there you have any suggestions on where else to look, I would greatly
> appreciate it.  I''m putting my hair out!
>
How have you configured Shorewall? Did you use one of the QuickStart Guides 
and if so which one? If not, please post your rules file.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net