Can someone explain what this is? I get so many log messages about this from Shorewall (in fact -- that's about the ONLY log messages I get. Can I just ignore them? They all appear to come from my router.)

I'm just confused as to what is happening here. I also want to make sure 'cause I want to know that this isn't causing all the problems I've been having with setting up servers/transferring files/etc.

Thanks

http://lists.shorewall.net/pipermail/shorewall-users/2004-February/011227.html

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22rcf+1918%22&btnG=Search


RFC-1918 Address space

A private network in general consists of IP addresses especially put aside the purpose. These IP addresses are referred to as "non routing" IP addresses and allow hosts not connected to the Internet to provide connectivity with one another on their own private LAN or WAN, with full IP connectivity.

From http://www.riddleware.com/solx86/nat-config.html

Seems that it's actually the internal routing from your switch / router.

HTH

Jamie

So...wait...is this saying I need to run that script to update my computer? Or...what?

Whew. I'm so confused.

[edit]
Oh, BTW, I'm using version 2.x of shorewall. This is for 1.4.x
[/edit[

Originally posted by jme
http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22rcf+1918%22&btnG=Search



From http://www.riddleware.com/solx86/nat-config.html

Seems that it's actually the internal routing from your switch / router.

HTH

Jamie
Okay. That makes some sense. Would this cause any problems though for me to run my own servers, etc. Seems I'm having major problems in this area.

Thanks

What is your network setup?

LAN > Router > my computer

The reason I keep the router inbetween is because I have friends come over all the time and hook into it. But, I don't know, it's causing me a multitude of problems -- and really pissing me off. I may just get rid of it.

Originally posted by Dark Ninja
LAN > Router > my computer


Um, wait, let me get this straight: You have a router _between_ your computer and the rest of your LAN?

Well, um, okay, I suppose you _can_ do that, but it's pretty pointless.

You should have

LAN (you computer is here too) -> Router -> Internet



Your problem is that you have norfc1918 in your /etc/shorewall/interfaces file. The requests from the computers on your lan are all going to be coming from RFC 1918 addresses, so you need to allow them.


If your router is halfway decent, it will function as a hardware firewall. You should use it as such. If you bought a retail router (instead of using an old computer or something), then your software firewall is the cause of your problems.

:)

~psi42

Why have you got the router there?

The Shorewall router probably expects a WAN interface (ie, non RFC 1918 address) on one side of it, so that's why you'd see those log entries.

What type of box is the one you're firewalling? Could you maybe implement some type of software firewall on it? You know, even Windows can do some type of packet filtering, so it's not neccesary to segment up your network if all you want to do is deny access to certain machines.

:: unplugging router ::

;)