DeAngelo Rios
2002-Aug-17 03:19 UTC
[Shorewall-users] shorewall command can not find functions
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C2459C.F5371E00
Content-Type: text/plain
I am running the Shorewall on the Bering LRP with some success.
1. After I configure all the config files or extract the sample files from
the examples, the shorewall commands errors.
/var/lib/shorewall/functions does not exist!
I feel like I am beating a dead horse, but I will ask any ways.
I can not get my FTP to work ( I know "another one" ). I have read the
docs
several times and I am missing something.
These are all the files I have edited. The rest are untouched.
The setup:
(DMZ)
I>>>>> {64.123.80.50} [fw]}
{192.168.1.254}>>>>>>{192.168.1.50}[FTP]
I can not believe it does not work. What am I missing.
# cat modules
############################################################################
##
# Shorewall 1.3 /etc/shorewall/modules
#
# This file loads the modules needed by the firewall.
loadmodule ip_tables
loadmodule iptable_filter
loadmodule ip_conntrack
loadmodule ip_conntrack_ftp
loadmodule ip_conntrack_irc
loadmodule iptable_nat
loadmodule ip_nat_ftp
loadmodule ip_nat_irc
# cat shore*
FW=fw
SUBSYSLOCK=/var/run/shorewall
STATEDIR=/tmp/shorewall
ALLOWRELATED=yes
MODULESDIRLOGRATELOGBURSTLOGUNCLEAN=info
LOGFILE=/var/log/messages
NAT_ENABLED=Yes
MANGLE_ENABLED=Yes
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
TC_ENABLED=No
BLACKLIST_DISPOSITION=DROP
BLACKLIST_LOGLEVELCLAMPMSS=No
ROUTE_FILTER=yes
NAT_BEFORE_RULES=no
MULTIPORT=No
DETECT_DNAT_IPADDRS=Yes
MERGE_HOSTS=Yes
MUTEX_TIMEOUT=60
LOGNEWNOTSYN#LAST LINE -- DO NOT REMOVE
# cat common
. /etc/shorewall/common.def
run_iptables -A common -p udp --sport 53 -mstate --state NEW -j DROP
# cat interfaces
net eth0 detect filterping,norfc1918
dmz eth1 detect
#LAST LNE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
# cat masq
#INTERFACE SUBNET ADDRESS
eth0 eth1
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
dmz net ACCEPT
net all DROP info
all all REJECT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
# cat rules
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT PORT(S) DEST
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
ACCEPT dmz fw tcp 22
ACCEPT dmz net tcp 53
ACCEPT dmz net upp 53
ACCEPT dmz net icmp 8
ACCEPT net dmz icmp 8
DNAT net dmz:192.168.1.50 tcp 21
DNAT net dmz:192.168.1.180 tcp 80
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
# cat rout*
#INTERFACE HOST(s)
eth1 -
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
#ZONE DISPLAY COMMENTS
net Net Internet
dmz DMZ Demilitarized zone
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
D
------_=_NextPart_001_01C2459C.F5371E00
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office"
xmlns:w=3D"urn:schemas-microsoft-com:office:word"
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
charset=3DUS-ASCII">
<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List
href=3D"cid:filelist.xml@01C24573.0BA9D3F0">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:UseFELayout/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:PMingLiU;
panose-1:2 2 3 0 0 0 0 0 0 0;
mso-font-alt:\00B7s\00B2\00D3\00A9\00FA\00C5\00E9;
mso-font-charset:136;
mso-generic-font-family:roman;
mso-font-pitch:variable;
mso-font-signature:3 137232384 22 0 1048577 0;}
@font-face
{font-family:"\@PMingLiU";
panose-1:2 2 3 0 0 0 0 0 0 0;
mso-font-charset:136;
mso-generic-font-family:roman;
mso-font-pitch:variable;
mso-font-signature:3 137232384 22 0 1048577 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:PMingLiU;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
{margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:PMingLiU;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple
style=3D''tab-interval:.5in''>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>I am running the <span
class=3DSpellE>Shorewall</span> on the Bering
LRP with some success.
