[plug] Shorewall config

skribe skribe at amber.com.au
Tue Aug 9 18:24:05 WST 2005 

Hey folks:

I've set up my adsl modem as a bridge leading into firewall which then 
branches off into a local network.  The bridge is connected through eth0 and 
the local network through eth1.  

My problem is that pppoe has created ppp0 and I'm unsure how to handle it and 
eth0 - given that they're kinda the same interface - as far as shorewall is 
concerned.

Shorewall:

Zone file:
  #ZONE                   DISPLAY         COMMENTS
net     Internet        The wonderfully weird wide world of web
Local   Local   Local Network

Interface file:
net     ppp0    detect  dhcp,norfc1918,tcpflags
Local   eth1    detect  tcpflags
net     eth0    detect

Masq file:
ppp0    eth1
ppp0    eth0

Policy file:
Local   net     ACCEPT
fw      net     ACCEPT
net     all     DROP    info
all     all     REJECT  info

Should I be adding another zone in there and using that for eth0?  How would I 
handle it as far as rules and policy goes?

On another note, when I tried using bittorrent on the local network my syslog 
started filling up with entries like this:

kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=x.x.x.x DST=x.x.x.x 
LEN=86 TOS=0x00 PREC=0xE0 TTL=108 ID=18896 PROTO=UDP SP
T=6881 DPT=6881 LEN=66

Even an hour after they're tracking me (bittorrent humour =)

I have the following Shorewall rule:
DNAT    net     Local:192.168.x.x       tcp     6969
DNAT    net     Local:192.168.x.x       tcp     6881:6889

Suggestions?

skribe
-- 
Public key information available at:
http://www.amber.com.au/~skribe/publickey.html
Key fingerprint = 567A E91E E729 ACC2 4E34 CA8B FD0A F77D 8F00 EC47 

"I know exactly what you mean. Let me tell you why you're here. You're here
because you know something. What you know you can't explain. But you feel
it. You've felt it your entire life. That there's something wrong with the
world. You don't know what it is but it's there, like a splinter in your
mind driving you mad. It is this feeling that has brought you to me. Do you
know what I'm talking about?"

"The Matrix?"

		-- Morpheus and Neo, "The Matrix"

Xaraya Content Management Solutions http://www.xaraya.com/

More information about the plug mailing list