Peter M. Callahan
2003-Jan-18 12:58 UTC
[Shorewall-users] Don''t want to have to issue shorewall start
Hello, Could someone with the requisite shorewall expertise please help me? Here is a description of my problem. I dial in to my ISP using kppp. It seems to establish a connection just fine. However, only a handful of bytes are exchanged. I must then become ''root'' and issue ''shorewall start'' in order to get the Internet connection to work normally. Once this is done, my connection is fine. I would like to know how to avoid having to log in a ''root'' and issuing the ''shorewall start'' in order to have a normal Internet connection. I have included the results of the ''shorewall start'' below. Please provide an ''idiot proof'' solution if possible. Thanks in advance! Pete ***************************************************************** [root@localhost peter]# shorewall start Processing /etc/shorewall/shorewall.conf ... Processing /etc/shorewall/params ... Starting Shorewall... Loading Modules... Initializing... Determining Zones... Zones: net masq Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: ppp0:0.0.0.0/0 Masquerade Zone: eth0:0.0.0.0/0 Processing /etc/shorewall/init ... Deleting user chains... Creating input Chains... Configuring Proxy ARP Setting up NAT... Adding Common Rules Adding rules for DHCP IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/rules... Rule "ACCEPT net fw tcp 80,443,22,20,21 -" added. Rule "ACCEPT masq fw tcp 80,443,22,20,21 -" added. Rule "ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -" added. Rule "ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -" added. Rule "ACCEPT fw masq tcp 631,137,138,139 -" added. Rule "ACCEPT fw masq udp 631,137,138,139 -" added. Setting up ICMP Echo handling... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy REJECT for fw to masq using chain all2all Policy DROP for net to fw using chain net2all Policy REJECT for masq to fw using chain all2all Policy ACCEPT for masq to net using chain masq2net Masqueraded Subnets and Hosts: To 0.0.0.0/0 from 192.168.1.0/255.255.255.0 through ppp0 Processing /etc/shorewall/tos... Rule "all all tcp - ssh 16" added. Rule "all all tcp ssh - 16" added. Rule "all all tcp - ftp 16" added. Rule "all all tcp ftp - 16" added. Rule "all all tcp ftp-data - 8" added. Rule "all all tcp - ftp-data 8" added. Activating Rules... Processing /etc/shorewall/start ... Shorewall Started [root@localhost peter]# *****************************************************************
guenther
2003-Jan-18 15:08 UTC
[Shorewall-users] Don''t want to have to issue shorewall start
cheers();> Here is a description of my problem. I dial in to my ISP using kppp. It > seems to establish a connection just fine. However, only a handful of > bytes are exchanged. I must then become ''root'' and issue ''shorewall > start'' in order to get the Internet connection to work normally. Once > this is done, my connection is fine. I would like to know how to avoid > having to log in a ''root'' and issuing the ''shorewall start'' in order to > have a normal Internet connection.As your ppp0 (probably) device is present, even when you are not online, shorewall can be startet with your init-scripts. That should be normal behavior of shorewall though -- started on boot, no matter if you have an active connection to the net or not.> Please provide an ''idiot proof'' solution if possible.Sorry, can''t do that without more information. As shorewall (installed from RPM) comes with an init-script starting at runlevel 2 - 5 you must have changed that -- or installed from tar-ball without making those start scripts. If you need more assistance, we (at least me) would need more info... karsten -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Tom Eastep
2003-Jan-20 15:18 UTC
[Shorewall-users] Don''t want to have to issue shorewall start
--On Saturday, January 18, 2003 3:58 PM -0500 "Peter M. Callahan" <pmcallah@ix.netcom.com> wrote:> > Hello, > > Could someone with the requisite shorewall expertise please help me? > > Here is a description of my problem. I dial in to my ISP using kppp. It > seems to establish a connection just fine. However, only a handful of > bytes are exchanged. I must then become ''root'' and issue ''shorewall > start'' in order to get the Internet connection to work normally. Once > this is done, my connection is fine. I would like to know how to avoid > having to log in a ''root'' and issuing the ''shorewall start'' in order to > have a normal Internet connection. > > I have included the results of the ''shorewall start'' below. > > Please provide an ''idiot proof'' solution if possible. >Follow the advice at http://www.shorewall.net/starting_and_stopping_shorewall.htm and include a "shorewall restart" command in /etc/ppp/ip-up (or ip-up.local if you distribution has such a thing). -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net