Here''s the latest post from Florian. I can''t spend any more time on this today but hopefully someone else on the list can help. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Tom Eastep wrote:> Here''s the latest post from Florian. I can''t spend any more time on this > today but hopefully someone else on the list can help.This is one of those wacky configurations that was set up using the Mandrake Firewall GUI. It has both a ''loc'' zone (eth0) and a ''masq'' zone (eth1). The ''masq'' zone is the only one that is getting masqueraded:> NAT Table...> Chain POSTROUTING (policy ACCEPT 6843 packets, 541K bytes) > pkts bytes target prot opt in out sourcedestination> 1 72 ppp_masq all -- * ppp+ 0.0.0.0/00.0.0.0/0> Chain ppp_masq (1 references) > pkts bytes target prot opt in out sourcedestination> 0 0 MASQUERADE all -- * * 192.168.10.0/240.0.0.0/0 192.168.10.0/24 is the ''masq'' zone on eth1. Yet, I''m seeing traffic from the ''loc'' zone. Florian claims that this thing just stopped working but I find it hard to believe that this ever worked. Florian -- if the hosts that cannot connect to the net are attached to eth0 then you need to add an entry for them in /etc/shorewall/masq. -Tom (who really *must* get to work) -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Florian Zschocke wrote:>> >> 192.168.10.0/24 is the ''masq'' zone on eth1. >> >> Yet, I''m seeing traffic from the ''loc'' zone. >> >> Florian claims that this thing just stopped working but I find it hard to >> believe that this ever worked. >> >> Florian -- if the hosts that cannot connect to the net are attached to >> eth0 >> then you need to add an entry for them in /etc/shorewall/masq. > > Than i have two entries in mask for 192.168.10.0/24 > ppp0 and eth0? > This is confusing - are you sure?.Florian. I''m not sure of anything. You haven''t even told me/us what doesn''t work. This is what you have told us:> A Linux server Mandrake 9,2 I setup several years ago is not routingcorrect anymore.> It stopped working without any user interaction updates or else."not routing correct anymore" -- that''s ALL WE KNOW!!! Plus you say:> I have tried for two days to fix it without success.So we don''t know what your configuration looked like two days ago before you started ''fixing'' it. In addition: - you refuse to use the correct forum for help (shorewall-users@lists.sourceforge.net) and continue to send private emails to support@shorewall.net. - You are running a version of Shorewall that was released 4 years ago and that has been out of support since February 2005 (2 1/2 years ago!). It produces minimal information to help diagnose problems. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Tom Eastep wrote:>>> >>> Florian -- if the hosts that cannot connect to the net are attached to >>> eth0 >>> then you need to add an entry for them in /etc/shorewall/masq. >> Than i have two entries in mask for 192.168.10.0/24 >> ppp0 and eth0? >> This is confusing - are you sure?. > > Florian. I''m not sure of anything.To finish this non-thread, I''ve just been chewed out via private post for giving the OP advise that was totally wrong for Shorewall 1.4.8 and asking my why I even bothered to respond if I didn''t have a "glue" (sic). And this is after the OP sent his problem report to support@shorewall.net. Given that ''support'' is an alias for ''teastep'', I don''t know who else should have responded but I''ll kick his ass if I find him.... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Thu, 2007-10-18 at 18:33 -0700, Tom Eastep wrote:> To finish this non-thread, I''ve just been chewed out via private post > for giving the OP advise that was totally wrong for Shorewall 1.4.8 and > asking my why I even bothered to respond if I didn''t have a "glue" (sic).Tom, you''ve been too patient. :) I would have resorted to replying with a link to the mailing-list only earlier... Indeed, this has been some pretty weird thread. Oh, and there is a chance that server "600 km away from Berlin" actually is right next door to me. ;-)> And this is after the OP sent his problem report to > support@shorewall.net. Given that ''support'' is an alias for ''teastep'', I > don''t know who else should have responded but I''ll kick his ass if I > find him....Be sure to put some glue on your shoe, first. ;-) karsten -- [ESR] Eric S. Raymond: "How To Ask Questions The Smart Way" http://www.catb.org/~esr/faqs/smart-questions.html [SGT] Simon G. Tatham: "How to Report Bugs Effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Karsten Bräckelmann wrote:> > Be sure to put some glue on your shoe, first. ;-) >;-) Florian sent me another post in which he apologized and reported that he was able to solve his problem. So all''s well that ends well. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/