Shorewall is blocking everything. How to tweak it?












1















I had used old DIR-400 router for years, but now it starts hanging and have problems. So I thought to replace it with a 2-ports motherboard with linux onboard, to be able to tweak and run some services.



I've installed Debian, configured /etc/network/interfaces, isc-dhcp-server worked as a charm - 10x faster than Dlink's DHCP; DNS was served by dnsmasq, but also i wanted a port forwarding, so i used iptables, and iptables-persistent (iptables-save command). Everything was good, before I thought I could do that better.



Problem was when I need to forward a port (or to disable it) - every time I had to switch the monitor, change keyboard, edit iptables, save new config. (SSH keys is a concept far away from normal user understanding, so not suitable for even trying to configure putty - i did sshd once, it lagged, and I promised - "never again!") So i installed shorewall and webmin. And the hell began!!!



First thing i noticed that dnsmasq not working. Okay, I had set up static ip 10.0.0.30 with dns 8.8.8.8 (on client machine in LAN) and proceed. Second thing is that shorewall is blocking everything! I installed it as was proposed in two-interface
configuration - via copying example and changing interfaces. That was done in a hope that I will get some defaults, free lan and restricted wan, and tweak that later through web interface. So to access webmin i had to forcibly stop shorewall, now i could access to 10.0.0.1:10000.. But that web interface is so extreme complicated, I just want a field like in a home-grade router "accept connetcions on port 80 and redirect it to internal ip 10.0.0.30". But nothing like that, extremely complicated web interface.



So everything is wreched now, iptables is overflooded with randomly generated stuff i cant even explain what is there.. I feel like i have to reinstall os from scratch and tweak it from command line. So questions are:




  • How to fix or at least diagnose what's wrong with that malware, called "shorewall"?

  • What are convenient(tweak "what is LAN and what is WAN" - login - tune web interface) user-friendly web interface for simple router-like tasks?


PS. I want to use Debian, or Debian-based router-specific distros, because I am alredy familiar with it. And I have little time to read tones of manuals, to learn new software or OS.










share|improve this question





























    1















    I had used old DIR-400 router for years, but now it starts hanging and have problems. So I thought to replace it with a 2-ports motherboard with linux onboard, to be able to tweak and run some services.



    I've installed Debian, configured /etc/network/interfaces, isc-dhcp-server worked as a charm - 10x faster than Dlink's DHCP; DNS was served by dnsmasq, but also i wanted a port forwarding, so i used iptables, and iptables-persistent (iptables-save command). Everything was good, before I thought I could do that better.



    Problem was when I need to forward a port (or to disable it) - every time I had to switch the monitor, change keyboard, edit iptables, save new config. (SSH keys is a concept far away from normal user understanding, so not suitable for even trying to configure putty - i did sshd once, it lagged, and I promised - "never again!") So i installed shorewall and webmin. And the hell began!!!



    First thing i noticed that dnsmasq not working. Okay, I had set up static ip 10.0.0.30 with dns 8.8.8.8 (on client machine in LAN) and proceed. Second thing is that shorewall is blocking everything! I installed it as was proposed in two-interface
    configuration - via copying example and changing interfaces. That was done in a hope that I will get some defaults, free lan and restricted wan, and tweak that later through web interface. So to access webmin i had to forcibly stop shorewall, now i could access to 10.0.0.1:10000.. But that web interface is so extreme complicated, I just want a field like in a home-grade router "accept connetcions on port 80 and redirect it to internal ip 10.0.0.30". But nothing like that, extremely complicated web interface.



    So everything is wreched now, iptables is overflooded with randomly generated stuff i cant even explain what is there.. I feel like i have to reinstall os from scratch and tweak it from command line. So questions are:




    • How to fix or at least diagnose what's wrong with that malware, called "shorewall"?

    • What are convenient(tweak "what is LAN and what is WAN" - login - tune web interface) user-friendly web interface for simple router-like tasks?


    PS. I want to use Debian, or Debian-based router-specific distros, because I am alredy familiar with it. And I have little time to read tones of manuals, to learn new software or OS.










    share|improve this question



























      1












      1








      1








      I had used old DIR-400 router for years, but now it starts hanging and have problems. So I thought to replace it with a 2-ports motherboard with linux onboard, to be able to tweak and run some services.