<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>1. After I configure all the <span
class=3DSpellE>config</span>
files or extract the sample files from the examples, the <span
class=3DSpellE>shorewall</span>
commands errors.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>/<span
class=3DSpellE>var/lib/shorewall/functions</span> does
not exist!<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>I feel like I am beating a dead horse, but I will
ask any
ways.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>I can not get my FTP to work <span
class=3DGramE>( I</span>
know "another one" ). I have read the docs several times and I am
missing something.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>These are all the files I have edited. The rest
are
untouched.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>The
setup:<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><span
style=3D''mso-tab-count:4''>
</span>(DMZ)<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>I>>>>><span
style=3D''mso-tab-count:1''>
</span>{64.123.80.50<span
class=3DGramE>} <span
style=3D''mso-spacerun:yes''> </span>[</span><span
class=3DSpellE>fw</span>]}
{192.168.1.254}>>>>>>{192.168.1.50}[FTP]<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>I can not believe it does not work. What am I
<span
class=3DGramE>missing.</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''># <span class=3DGramE>cat</span>
modules<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>##############################################################################<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''># <span
class=3DSpellE>Shorewall</span> 1.3 /etc/<span
class=3DSpellE>shorewall</span>/modules<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''># <span class=3DGramE>This</span>
file loads the modules
needed by the
firewall.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE><span class=3DGramE>loadmodule</span></span>
<span
class=3DSpellE>ip_tables</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE><span class=3DGramE>loadmodule</span></span>
<span
class=3DSpellE>iptable_filter</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE><span class=3DGramE>loadmodule</span></span>
<span
class=3DSpellE>ip_conntrack</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE><span class=3DGramE>loadmodule</span></span>
<span
class=3DSpellE>ip_conntrack_ftp</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE><span class=3DGramE>loadmodule</span></span>
<span
class=3DSpellE>ip_conntrack_irc</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE><span class=3DGramE>loadmodule</span></span>
<span
class=3DSpellE>iptable_nat</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE><span class=3DGramE>loadmodule</span></span>
<span
class=3DSpellE>ip_nat_ftp</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE><span class=3DGramE>loadmodule</span></span>
<span
class=3DSpellE>ip_nat_irc</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''># <span class=3DGramE>cat</span>
shore*<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>FW=3D<span
class=3DSpellE>fw</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>SUBSYSLOCK=3D/<span
class=3DSpellE>var/run/shorewall</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>STATEDIR=3D/<span
class=3DSpellE>tmp/shorewall</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>ALLOWRELATED=3Dyes<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>MODULESDIR=3D<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>LOGRATE=3D<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>LOGBURST=3D<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>LOGUNCLEAN=3Dinfo<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>LOGFILE=3D/<span
class=3DSpellE>var</span>/log/messages<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>NAT_ENABLED=3DYes<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>MANGLE_ENABLED=3DYes<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>IP_FORWARDING=3DOn<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>ADD_IP_ALIASES=3DYes<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>ADD_SNAT_ALIASES=3DNo<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>TC_ENABLED=3DNo<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>BLACKLIST_DISPOSITION=3DDROP<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>BLACKLIST_LOGLEVEL=3D<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>CLAMPMSS=3DNo<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>ROUTE_FILTER=3Dyes<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>NAT_BEFORE_RULES=3Dno<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>MULTIPORT=3DNo<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>DETECT_DNAT_IPADDRS=3DYes<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>MERGE_HOSTS=3DYes<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>MUTEX_TIMEOUT=3D60<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>LOGNEWNOTSYN=3D<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#LAST LINE -- DO NOT
