Tom,
I tried to follow the instructions you gave me for one-interface
(See Below) on my laptop which uses a wan0 connection.
It did not work.
Please help me (Seer Attached File)?
Horace
-----ORIGINAL MESSAGE -----
From: Tom Eastep <teastep@shorewall.net>
To: horacef@usnetizen.com
Cc: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Cannot connect to the internet
Date: 03/30/2011 06:26:12 PM
Please do me a favor.
a) Uninstall Shorewall (however your distribution allows you to do
that)
b) rm -rf /etc/shorewall
What I did.
$ sudo rm -rf /etc/shorewall
[sudo] password for *****N_****:
$
NOTE -- NO more /ETC/SHOREWALL directory
c) rm -rf /etc/default/shorewall
What I did.
$ sudo rm -rf /etc/default/shorewall
$
NOTE -- No more /ETC/SHOREWALL/SHOREWALL
d) Install the shorewall package
What I did.
Clicked MENU --> Clicked PACKAGE MANAGER --> Typed
SHOREWALL in the
QUICK SEARCH window --> Right Clicked SHOREWALL -->
clicked MARK FOR INSTALATTION --> Clicked APPLY
NOTES -- 1. OS Linux Mint 9 Isadora''
2. Shorewall version:
$ shorewall version
4.4.6
$
-- DO NOTHING ELSE other than what I tell you below.
e) cd /etc/shorewall
What I did.
$ cd /etc/shorewall
$
f) if you are running Debian or Ubuntu and installed the .deb:
cp /usr/share/doc/shorewall/examples/one-interface/* .
What I did.
$ cp /usr/share/doc/shorewall/examples/one-interface/*
cp: target
`/usr/share/doc/shorewall/examples/one-interface/shorewall.conf~'' is
not
a directory
$
$ sudo
cp /usr/share/doc/shorewall/examples/one-interface/*
[sudo] password for ******_****:
cp: target
`/usr/share/doc/shorewall/examples/one-interface/zones'' is
not a directory
NOTE -- I could not get the above command to work so
this is what I
did.
$
cd /usr/share/doc/shorewall/examples/one-interface
$
$ sudo cp * etc/shorewall
$
$ ls
. .. interfaces policy README.txt rules
shorewall.conf zones
$
otherwise
cp /usr/share/shorewall/Samples/one-interface/* .
g) Edit /etc/shorewall/shorewall.conf and be sure that
STARTUP_ENABLED=Yes; if not change it.
What I did.
I open FILE BROWSER navigated
to /ETC/SHOREWALL/SHOREWALL.CONF
Right Clicked the file SHOREWALL.CONF --> Clicked OPEN
AS
ADMINISTRATOR and changed STARTUP ENABLED=No to STARTUP
ENABLED=Yes
SAVED the FILE
h) If you are running Debian or Ubuntu, edit /etc/default/shorewall
and set startup=1.
What I did.
I open FILE BROWSER navigated to /ETC/DEFAULT/SHOREWALL
Right Clicked the file SHOREWALL --> Clicked OPEN AS
ADMINISTRATOR and
changed STARTUP=0 to STARTUP=1
SAVED the FILE
i) At a root console, type ''shorewall start''.
What I did.
$ sudo shorewall start
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
Compiling ...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain
Reject...
Compiling ...
Processing /usr/share/shorewall/action.Drop for chain
Drop...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Shorewall configuration compiled
to /var/lib/shorewall/.start
Starting Shorewall....
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Disabled!
done.
$
This configuration will allow you unfettered access from your computer
to the internet.
Now
a) cd /etc
What I did.
$ cd /etc
$
b) cp -a shorewall shorewall.good
What I did.
$ sudo cp -a shorewall shorewall.good
[sudo] password for ******_****`:
$
NOTE: ect/shorewall.good directory/folder is present
c) Now make changes to /etc/shorewall to try to allow the incoming
traffic that you want. If you suddenly find that is has all gone to
hell, then
d) cd /etc
f) rm -rf /etc/shorewall
g) cp -a /etc/shorewall.save /etc/shorewall
h) shorewall restart
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Signature exists, but need public key
------------------------------------------------------------------------------
Fulfilling the Lean Software Promise
Lean software platforms are now widely adopted and the benefits have been
demonstrated beyond question. Learn why your peers are replacing JEE
containers with lightweight application servers - and what you can gain
from the move. http://p.sf.net/sfu/vmware-sfemails
> f) if you are running Debian or Ubuntu and installed the .deb: > cp /usr/share/doc/shorewall/examples/one-interface/* . > > What I did. > $ cp /usr/share/doc/shorewall/examples/one-interface/* > cp: target > `/usr/share/doc/shorewall/examples/one-interface/shorewall.conf~'' is not > a directoryYou omitted the dot at the end of the command. The fact that there is a file called /usr/share/doc/shorewall/examples/one-interface/shorewall.conf~ (ie, with a tilde at the end) suggests that you have previously edited files in that directory.> cd /usr/share/doc/shorewall/examples/one-interface > $ > > $ sudo cp * etc/shorewallThat will copy the files to a directory called ''etc'' under the current directory. You need to copy them to /etc/shorewall, not etc/shorewall. However, if you fix the first mistake above, that of omitting the dot at the end of the command, you won''t have to do this copy at all.> g) Edit /etc/shorewall/shorewall.conf and be sure that > STARTUP_ENABLED=Yes; if not change it. > What I did. > I open FILE BROWSER navigated > to /ETC/SHOREWALL/SHOREWALL.CONFI know what you mean, but filenames under Linux are case sensitive, so /etc/shorewall/shorewall.conf is not the same file as /ETC/SHOREWALL/SHOREWALL.CONF. At the start of your mail, you say:> It did not work.> Please help meWhen you visit your doctor, do you ask him to make you better? Or do you tell him what is wrong? You need to describe, in addition to what you did, what happens and how that differs from what you expected to have happen. Just saying "it does not work, please help me" is unlikely to achieve the result you wish. -- "You can have everything in life you want if you help enough other people get what they want" - Zig Ziglar. Who did you help today? ------------------------------------------------------------------------------ Fulfilling the Lean Software Promise Lean software platforms are now widely adopted and the benefits have been demonstrated beyond question. Learn why your peers are replacing JEE containers with lightweight application servers - and what you can gain from the move. http://p.sf.net/sfu/vmware-sfemails