Hi, someone have idea of witch is the reason that, at the
end of setup of my shorewall config, appiars this error?
Warning: wierd character in interface `10.1.0.0/18'' (No aliases, :, !
or *)
........
Probably I have something wrong in to my configurations files ...
Followin some usefull information ...
Thanks
-------
Dario Lesca (d.lesca@osra.it)
------------------------[cut]------------------
Processing /etc/shorewall/shorewall.conf ...
Processing /etc/shorewall/params ...
Restarting Shorewall...
Loading Modules...
Initializing...
Determining Zones...
Zones: net loc lociv dmz
Validating interfaces file...
Validating hosts file...
Determining Hosts in Zones...
Net Zone: eth0:0.0.0.0/0
Torino Zone: 10.1.0.0/18
Ivrea Zone: 10.1.65.0/24
DMZ Zone: eth2:0.0.0.0/0
Multi-zone Zone: eth1:0.0.0.0/0
Deleting user chains...
Configuring Proxy ARP and NAT
Adding Common Rules
Enabling RFC1918 Filtering
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/rules...
Rule "ACCEPT net fw tcp ssh,www" added.
Rule "REJECT net fw tcp 113" added.
Rule "ACCEPT loc fw tcp ssh,www" added.
Rule "ACCEPT lociv fw tcp ssh,www" added.
Rule "ACCEPT loc fw udp domain" added.
Rule "ACCEPT lociv fw udp domain" added.
Rule "ACCEPT fw loc udp domain" added.
Rule "ACCEPT fw lociv udp domain" added.
Rule "ACCEPT net loc:10.1.1.46:80 tcp www - all" added.
Rule "ACCEPT net dmz:192.168.1.80:80 tcp www - all" added.
Rule "ACCEPT loc dmz:192.168.2.80:80 tcp www" added.
Rule "ACCEPT fw loc icmp 8" added.
Rule "ACCEPT loc fw icmp 8" added.
Rule "ACCEPT loc dmz icmp 8" added.
Rule "ACCEPT dmz loc icmp 8" added.
Rule "ACCEPT dmz fw icmp 8" added.
Rule "ACCEPT fw dmz icmp 8" added.
Adding rules for DHCP
Setting up ICMP Echo handling...
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net.
Policy REJECT for fw to loc.
Policy REJECT for fw to lociv.
Policy REJECT for fw to dmz.
Policy DROP for net to fw.
Policy DROP for net to loc.
Policy DROP for net to dmz.
Policy REJECT for loc to fw.
Policy ACCEPT for loc to net.
Policy REJECT for loc to dmz.
Policy REJECT for lociv to fw.
Policy ACCEPT for lociv to net.
Policy REJECT for dmz to fw.
Policy REJECT for dmz to net.
Policy REJECT for dmz to loc.
Masqueraded Subnets and Hosts:
To 0.0.0.0/0 from -s 10.1.65.0/24 through eth0 using 195.103.88.121
To 0.0.0.0/0 from -s 10.1.0.1/32 through eth0
To 0.0.0.0/0 from -s 10.1.0.2/32 through eth0
To 0.0.0.0/0 from -s 10.1.0.3/32 through eth0
To 0.0.0.0/0 from -s 10.1.0.4/32 through eth0
To 0.0.0.0/0 from -s 10.1.0.5/32 through eth0
To 0.0.0.0/0 from -s 10.1.0.6/32 through eth0
To 0.0.0.0/0 from -s 10.1.0.7/32 through eth0
To 0.0.0.0/0 from -s 10.1.0.8/32 through eth0
To 0.0.0.0/0 from -s 10.1.0.9/32 through eth0
To 0.0.0.0/0 from -s 10.1.1.0/24 through eth0
To 0.0.0.0/0 from -s 192.168.1.254/24 through eth0
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16" added.
Rule "all all tcp ftp-data - 8" added.
Rule "all all tcp - ftp-data 8" added.
