Shorewall is blocking everything. How to tweak it?
I had used old DIR-400 router for years, but now it starts hanging and have problems. So I thought to replace it with a 2-ports motherboard with linux onboard, to be able to tweak and run some services.
I've installed Debian, configured /etc/network/interfaces, isc-dhcp-server
worked as a charm - 10x faster than Dlink's DHCP; DNS was served by dnsmasq
, but also i wanted a port forwarding, so i used iptables, and iptables-persistent (iptables-save
command). Everything was good, before I thought I could do that better.
Problem was when I need to forward a port (or to disable it) - every time I had to switch the monitor, change keyboard, edit iptables, save new config. (SSH keys is a concept far away from normal user understanding, so not suitable for even trying to configure putty - i did sshd once, it lagged, and I promised - "never again!") So i installed shorewall and webmin. And the hell began!!!
First thing i noticed that dnsmasq not working. Okay, I had set up static ip 10.0.0.30
with dns 8.8.8.8
(on client machine in LAN) and proceed. Second thing is that shorewall is blocking everything! I installed it as was proposed in two-interface
configuration - via copying example and changing interfaces. That was done in a hope that I will get some defaults, free lan and restricted wan, and tweak that later through web interface. So to access webmin i had to forcibly stop shorewall, now i could access to 10.0.0.1:10000.. But that web interface is so extreme complicated, I just want a field like in a home-grade router "accept connetcions on port 80 and redirect it to internal ip 10.0.0.30". But nothing like that, extremely complicated web interface.
So everything is wreched now, iptables is overflooded with randomly generated stuff i cant even explain what is there.. I feel like i have to reinstall os from scratch and tweak it from command line. So questions are:
- How to fix or at least diagnose what's wrong with that malware, called "shorewall"?
- What are convenient(tweak "what is LAN and what is WAN" - login - tune web interface) user-friendly web interface for simple router-like tasks?
PS. I want to use Debian, or Debian-based router-specific distros, because I am alredy familiar with it. And I have little time to read tones of manuals, to learn new software or OS.
debian routing shorewall
add a comment |
I had used old DIR-400 router for years, but now it starts hanging and have problems. So I thought to replace it with a 2-ports motherboard with linux onboard, to be able to tweak and run some services.
I've installed Debian, configured /etc/network/interfaces, isc-dhcp-server
worked as a charm - 10x faster than Dlink's DHCP; DNS was served by dnsmasq
, but also i wanted a port forwarding, so i used iptables, and iptables-persistent (iptables-save
command). Everything was good, before I thought I could do that better.
Problem was when I need to forward a port (or to disable it) - every time I had to switch the monitor, change keyboard, edit iptables, save new config. (SSH keys is a concept far away from normal user understanding, so not suitable for even trying to configure putty - i did sshd once, it lagged, and I promised - "never again!") So i installed shorewall and webmin. And the hell began!!!
First thing i noticed that dnsmasq not working. Okay, I had set up static ip 10.0.0.30
with dns 8.8.8.8
(on client machine in LAN) and proceed. Second thing is that shorewall is blocking everything! I installed it as was proposed in two-interface
configuration - via copying example and changing interfaces. That was done in a hope that I will get some defaults, free lan and restricted wan, and tweak that later through web interface. So to access webmin i had to forcibly stop shorewall, now i could access to 10.0.0.1:10000.. But that web interface is so extreme complicated, I just want a field like in a home-grade router "accept connetcions on port 80 and redirect it to internal ip 10.0.0.30". But nothing like that, extremely complicated web interface.
So everything is wreched now, iptables is overflooded with randomly generated stuff i cant even explain what is there.. I feel like i have to reinstall os from scratch and tweak it from command line. So questions are:
- How to fix or at least diagnose what's wrong with that malware, called "shorewall"?
- What are convenient(tweak "what is LAN and what is WAN" - login - tune web interface) user-friendly web interface for simple router-like tasks?
PS. I want to use Debian, or Debian-based router-specific distros, because I am alredy familiar with it. And I have little time to read tones of manuals, to learn new software or OS.
debian routing shorewall
add a comment |
I had used old DIR-400 router for years, but now it starts hanging and have problems. So I thought to replace it with a 2-ports motherboard with linux onboard, to be able to tweak and run some services.