REMOVE<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''># <span class=3DGramE>cat</span>
common<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>. /etc/<span
class=3DSpellE>shorewall/common.def</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DSpellE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>run_iptables</span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''> -A common
-p <span class=3DSpellE>udp</span> --sport 53 -<span
class=3DSpellE>mstate</span>
--state NEW -j DROP<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''># <span class=3DGramE>cat</span>
interfaces<o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>net</span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''> eth0 detect
filterping,norfc1918<o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DSpellE><span
class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>dmz</span></font></span></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''> eth1
detect<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#LAST LNE -- ADD YOUR ENTRIES BEFORE THIS ONE --
DO NOT
REMOVE<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''># <span class=3DGramE>cat</span>
<span
class=3DSpellE>masq</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#INTERFACE<span
style=3D''mso-spacerun:yes''>
</span>SUBNET<span
style=3D''mso-spacerun:yes''>
</span>ADDRESS<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>eth0<span
style=3D''mso-spacerun:yes''>
</span>eth1<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE --
<span
class=3DGramE>DO</span> NOT
REMOVE<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#SOURCE<span
style=3D''mso-spacerun:yes''>
</span>DEST<span
style=3D''mso-spacerun:yes''>
</span>POLICY<span
style=3D''mso-spacerun:yes''>
</span>LOG LEVEL<span
style=3D''mso-spacerun:yes''>
</span>LIMIT<span
class=3DGramE>:BURST</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DSpellE><span
class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>dmz</span></font></span></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span>net<span
style=3D''mso-spacerun:yes''>
</span>ACCEPT<o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>net</span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span>all<span
style=3D''mso-spacerun:yes''>
</span>DROP<span
style=3D''mso-spacerun:yes''>
</span>info<o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>all</span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>all</span><span
style=3D''mso-spacerun:yes''>
</span>REJECT<span
style=3D''mso-spacerun:yes''>
</span>info<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE --
<span
class=3DGramE>DO</span> NOT
REMOVE<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''># <span class=3DGramE>cat</span>
rules<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#<span class=3DGramE>ACTION<span
style=3D''mso-spacerun:yes''>
</span>SOURCE</span><span
style=3D''mso-spacerun:yes''>
</span>DEST<span
style=3D''mso-spacerun:yes''>
</span>PROTO<span
style=3D''mso-spacerun:yes''>
</span>DEST<span
style=3D''mso-spacerun:yes''>
</span>SOURCE<span
style=3D''mso-spacerun:yes''>
</span>ORIGINAL
<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#<span
style=3D''mso-spacerun:yes''>
</span>PORT<span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE>PORT</span>(S)<span
style=3D''mso-spacerun:yes''>
</span>DEST <o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>ACCEPT<span
style=3D''mso-spacerun:yes''> </span><span
class=3DSpellE>fw</span></span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span>net<span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>tcp</span><span
style=3D''mso-spacerun:yes''>
</span>53<o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>ACCEPT<span
style=3D''mso-spacerun:yes''> </span><span
class=3DSpellE>fw</span></span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span>net<span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>udp</span><span
style=3D''mso-spacerun:yes''>
</span>53<o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>ACCEPT<span
style=3D''mso-spacerun:yes''> </span><span
class=3DSpellE>dmz</span></span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>fw</span><span
style=3D''mso-spacerun:yes''>
</span><span
style=3D''mso-spacerun:yes''> </span><span
class=3DSpellE>tcp</span><span
style=3D''mso-spacerun:yes''>
</span>22<o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>ACCEPT<span
style=3D''mso-spacerun:yes''> </span><span
class=3DSpellE>dmz</span></span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span>net<span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>tcp</span><span
style=3D''mso-spacerun:yes''>
</span>53<o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>ACCEPT<span
style=3D''mso-spacerun:yes''> </span><span
class=3DSpellE>dmz</span></span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span>net<span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>upp</span><span
style=3D''mso-spacerun:yes''>
</span>53<o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>ACCEPT<span
