Casey MacPherson
2002-Jun-21 22:27 UTC
[Shorewall-users] Having a problem getting it going
Ran through the documentation and setup the zones, interfaces etc... First here is the config: eth0 dhcp to dsl ISP eth1 internal set to 192.168.0.2 I get connectivity before shorewall is started. I can ping, rpm etc... etc... Using Mandrake 8.2 with all the graphical stuff stripped out. When I start shorewall I get no traffic at all, can't even do anything from the box itself. I also noticed when I start shorewall that when it does the "Looking for hosts in zones:" section it shows eth0:0.0.0.0\24 and eth1:0.0.0.0\24 Then at the masq line it shows 0.0.0.0\24 0.0.0.0\24 I'm trying to figure out why shorewall is detecting the interfaces incorrectly when ifconfig shows everything as what it should be, before and after shorewall is started. I'll be checking my kernel tonight to make sure I have everything. Thanks Casey
On Fri, 21 Jun 2002, Casey MacPherson wrote:> Ran through the documentation and setup the zones, interfaces etc... > > First here is the config: > eth0 dhcp to dsl ISP > eth1 internal set to 192.168.0.2 > > I get connectivity before shorewall is started. I can ping, rpm etc... > etc... Using Mandrake 8.2 with all the graphical stuff stripped out. > > When I start shorewall I get no traffic at all, can''t even do anything > from the box itself.Did you start with the two-interface example? If so, you need to uncomment a line in the /etc/shorewall/policy file to be able to do much from the firewall box itself. Quoting from the QuickStart Guide: "If you want your firewall system to have full access to servers on the internet, add the following rule before the last rule above (Note -- in the two- and three-interface samples, the line below is included but commented out)."> I also noticed when I start shorewall that when it > does the "Looking for hosts in zones:" section it shows eth0:0.0.0.0\24 > and eth1:0.0.0.0\24 >I don''t believe that -- I think it says eth0:0.0.0.0/0 and eth1:0.0.0.0/0 which is perfectly normal (note the "/0"s in place of your "\24"s).> Then at the masq line it shows 0.0.0.0\24 0.0.0.0\24 >Please capture the acutal output. I''m betting that it says: To 0.0.0.0/0 from eth1 through eth0 which is again perfectly normal.> I''m trying to figure out why shorewall is detecting the interfaces > incorrectly when ifconfig shows everything as what it should be, before > and after shorewall is started. > > I''ll be checking my kernel tonight to make sure I have everything. >With your next report, please capture the messages exactly. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Fri, 21 Jun 2002, Tom Eastep wrote:> > On Fri, 21 Jun 2002, Casey MacPherson wrote: > > Did you start with the two-interface example? If so, you need to uncomment > a line in the /etc/shorewall/policy file to be able to do much from the > firewall box itself. Quoting from the QuickStart Guide: >AAAARRRRRGGGGG - I just noticed that the Installation/Upgrade web page doesn''t refer the reader to the Quick Start Guide. I''ve corrected that. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Casey MacPherson
2002-Jun-22 20:36 UTC
[Shorewall-users] Having a problem getting it going
Just to let everyone know... This worked. Now the fun of trying to get uPnP working. But this isn''t an issue with shorewall, just a lot of rules manipulation Thanks Casey -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net]=20 Sent: Friday, June 21, 2002 3:47 PM To: Casey MacPherson Cc: shorewall-users@shorewall.net Subject: Re: [Shorewall-users] Having a problem getting it going On Fri, 21 Jun 2002, Casey MacPherson wrote:> Ran through the documentation and setup the zones, interfaces etc... > =20 > First here is the config: > eth0 dhcp to dsl ISP > eth1 internal set to 192.168.0.2 > > I get connectivity before shorewall is started. I can ping, rpmetc...> etc... Using Mandrake 8.2 with all the graphical stuff stripped out. >=20 > When I start shorewall I get no traffic at all, can''t even do anything > from the box itself.Did you start with the two-interface example? If so, you need to uncomment a line in the /etc/shorewall/policy file to be able to do much from the firewall box itself. Quoting from the QuickStart Guide: "If you want your firewall system to have full access to servers on the=20 internet, add the following rule before the last rule above (Note -- in=20 the two- and three-interface samples, the line below is included but=20 commented out)."> I also noticed when I start shorewall that when it > does the "Looking for hosts in zones:" section it showseth0:0.0.0.0\24> and eth1:0.0.0.0\24 >=20I don''t believe that -- I think it says eth0:0.0.0.0/0 and eth1:0.0.0.0/0 which is perfectly normal (note the "/0"s in place of your "\24"s).> Then at the masq line it shows 0.0.0.0\24 0.0.0.0\24 > =20Please capture the acutal output. I''m betting that it says: To 0.0.0.0/0 from eth1 through eth0 which is again perfectly normal.> I''m trying to figure out why shorewall is detecting the interfaces > incorrectly when ifconfig shows everything as what it should be,before> and after shorewall is started. > > I''ll be checking my kernel tonight to make sure I have everything. > =20With your next report, please capture the messages exactly.=20 -Tom --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net