I've installed Debian, configured /etc/network/interfaces, isc-dhcp-server
worked as a charm - 10x faster than Dlink's DHCP; DNS was served by dnsmasq
, but also i wanted a port forwarding, so i used iptables, and iptables-persistent (iptables-save
command). Everything was good, before I thought I could do that better.
Problem was when I need to forward a port (or to disable it) - every time I had to switch the monitor, change keyboard, edit iptables, save new config. (SSH keys is a concept far away from normal user understanding, so not suitable for even trying to configure putty - i did sshd once, it lagged, and I promised - "never again!") So i installed shorewall and webmin. And the hell began!!!
First thing i noticed that dnsmasq not working. Okay, I had set up static ip 10.0.0.30
with dns 8.8.8.8
(on client machine in LAN) and proceed. Second thing is that shorewall is blocking everything! I installed it as was proposed in two-interface
configuration - via copying example and changing interfaces. That was done in a hope that I will get some defaults, free lan and restricted wan, and tweak that later through web interface. So to access webmin i had to forcibly stop shorewall, now i could access to 10.0.0.1:10000.. But that web interface is so extreme complicated, I just want a field like in a home-grade router "accept connetcions on port 80 and redirect it to internal ip 10.0.0.30". But nothing like that, extremely complicated web interface.
So everything is wreched now, iptables is overflooded with randomly generated stuff i cant even explain what is there.. I feel like i have to reinstall os from scratch and tweak it from command line. So questions are:
- How to fix or at least diagnose what's wrong with that malware, called "shorewall"?
- What are convenient(tweak "what is LAN and what is WAN" - login - tune web interface) user-friendly web interface for simple router-like tasks?
PS. I want to use Debian, or Debian-based router-specific distros, because I am alredy familiar with it. And I have little time to read tones of manuals, to learn new software or OS.
debian routing shorewall
I had used old DIR-400 router for years, but now it starts hanging and have problems. So I thought to replace it with a 2-ports motherboard with linux onboard, to be able to tweak and run some services.
I've installed Debian, configured /etc/network/interfaces, isc-dhcp-server
worked as a charm - 10x faster than Dlink's DHCP; DNS was served by dnsmasq
, but also i wanted a port forwarding, so i used iptables, and iptables-persistent (iptables-save
command). Everything was good, before I thought I could do that better.
Problem was when I need to forward a port (or to disable it) - every time I had to switch the monitor, change keyboard, edit iptables, save new config. (SSH keys is a concept far away from normal user understanding, so not suitable for even trying to configure putty - i did sshd once, it lagged, and I promised - "never again!") So i installed shorewall and webmin. And the hell began!!!
First thing i noticed that dnsmasq not working. Okay, I had set up static ip 10.0.0.30
with dns 8.8.8.8
(on client machine in LAN) and proceed. Second thing is that shorewall is blocking everything! I installed it as was proposed in two-interface
configuration - via copying example and changing interfaces. That was done in a hope that I will get some defaults, free lan and restricted wan, and tweak that later through web interface. So to access webmin i had to forcibly stop shorewall, now i could access to 10.0.0.1:10000.. But that web interface is so extreme complicated, I just want a field like in a home-grade router "accept connetcions on port 80 and redirect it to internal ip 10.0.0.30". But nothing like that, extremely complicated web interface.
So everything is wreched now, iptables is overflooded with randomly generated stuff i cant even explain what is there.. I feel like i have to reinstall os from scratch and tweak it from command line. So questions are:
- How to fix or at least diagnose what's wrong with that malware, called "shorewall"?
- What are convenient(tweak "what is LAN and what is WAN" - login - tune web interface) user-friendly web interface for simple router-like tasks?
PS. I want to use Debian, or Debian-based router-specific distros, because I am alredy familiar with it. And I have little time to read tones of manuals, to learn new software or OS.
debian routing shorewall
debian routing shorewall
edited Jan 15 at 22:46
xakepp35
asked Jan 15 at 22:39
xakepp35xakepp35
1621112
1621112
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394720%2fshorewall-is-blocking-everything-how-to-tweak-it%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1394720%2fshorewall-is-blocking-everything-how-to-tweak-it%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown