Shorewall users - May 2002 - (no subject)

Hi everyone!

I have been trying to understand behaviour of my computer, I am relatively new
to the firewall concept, I have been running windows
all my life. I run 2.4.17 and 2.4.18 kernel and shorewall 1.2.12.
When I originally set the shorewall for the first time (thanks to Tom for help)
I had to explicitly un-comment line in the icmpdef
and add rule icmp 8 in the rules for testing, now i would like to stop that
trafic, but ping works even if I remove the rules and/or
comment the line in icmpdef, stop/clear/start shorewall.
I have found that common and common.def file has changed, but i don''t
remember changing it, I include both common files as text
below. Would that mean that someone has changed it for me, I know it is possible
but is it likely?
Is there any think that you guys can see that should not be there in the setup
files.
I am attaching the setup files because i send this from windows computer if this
will be a problem please tell me.
I have 2 nics with eth1 192.168.5.12 ipalias 192.168.6.12, eth0 external
203.94.161.12
4 zones : loc, net dial1, dial2,
4 hosts in hosts file to suit,
4 in the interface file to suit,
table.txt is a list of iptables -L using common file and tables2.txt is using
common.def
and I am not to good with explanations, so if that explanation doesn''t
make sense let me know

Secondly
on the other box (2nd dns) in /var/adm/messages I found few lines, which i
include only 2 of them.
203.94.161.114 is a dialup, is that computer trying to hack in? or is this a
legit request.
---------------------------------------------
May 28 09:41:08 fns1 kernel: Shorewall:net2fw:DROP:IN=eth0 OUT=
MAC=00:c0:ca:10:ba:92:08:00:03:06:29:9f:08:00 SRC=203.94.161.114
DST=203.94.161.6 LEN=56 TOS=0x00 PREC=0x00 TTL=126 ID=23040 PROTO=ICMP TYPE=3
CODE=3 [SRC=203.94.161.6 DST=192.168.1.101 LEN=274
TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=1026 LEN=254 ]
May 28 09:41:08 fns1 kernel: Shorewall:net2fw:DROP:IN=eth0 OUT=
MAC=00:c0:ca:10:ba:92:08:00:03:06:29:9f:08:00 SRC=203.94.161.114
DST=203.94.161.6 LEN=56 TOS=0x00 PREC=0x00 TTL=126 ID=23296 PROTO=ICMP TYPE=3
CODE=3 [SRC=203.94.161.6 DST=192.168.1.101 LEN=274
TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=53 DPT=1027 LEN=254 ]
---------------------------------------------

On Tue, 28 May 2002, Bogdan wrote:

I snipped you entire post because the lines are 100''s of bytes long.

If you don''t specify the ''noping'' option on your
external interface then
your firewall will respond to ping.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net