Shorewall users - Nov 2004 - Firwall on and no one home

Hi Guys

luv your product but ive become stuck since updating to Suse Linux
Enterprise 9, Id luv some advice on where i should be looking to resolve
this issue..

basically... when shorewall is off all ports are showing to the internet
''25,80,443,ect'' and i can ping my box from an external source.
''with
stopped rule created to allow ppp0''

when shorewall is on nothing is showing and ping times out

when i add a default policy to allow all from ppp0 then i can ping the
external interface but a port scan reviels nothing,

i have tried copying my previously working config into /etc/shorewall
but its stil as above.

i am masquerading ppp0 to eth1, and this works great.

Cheers for any help i can get on this matter, id much rather use
shorewall that any other product out there.
Keep up the great work!!!

Stephen Carins ;-)

On Thu, 2004-11-25 at 18:16 +1000, Stephen Carins wrote:
> Hi Guys
> 
> luv your product but ive become stuck since updating to Suse Linux
> Enterprise 9, Id luv some advice on where i should be looking to resolve
> this issue..
> 
> basically... when shorewall is off all ports are showing to the internet
> ''25,80,443,ect'' and i can ping my box from an external
source. ''with
> stopped rule created to allow ppp0''
> 
> when shorewall is on nothing is showing and ping times out
Stephen,

You don''t have any rule to accept pings from the network to the
firewall! Shorewall is doing exactly what you are asking it to do. If
you want the firewall to respond to ping, you need:

	ACCEPT	net	fw	icmp	8

Did you perhaps upgrade from a very old version of Shorewall? When
upgrading (between major releases especially), you need to read the
"Upgrade Issues" on the web site because I sometimes make incompatible
changes at major releases.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key