Activating Rules...
Warning: wierd character in interface `10.1.0.0/18'' (No aliases, :, !
or *).
Warning: wierd character in interface `10.1.65.0/24'' (No aliases, :, !
or
*).
Warning: wierd character in interface `10.1.0.0/18'' (No aliases, :, !
or *).
Warning: wierd character in interface `10.1.0.0/18'' (No aliases, :, !
or *).
Warning: wierd character in interface `10.1.0.0/18'' (No aliases, :, !
or *).
Warning: wierd character in interface `10.1.0.0/18'' (No aliases, :, !
or *).
Warning: wierd character in interface `10.1.65.0/24'' (No aliases, :, !
or
*).
Warning: wierd character in interface `10.1.0.0/18'' (No aliases, :, !
or *).
Warning: wierd character in interface `10.1.65.0/24'' (No aliases, :, !
or
*).
Warning: wierd character in interface `10.1.65.0/24'' (No aliases, :, !
or
*).
Warning: wierd character in interface `10.1.65.0/24'' (No aliases, :, !
or
*).
Warning: wierd character in interface `10.1.65.0/24'' (No aliases, :, !
or
*).
Warning: wierd character in interface `10.1.0.0/18'' (No aliases, :, !
or *).
Warning: wierd character in interface `10.1.65.0/24'' (No aliases, :, !
or
*).
Warning: wierd character in interface `10.1.0.0/18'' (No aliases, :, !
or *).
Warning: wierd character in interface `10.1.65.0/24'' (No aliases, :, !
or
*).
Shorewall Restarted
The portion of debbug (sh -x)
............................
+ chain=net2all
+ interface=eth0
+ subnet=0.0.0.0/0
+ interface1=10.1.65.0/24
+ subnet1=10.1.65.0/24
+ ''['' eth0 = 10.1.65.0/24 -a x0.0.0.0/0 = x10.1.65.0/24
'']''
+ run_iptables -A FORWARD -i eth0 -s 0.0.0.0/0 -o 10.1.65.0/24 -d
10.1.65.0/24 -
j net2all
++ echo -A FORWARD -i eth0 -s 0.0.0.0/0 -o 10.1.65.0/24 -d 10.1.65.0/24 -j
net2a
ll
++ sed ''s/!/! /g''
+ iptables -A FORWARD -i eth0 -s 0.0.0.0/0 -o 10.1.65.0/24 -d
10.1.65.0/24 -j ne
t2all
Warning: wierd character in interface `10.1.65.0/24'' (No aliases, :, !
or
*).
+ eval ''dest_hosts=$dmz_hosts''
++ dest_hosts=eth2:0.0.0.0/0
++ rules_chain net dmz
++ local chain=net2dmz
..............
Following the my configurations files...
