this version is creating a fw2fw chain. did I miss anything? cheers, -- Eduardo Ferreira Icatu Holding S.A. (21) 3804-8606 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eduardo Ferreira wrote:> > this version is creating a fw2fw chain. did I miss anything?No. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGKMwwO/MAbZfjDLIRAhu1AJ9K4wkjtjvtGxe0WwHu1qJHN/viUgCfWaLs D3Q61VSGc1QifqGpSVla+24=Nipq -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Eastep wrote:> Eduardo Ferreira wrote: >> this version is creating a fw2fw chain. did I miss anything? > > No.A couple of things. a) You are *not* running shorewall-perl 3.9.3. You are running something that no one else in the world is likely to have; a snapshot of the development thread somewhere between 3.9.2 and 3.9.3. I asked that you only install shorewall-shell from the staging directory; if you installed all of the RPMs found there then you will need to use the - --force directive to upgrade to the real 3.9.3 when I release it this weekend. b) If you define an explicit fw->fw policy, then you will get a fw2fw chain; same if you define fw->fw rules. That hasn''t changed from Shorewall-shell. If you have a case where you are getting a fw2fw chain other than what I outlined, then please tell us how to reproduce the problem so that we can see why it is happening. Thanks, - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGKPMXO/MAbZfjDLIRAs3xAJ9HVxPFji2tBFioCg0j6v/kFglmRgCgjkin QbRo7xsqE2bZIMqcyBSX4Gs=3Q9S -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote on 20/04/2007 14:06:31: [...]> A couple of things. > > a) You are *not* running shorewall-perl 3.9.3. You are running something > that no one else in the world is likely to have; a snapshot of the > development thread somewhere between 3.9.2 and 3.9.3. I asked that you > only install shorewall-shell from the staging directory; if you > installed all of the RPMs found there then you will need to use the > - --force directive to upgrade to the real 3.9.3 when I release it this > weekend.sorry, I didn''t understand that (english as a second language?) here is what I did up to now: - downloaded and rpm''d shorewall, shorewall-shell and shorewall-perl (in this order). - copied my config files from a 3.4.1 to /etc/shorewall (carefully, reading all notes - no modifications introduced) - compiled my config file using shorewall compile -C perl ~/sw.perl shorewall compile -C shell ~/sw.shell later, I executed sw.perl and sw.shell and compared the iptables-save from each of them. In this moment, I noticed the fw2fw chain in the iptables-save output of shorewall-perl. but don''t worry, no upgrades here. this is a 100% new machine that I''m using just to understand and test the new version of shorewall-perl. When the time comes to put this box in production, I''ll begin from zero. Installing a new linux is 30 minutes on the line.> > b) If you define an explicit fw->fw policy, then you will get a fw2fw > chain; same if you define fw->fw rules. That hasn''t changed from > Shorewall-shell.no explicit policies here from fw->fw (the configuration i''m testing against is used elsewhere in a production firewall). besides, shorewall-shell is not creating this chain for the same configuration. cheers, -- Eduardo Ferreira Icatu Holding S.A. (21) 3804-8606 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Eduardo Ferreira wrote:> no explicit policies here from fw->fw (the configuration i''m testing > against is used elsewhere in a production firewall). besides, > shorewall-shell is not creating this chain for the same configuration.I can''t analyze the problem without detail, Eduardo. Please create a tar archive of /etc/shorewall/ and forward it to the list. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote on 20/04/2007 15:17:19:> Eduardo Ferreira wrote: > > > no explicit policies here from fw->fw (the configuration i''m testing > > against is used elsewhere in a production firewall). besides, > > shorewall-shell is not creating this chain for the same configuration. > > I can''t analyze the problem without detail, Eduardo. Please create a tar > archive of /etc/shorewall/ and forward it to the list. >here it goes: ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Eduardo Ferreira wrote:> > Tom Eastep wrote on 20/04/2007 15:17:19: > >> Eduardo Ferreira wrote: >> >> > no explicit policies here from fw->fw (the configuration i''m testing >> > against is used elsewhere in a production firewall). besides, >> > shorewall-shell is not creating this chain for the same configuration. >> >> I can''t analyze the problem without detail, Eduardo. Please create a tar >> archive of /etc/shorewall/ and forward it to the list. >> > here it goes:Thanks. I found the problem. It will be corrected in (the real) 3.9.3. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/