Linux Archive - configuration of a linux router

Linux Archive

Linux Archive (http://www.linux-archive.org/)

- Debian User (http://www.linux-archive.org/debian-user/)

- - configuration of a linux router (http://www.linux-archive.org/debian-user/108003-configuration-linux-router.html)

06-16-2008 11:01 PM

configuration of a linux router

Folk,

At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote,
"... if you want to really understand it use
shorewall after reading shorewall-doc."

ipmasq works but I want to use shorewall.

I wonder why rules are needed for FTP but not
for POP3. In fact, a rule for POP3 produces a
complaint about "... unknown protocol 'pop3' ...".

Any ideas?

Thanks, ... Peter E.

--
http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/
Desktops.OpenDoc http://members.shaw.ca/peasthope/

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

06-16-2008 11:03 PM

configuration of a linux router

Folk,

At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote,
"... if you want to really understand it use
shorewall after reading shorewall-doc."

ipmasq works but I want to use shorewall.

I wonder why rules are needed for FTP but not
for POP3. In fact, a rule for POP3 produces a
complaint about "... unknown protocol 'pop3' ...".

Any ideas?

Thanks, ... Peter E.

--
http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/
Desktops.OpenDoc http://members.shaw.ca/peasthope/

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

06-16-2008 11:19 PM

configuration of a linux router

Folk,

At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote,
"... if you want to really understand it use
shorewall after reading shorewall-doc."

ipmasq works but I want to use shorewall.

I wonder why rules are needed for FTP but
a rule for POP3 produces a complaint about
"... unknown protocol 'pop3' ...".

I need POP3 and SMTP to move mail.
Any ideas?

Thanks, ... Peter E.

--
http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/
Desktops.OpenDoc http://members.shaw.ca/peasthope/

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Paul Johnson

06-16-2008 11:33 PM

configuration of a linux router

On Mon, 2008-06-16 at 16:01 -0700, peasthope@shaw.ca wrote:
> Folk,
>
> At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote,
> "... if you want to really understand it use
> shorewall after reading shorewall-doc."
>
> ipmasq works but I want to use shorewall.
>
> I wonder why rules are needed for FTP but not
> for POP3. In fact, a rule for POP3 produces a
> complaint about "... unknown protocol 'pop3' ...".

In an unusual move, the FTP server connects to the client: Two
connections are maintained instead of just one. You can force FTP to
just use the client to server connection by using passive mode, but
given that doing so makes some operations problematic, it's kind of a
last-resort mode.

--
Paul Johnson
baloo@ursine.ca

Andrew Sackville-West

06-16-2008 11:42 PM

configuration of a linux router

On Mon, Jun 16, 2008 at 04:01:39PM -0700, peasthope@shaw.ca wrote:
> Folk,
>
> At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote,
> "... if you want to really understand it use
> shorewall after reading shorewall-doc."
>
> ipmasq works but I want to use shorewall.
>
> I wonder why rules are needed for FTP but not
> for POP3. In fact, a rule for POP3 produces a
> complaint about "... unknown protocol 'pop3' ...".

that does not mean that a rule for POP3 is not needed. I don't
remember if shorewall is case sensitive, but I bet it is in the
context of defining a rule. maybe post the actual config line to
produces the error?

A

06-17-2008 01:33 AM

configuration of a linux router

Paul & others,

At Mon, 16 Jun 2008 16:33:50 -0700 Paul Johnson wrote,
"... the FTP server connects to the client: Two
connections are maintained ..."

As I am aware, ssh uses only one connection but it
also gets ACCEPT rules. So I still don't understand why
some protocols, dns, ftp and ssh, need rules in
/etc/shorewall/rules while other protocols, pop,
smtp and http, do not. Does shorewall accept
the latter protocols by default? Seems contrary
to reason.

Thanks, ... Peter E.

--
http://carnot.yi.org/ = http://carnot.pathology.ubc.ca/
Desktops.OpenDoc http://members.shaw.ca/peasthope/

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

06-22-2008 03:18 PM

configuration of a linux router

Andrew & others,

At Date: Mon, 16 Jun 2008 16:42:41 -0700 A.S-W. wrote,
"that does not mean that a rule for POP3 is not needed. I don't
remember if shorewall is case sensitive, but I bet it is in the
context of defining a rule. maybe post the actual config line to
produces the error?"

My /etc/shorewall/rules, with the offending rules for POP3
commented out, is now visible.
http://carnot.pathology.ubc.ca/rules

The report from shorewall.
http://carnot.pathology.ubc.ca/ShorewallReport

Equally peculiar: while the rule for SMTP is commented
out, a message can be sent from loc _via_ SMTP.

Thanks for any help, ... Peter E.

--
http://carnot.yi.org/
= http://carnot.pathology.ubc.ca/
Desktops.OpenDoc http://members.shaw.ca/peasthope/

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

All times are GMT. The time now is 08:50 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.