-----------------
#[ext-int-dmz/common]-----------------------------------------------
run_iptables -A common -p icmp -j icmpdef
run_iptables -A common -p tcp --tcp-flags ACK ACK -j ACCEPT
run_iptables -A common -p tcp --tcp-flags RST RST -j ACCEPT
run_iptables -A common -p udp --dport 137:139 -j DROP
run_iptables -A common -p udp --dport 445 -j DROP
run_iptables -A common -d 255.255.255.255 -j DROP
run_iptables -A common -d 224.0.0.0/4 -j DROP
run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP
#[ext-int-dmz/hosts]-----------------------------------------------
locto 10.1.0.0/18
lociv 10.1.65.0/24 routestopped
#[ext-int-dmz/interfaces]-----------------------------------------------
net eth0 detect noping,dhcp,norfc1918
- eth1 detect multi
dmz eth2 detect routestopped
#[ext-int-dmz/masq]-----------------------------------------------
eth0 10.1.65.0/24 195.103.88.121
eth0 10.1.0.1/32
eth0 10.1.0.2/32
eth0 10.1.0.3/32
eth0 10.1.0.4/32
eth0 10.1.0.5/32
eth0 10.1.0.6/32
eth0 10.1.0.7/32
eth0 10.1.0.8/32
eth0 10.1.0.9/32
eth0 10.1.1.0/24
eth0 eth2
#[ext-int-dmz/policy]-----------------------------------------------
fw net ACCEPT
locto net ACCEPT
lociv net ACCEPT
locto fw ACCEPT
lociv fw ACCEPT
net all DROP info
all all REJECT info
#[ext-int-dmz/rules]-----------------------------------------------
ACCEPT fw net tcp none
ACCEPT fw net udp none
ACCEPT net fw tcp ssh,www
ACCEPT net fw udp none
REJECT net fw tcp 113
ACCEPT fw locto udp domain
ACCEPT locto fw tcp ssh,www
ACCEPT locto fw udp domain
ACCEPT fw lociv udp domain
ACCEPT lociv fw tcp ssh,www
ACCEPT lociv fw udp domain
ACCEPT net locto:10.1.1.46:80 tcp www - all
ACCEPT net dmz:192.168.1.80:80 tcp www - all
ACCEPT locto dmz:192.168.2.80:80 tcp www
ACCEPT fw dmz:$DMZ_SERVER1 tcp none
ACCEPT fw dmz:$DMZ_SERVER1 udp none
ACCEPT fw dmz:$DMZ_SERVER2 tcp none
ACCEPT fw dmz:$DMZ_SERVER2 udp none
ACCEPT dmz net tcp none
ACCEPT dmz net udp none
ACCEPT fw locto icmp 8
ACCEPT locto fw icmp 8
ACCEPT locto dmz icmp 8
ACCEPT dmz locto icmp 8
ACCEPT fw lociv icmp 8
ACCEPT lociv fw icmp 8
ACCEPT lociv dmz icmp 8
ACCEPT dmz lociv icmp 8
ACCEPT dmz fw icmp 8
ACCEPT fw dmz icmp 8
#[ext-int-dmz/shorewall.conf]-----------------------------------------------
FW=fw
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
ALLOWRELATED="yes"
MODULESDIR=""
LOGRATE="5/minute"
LOGBURST=5
LOGUNCLEAN=info
LOGFILE="/var/log/messages"
NAT_ENABLED="Yes"
MANGLE_ENABLED="Yes"
IP_FORWARDING="On"
ADD_IP_ALIASES="Yes"
ADD_SNAT_ALIASES="No"
TC_ENABLED="No"
BLACKLIST_DISPOSITION=DROP
BLACKLIST_LOGLEVELCLAMPMSS="No"
#[ext-int-dmz/zones]-----------------------------------------------
net Net Internet
locto Torino Local networks Torino
lociv Ivrea Local networks Ivrea
dmz DMZ Demilitarized Zone
--------------------------------
My routing and network config ...
-----------------
[root@redwall Config]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
195.103.88.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.1.65.0 10.1.1.104 255.255.255.0 UG 0 0 0 eth1
10.1.0.0 0.0.0.0 255.255.192.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 195.103.88.1 0.0.0.0 UG 1 0 0 eth0
[root@redwall Config]# ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:60:08:6b:3d:96 brd ff:ff:ff:ff:ff:ff
inet 195.103.88.120/24 brd 195.103.88.255 scope global eth0
inet 195.103.88.121/32 brd 255.255.255.255 scope global eth0:0
inet 195.103.88.122/32 brd 255.255.255.255 scope global eth0:1
inet 195.103.88.123/32 brd 255.255.255.255 scope global eth0:2
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:01:02:f5:ad:ba brd ff:ff:ff:ff:ff:ff
inet 10.1.10.120/18 brd 10.1.63.255 scope global eth1
inet 10.1.10.121/32 brd 255.255.255.255 scope global eth1:0
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:10:5a:69:2a:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth2
[root@redwall Config]#
-----------------------------------------------