Re: [Shorewall-users] Prerequisites for Shorewall to work

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Tom,

My answers are embedded below...

> On Wed, 14 Aug 2002, Mark Champion wrote:
>
> > I'm not having success with Shorewell using the "Two-interface" example
.
> > It seems to start fine (no error messages)
>
> What does "shorewall show shorewall" show after you have started
> shorewall?

The following is shown...

    Counters reset Thu Aug 15 09:57:02 PDT 2002
    iptables: Table does not exist (do you need to insmod?)

> > and be trying to work, but I
> > don't get any data through.  Even if I type "shorewell clear", I get
nothing
> > through.
> >
> > So my question is... Should my two-interface system have worked before
> > installing Shorewell?
>
> Your two-interface system should have been able to access the internet and
> your local systems and firewall should be able to communicate freely.
>
> > And then Shorewell simply restricts the data
> > according to the rules?  I did try it before installing Shorewell, and
the
> > only thing I could do was ping within the loc zone.  This proved to me
that
> > the computers were connected and capable of communicating.  But I've
never
> > been able to move a single byte of data between the loc and net zones.
> >
> > When Shorewell is running, I can't ping within the loc zone.  This
> > reinforces the theory that  Shorewell doesn't facilitate communication,
but
> > rather restricts it (a good thing for a firewall).
>
> What does "can't ping within the loc zone" mean exactly.

I use ping as a basic test.  When shorewall is not running, I can ping the
firewall from a Windows computer in the loc zone.  When shorewall is
running, I cannot ping the firewall.  (I followed the instructions to open
the firewall for pinging.  These instructions did not indicate a "rule" was
needed.

> >
> > So, I don't know if my problem is a Shorewell configuration problem
(which I
> > think matches the two-interface example) or some fundamental Linux
> > configuration problem.
> >
> > BTW, how should I have "lokkit" configured on my computer?  Isn't
"lokkit"
> > an alternative to "shorewell?"
>
> Yes -- you should use one or the other.

OK, I'll use shorewell.

>
> > And within Linux "Setup" should I have the
> > firewall enabled or not?
>
> No.

OK, well I enabled it.  I guess I should run "setup" and disable it now,
right?

> > And my "systemconf" utility indicates that both
> > ipchains and iptables are enabled.  Is that related?
> >
>
> You should have neither enabled.

I didn't enable them.  Maybe they got enabled with the firewall.  I guess I
can disable them within the "systemconf" utility, right?

Mark Champion

ps.  I know Shoreline!  I live in Kenmore!

> -Tom
> --
> Tom Eastep    \ Shorewall - iptables made easy
> AIM: tmeastep  \ http://www.shorewall.net
> ICQ: #60745924  \ te...@sh...