Thanks Tom - my replies are below. If you (or anyone else) can suggest anything else I might try, that would be great :)
> -----Original Message----- > From: [EMAIL PROTECTED] > On Mon, 8 Apr 2002, [EMAIL PROTECTED] wrote: > > > /etc/Shorewall/params contains mostly the default options, except: > > Loc_tcp_ports1=80,3389 (=www and Win2k Terminal Services) > > server1=192.168.1.2 (=my webserver's internal address) > > > > When Shorewall starts, the Rule outputs are: > > > > Accept fw net tcp 53 > > Accept fw net udp 53 > > Accept net fw tcp 22 > > Reject net fw tcp 113 > > Accept loc fw tcp 22,80 > > Accept loc fw udp 53 > > Accept net loc:192.168.1.2 tcp 80,3389 - all > > Accept fw loc icmp 8 > > Accept loc fw icmp 8 > > > > I can access the Weblet (and ssh if I put sshd on) internally, > > as I'd expect. If I do a port scan from grc.com, AUTH shows > > up as closed rather than > > stealthed, which I'd also expect. However, HTTP shows up as > > stealthed, which I don't understand. > > > > Your Shorewall setup looks correct -- > > a) When you attempt the port scan, does Shorewall report anything about > TCP port 80 in /var/log/messages? Yep. GRC's port scan probes the following ports: 21,23,25,79,80,110,113,135,139,143,443,445,5000. The first time I tried a portscan, there were messages in /var/log/messages for destination ports 5000,445,443,143,139 (in that order). Each message is reporting a dropped packet from the Net2all rule. A subsequent portscan only resulted in a message for the port 5000 attempt - still dropped from the Net2all rule. > b) After the port scan, if you do "shorewall show nat", does the packet > count for the port 80 DNAT rule show a non-zero packet count? How about > the port 80 rule in "shorewall show net2loc"? "Shorewall show nat" shows a packet count of 20 for the port 80 DNAT rule. "Shorewall show net2loc" shows a packet count of 109 for "state NEW tcp dpt:80" > If neither of these packet counts is non-zero, your ISP is most likely > dropping SYN TCP packets with destination port 80. I know this isn't the case because I've had a webserver running here up until last week. Cheers Richard _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user