      I've installed Debian, configured /etc/network/interfaces, isc-dhcp-server worked as a charm - 10x faster than Dlink's DHCP; DNS was served by dnsmasq, but also i wanted a port forwarding, so i used iptables, and iptables-persistent (iptables-save command). Everything was good, before I thought I could do that better.



      Problem was when I need to forward a port (or to disable it) - every time I had to switch the monitor, change keyboard, edit iptables, save new config. (SSH keys is a concept far away from normal user understanding, so not suitable for even trying to configure putty - i did sshd once, it lagged, and I promised - "never again!") So i installed shorewall and webmin. And the hell began!!!



      First thing i noticed that dnsmasq not working. Okay, I had set up static ip 10.0.0.30 with dns 8.8.8.8 (on client machine in LAN) and proceed. Second thing is that shorewall is blocking everything! I installed it as was proposed in two-interface
      configuration - via copying example and changing interfaces. That was done in a hope that I will get some defaults, free lan and restricted wan, and tweak that later through web interface. So to access webmin i had to forcibly stop shorewall, now i could access to 10.0.0.1:10000.. But that web interface is so extreme complicated, I just want a field like in a home-grade router "accept connetcions on port 80 and redirect it to internal ip 10.0.0.30". But nothing like that, extremely complicated web interface.



      So everything is wreched now, iptables is overflooded with randomly generated stuff i cant even explain what is there.. I feel like i have to reinstall os from scratch and tweak it from command line. So questions are:




      • How to fix or at least diagnose what's wrong with that malware, called "shorewall"?

      • What are convenient(tweak "what is LAN and what is WAN" - login - tune web interface) user-friendly web interface for simple router-like tasks?


      PS. I want to use Debian, or Debian-based router-specific distros, because I am alredy familiar with it. And I have little time to read tones of manuals, to learn new software or OS.










      share|improve this question
















      I had used old DIR-400 router for years, but now it starts hanging and have problems. So I thought to replace it with a 2-ports motherboard with linux onboard, to be able to tweak and run some services.



      I've installed Debian, configured /etc/network/interfaces, isc-dhcp-server worked as a charm - 10x faster than Dlink's DHCP; DNS was served by dnsmasq, but also i wanted a port forwarding, so i used iptables, and iptables-persistent (iptables-save command). Everything was good, before I thought I could do that better.



      Problem was when I need to forward a port (or to disable it) - every time I had to switch the monitor, change keyboard, edit iptables, save new config. (SSH keys is a concept far away from normal user understanding, so not suitable for even trying to configure putty - i did sshd once, it lagged, and I promised - "never again!") So i installed shorewall and webmin. And the hell began!!!



      First thing i noticed that dnsmasq not working. Okay, I had set up static ip 10.0.0.30 with dns 8.8.8.8 (on client machine in LAN) and proceed. Second thing is that shorewall is blocking everything! I installed it as was proposed in two-interface
      configuration - via copying example and changing interfaces. That was done in a hope that I will get some defaults, free lan and restricted wan, and tweak that later through web interface. So to access webmin i had to forcibly stop shorewall, now i could access to 10.0.0.1:10000.. But that web interface is so extreme complicated, I just want a field like in a home-grade router "accept connetcions on port 80 and redirect it to internal ip 10.0.0.30". But nothing like that, extremely complicated web interface.



      So everything is wreched now, iptables is overflooded with randomly generated stuff i cant even explain what is there.. I feel like i have to reinstall os from scratch and tweak it from command line. So questions are:




      • How to fix or at least diagnose what's wrong with that malware, called "shorewall"?

      • What are convenient(tweak "what is LAN and what is WAN" - login - tune web interface) user-friendly web interface for simple router-like tasks?


      PS. I want to use Debian, or Debian-based router-specific distros, because I am alredy familiar with it. And I have little time to read tones of manuals, to learn new software or OS.







      debian routing shorewall






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 15 at 22:46







      xakepp35

















      asked Jan 15 at 22:39









      xakepp35xakepp35

      1621112




      1621112






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394720%2fshorewall-is-blocking-everything-how-to-tweak-it%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394720%2fshorewall-is-blocking-everything-how-to-tweak-it%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Plaza Victoria

          Puebla de Zaragoza

          Musa