[Shorewall-users] Odd proxy problems

Cristian Rodriguez judas.iscariote at gmail.com
Fri Feb 11 11:52:30 PST 2005


AllowDNS loc fw

on /etc/shorewall/rules

(asuming you have BIND or dnsmasq already up)






On Fri, 11 Feb 2005 19:44:06 -0000, Tech-Mind <techmind at kitsonik.com> wrote:
> Hi people,
> 
> I am running the latest version of Debian 'Sarge'. I have installed hopefully the latest version of
> shorewall, as followed by the website. The firewall has been installed with no problems, runs ok,
> but I have found a strange problem, maybe it me *shrug*
> 
> My setup:
> 
> Internet<-->cablemodem<-->Debainfirewall<-->hub<-->windowspc
> 
> I am cable, and get my IP from dhcp. eth0 on the firewall, gets a public IP and has a private IP of
> 192.168.10.45. eth1 has the IP 192.168.20.1 and the windows pc has 192.168.20.2.
> 
> The problem:
> 
> The firewall starts fine, I have setup masq so I can use my windows computer. I can ssh into debian
> with no problems, I can ping a traceroutes to other computers on the internet, I can connect to
> various irc server around the world, but I can't access any of my email account, not sure why. Also,
> I cant access any remote website, unless I have use a proxy server, enabled in IE, then it works
> fine, remove the proxy, and its dead.
> 
> These are my settings:-
> 
> Interfaces:
> 
> ##############################################################################
> #ZONE INTERFACE BROADCAST OPTIONS
> net eth0  detect  dhcp,routefilter,norfc1918,tcpflags
> loc eth1  detect  tcpflags
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
> masq:
> 
> #############################################################################
> #INTERFACE  SUBNET  ADDRESS  PROTO PORT(S) IPSEC
> eth0   eth1
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> 
> policy:
> 
> ###############################################################################
> #SOURCE  DEST  POLICY  LOG LEVEL LIMIT:BURST
> loc  net  ACCEPT
> # If you want open access to the Internet from your Firewall
> # remove the comment from the following line.
> fw  net  ACCEPT
> net  all  DROP  info
> # THE FOLLOWING POLICY MUST BE LAST
> all  all  REJECT  info
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> 
> rules:
> 
> ##############################################################################
> #ACTION  SOURCE  DEST  PROTO DEST SOURCE ORIGINAL  RATE USER/
> #       PORT PORT(S) DEST   LIMIT GROUP
> #
> # Accept DNS connections from the firewall to the network
> #
> ACCEPT  fw  net  tcp 53
> ACCEPT  fw  net  udp 53
> #
> # Accept SSH connections from the local network for administration
> #
> ACCEPT  loc  fw  tcp 22
> #
> # Allow Ping To And From Firewall
> #
> ACCEPT  loc  fw  icmp 8
> ACCEPT  net  fw  icmp 8
> ACCEPT  fw  loc  icmp
> ACCEPT  fw  net  icmp
> #
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 
> Zones:
> 
> #ZONE DISPLAY  COMMENTS
> net Net  Internet
> loc Local  Local Networks
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> 
> As you can see, I have not altered many of the default settings. I was under the impression, that
> anything from loc --> net was accepted without any problems.
> 
> Am I missing anything or have I messed up?
> 
> Thanks
> 
> Kevin
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>


More information about the Shorewall-users mailing list