[TriLUG] Shorewall and iptable_nat
Owen Berry
trilugbucket at berrybunch.net
Thu Mar 11 22:15:31 EST 2004
> the question is, is shorewall working. The best way to find out is to
> ask it. "shorewall status" will give you a list of all rules in the
> tables, and current connections through the firewall.
>
> if that has the rules you are expecting, then yahoo! if not, then
> apparently shorewall freaks out when NAT is loaded.
>
> HTH,
> CJK
It has a list of rules, but does it have all of them? I dunno. I do know
that I can't access any standard services on the box until I
specifically enable them. That would point to it working, but, as I
said, is everything working right. If I can't resolve this, I guess the
safest bet is to recompile the kernel with the NAT options set.
> One of the shorewall configuration files is called "modules" and it
> contains a list of modules to be loaded. Your system will be no less
> secure, as adding the NAT module simply allows for a new set of tables to
> be setup in iptables PREROUTING,POSTROUTING, and OUTPUT, which occur
> before routing, after routing, and right before sending packets onto the
> wire (respectively).
>
> David
I commented out the relevant lines in this file and still got the errors
in my system log. Strange. I'll read up more about it tomorrow, but
thanks for the tip.
More information about the TriLUG
mailing list