[Shorewall-users] Odd proxy problems

Jan Schermer zviratko at zviratko.net
Fri Feb 11 11:48:26 PST 2005


any messages in dmesg? traceroute works through the firewall but tcp 
packets to port 25 don't? that's strange

Jan

Tech-Mind wrote:
> Hi people,
> 
> I am running the latest version of Debian 'Sarge'. I have installed 
> hopefully the latest version of shorewall, as followed by the website. 
> The firewall has been installed with no problems, runs ok, but I have 
> found a strange problem, maybe it me *shrug*
> 
> My setup:
> 
> Internet<-->cablemodem<-->Debainfirewall<-->hub<-->windowspc
> 
> I am cable, and get my IP from dhcp. eth0 on the firewall, gets a public 
> IP and has a private IP of 192.168.10.45. eth1 has the IP 192.168.20.1 
> and the windows pc has 192.168.20.2.
> 
> The problem:
> 
> The firewall starts fine, I have setup masq so I can use my windows 
> computer. I can ssh into debian with no problems, I can ping a 
> traceroutes to other computers on the internet, I can connect to various 
> irc server around the world, but I can't access any of my email account, 
> not sure why. Also, I cant access any remote website, unless I have use 
> a proxy server, enabled in IE, then it works fine, remove the proxy, and 
> its dead.
> 
> These are my settings:-
> 
> Interfaces:
> 
> ############################################################################## 
> 
> #ZONE INTERFACE BROADCAST OPTIONS
> net eth0  detect  dhcp,routefilter,norfc1918,tcpflags
> loc eth1  detect  tcpflags
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
> 
> masq:
> 
> ############################################################################# 
> 
> #INTERFACE  SUBNET  ADDRESS  PROTO PORT(S) IPSEC
> eth0   eth1
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> 
> 
> policy:
> 
> ############################################################################### 
> 
> #SOURCE  DEST  POLICY  LOG LEVEL LIMIT:BURST
> loc  net  ACCEPT
> # If you want open access to the Internet from your Firewall
> # remove the comment from the following line.
> fw  net  ACCEPT
> net  all  DROP  info
> # THE FOLLOWING POLICY MUST BE LAST
> all  all  REJECT  info
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> 
> rules:
> 
> ############################################################################## 
> 
> #ACTION  SOURCE  DEST  PROTO DEST SOURCE ORIGINAL  RATE USER/
> #       PORT PORT(S) DEST   LIMIT GROUP
> #
> # Accept DNS connections from the firewall to the network
> #
> ACCEPT  fw  net  tcp 53
> ACCEPT  fw  net  udp 53
> #
> # Accept SSH connections from the local network for administration
> #
> ACCEPT  loc  fw  tcp 22
> #
> # Allow Ping To And From Firewall
> #
> ACCEPT  loc  fw  icmp 8
> ACCEPT  net  fw  icmp 8
> ACCEPT  fw  loc  icmp
> ACCEPT  fw  net  icmp
> #
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
> Zones:
> 
> #ZONE DISPLAY  COMMENTS
> net Net  Internet
> loc Local  Local Networks
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> 
> As you can see, I have not altered many of the default settings. I was 
> under the impression, that anything from loc --> net was accepted 
> without any problems.
> 
> Am I missing anything or have I messed up?
> 
> Thanks
> 
> Kevin
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> Subscribe/Unsubscribe: 
> https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3037 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20050211/7edc68d7/smime-0001.bin


More information about the Shorewall-users mailing list