[leaf-user] Bering1.1/Shorewall: problems with pop, irc and some www access

Thomas V. Fischer Thu, 06 Mar 2003 09:19:52 -0800

Hey all,

I have managed to get most of my Bering set-up running but I am encountering
problems with certain network access such as :


- POP sessions that hang at the end of the dowload phase
- IRC connections that can not be established at all
- www search (like google) that never end/complete

Here are the modified shorewall config files

/etc/shorewall/zones
  net Net  Internet
  loc Local Local networks
  dmz DMZ  DMZ zone for connection

/etc/shorewall/hosts
  #ZONE  HOST(S)     OPTIONS
  loc  eth0:192.168.51.0/24
  dmz  eth0:192.168.1.0/24

/etc/shorewall/interfaces
  #ZONE INTERFACE BROADCAST    OPTIONS
  net ppp0     -             dhcp,norfc1918,blacklist,routefilter
  - eth0  192.168.51.255,192.168.1.255     dhcp

/etc/shorewall/masq
  #INTERFACE SUBNET     ADDRESS
  ppp0   192.168.51.0/24


/etc/shorewall/policy
  #SOURCE DEST POLICY  LOG LEVEL LIMIT:BURST
  loc  net  ACCEPT
  #
  # If you want open access to the internet from your firewall, uncomment
the
  # following line
  fw  net  ACCEPT
  net  all  DROP  ULOG
  all  all  REJECT  ULOG


/etc/shorewall/routestopped
  #INTERFACE HOST(S)
  eth0   -

/etc/shorewall/TOS
#SOURCE DEST  PROTOCOL SOURCE PORTS DEST PORTS TOS
all  all   tcp   -    ssh   16
all  all   tcp   ssh    -   16
all  all   tcp   -    ftp   16
all  all   tcp   ftp    -   16
all  all   tcp   ftp-data  -   8
all  all   tcp   -    ftp-data 8


/etc/shorewall/rules
#ACTION   SOURCE  DEST       PROTO DEST    SOURCE    ORIGINAL
#                                  PORT    PORT(S)    DEST
(default provide rules)
ACCEPT     loc    net    tcp    53
ACCEPT    loc    net    tcp    53
# LET IN CHECKPOINT VPN... 50 51 256 259 500u 778 2746u (TCPorudp)
ACCEPT  net   loc   udp  50,51,256,259,500,778,2746
ACCEPT  net   loc   tcp  50,51,256,259,500,778,2746
ACCEPT  loc   net   udp  50,51,256,259,500,778,2746
ACCEPT  loc   net   tcp  50,51,256,259,500,778,2746

Thanks for your help

-----------------------------
Thomas Fischer, MCSE                      mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
     Apple, WinNT, e-Mail, Groupware
mailto:[EMAIL PROTECTED]



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering1.1/Shorewall: problems with pop, irc and some www access

Reply via email to