style=3D''mso-spacerun:yes''> </span><span
class=3DSpellE>dmz</span></span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span>net<span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>icmp</span><span
style=3D''mso-spacerun:yes''>
</span>8<o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>ACCEPT<span
style=3D''mso-spacerun:yes''>
</span>net</span></font></span><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>dmz</span><span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>icmp</span><span
style=3D''mso-spacerun:yes''>
</span>8<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>DNAT<span
style=3D''mso-spacerun:yes''>
</span>net<span
style=3D''mso-spacerun:yes''>
</span>dmz<span
class=3DGramE>:192.168.1.50</span><span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE>tcp</span><span
style=3D''mso-spacerun:yes''>
</span>21<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>DNAT<span
style=3D''mso-spacerun:yes''>
</span>net<span
style=3D''mso-spacerun:yes''>
</span>dmz<span
class=3DGramE>:192.168.1.180</span><span
style=3D''mso-spacerun:yes''>
</span><span
class=3DSpellE>tcp</span><span
style=3D''mso-spacerun:yes''>
</span>80<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE --
<span
class=3DGramE>DO</span> NOT
REMOVE<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''># <span class=3DGramE>cat</span>
rout*<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#INTERFACE<span
style=3D''mso-spacerun:yes''>
</span>HOST(s)<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>eth1<span
style=3D''mso-spacerun:yes''>
</span>-<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE --
<span
class=3DGramE>DO</span> NOT
REMOVE<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#ZONE<span
style=3D''mso-spacerun:yes''>
</span>DISPLAY<span
style=3D''mso-spacerun:yes''>
</span>COMMENTS<span
style=3D''mso-spacerun:yes''>
</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>net</span></font></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>Net</span><span
style=3D''mso-spacerun:yes''>
</span>Internet<span
style=3D''mso-spacerun:yes''>
</span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><span class=3DSpellE><span
class=3DGramE><font size=3D2
face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''>dmz</span></font></span></span><font
size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;font-family:Arial''><span
style=3D''mso-spacerun:yes''>
</span><span class=3DSpellE>DMZ</span><span
style=3D''mso-spacerun:yes''>
</span>Demilitarized zone<span
style=3D''mso-spacerun:yes''>
</span><span
style=3D''mso-spacerun:yes''> </span><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span
style=3D''font-size:10.0pt;
font-family:Arial''>#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE -
<span
class=3DGramE>DO</span> NOT REMOVE
<o:p></o:p></span></font></p>
<p class=3DMsoAutoSig><b
style=3D''mso-bidi-font-weight:normal''><i
style=3D''mso-bidi-font-style:
normal''><u><font size=3D3 color=3D"#3366ff"
face=3D"Times New Roman"><span
style=3D''font-size:12.0pt;color:#3366FF;font-weight:bold;mso-bidi-font-weight:
normal;font-style:italic;mso-bidi-font-style:normal;mso-no-proof:yes''>D</span></font></u></i></b><span
style=3D''mso-no-proof:yes''><o:p></o:p></span></p>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New
Roman"><span style=3D''font-size:
12.0pt''><o:p> </o:p></span></font></p>
</div>
</body>
</html>
------_=_NextPart_001_01C2459C.F5371E00--
Tom Eastep
2002-Aug-17 13:43 UTC
[Shorewall-users] shorewall command can not find functions
On Fri, 16 Aug 2002, DeAngelo Rios wrote:> I am running the Shorewall on the Bering LRP with some success. > > 1. After I configure all the config files or extract the sample files from > the examples, the shorewall commands errors. > /var/lib/shorewall/functions does not exist! >You''re going to have to get help for this on the LEAF list -- it''s a problem with the way that you are trying to upgrade Shorewall (have you looked at the upgrade instructions on the Shorewall Errata/Upgrade Issue page?).> I feel like I am beating a dead horse, but I will ask any ways. > > I can not get my FTP to work ( I know "another one" ). I have read the docs > several times and I am missing something. > These are all the files I have edited. The rest are untouched. > > The setup: > (DMZ) > I>>>>> {64.123.80.50} [fw]} {192.168.1.254}>>>>>>{192.168.1.50}[FTP] > > I can not believe it does not work. What am I missing. >You are going to have to get a packet trace and look at the FTP conversation. The other case of this problem reported on the LEAF list turned out to be a broken FTP server. Reports of "... it does not work." evoke sympathy but not much help I''m afraid.> # cat modulesSince you are running on Bering, the contents of the modules file is irrelevant (Bering has a mononlithic kernel WRT netfilter). -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep
2002-Aug-18 20:22 UTC
[Shorewall-users] shorewall command can not find functions
On Sat, 17 Aug 2002, Tom Eastep wrote:> > > # cat modules > > Since you are running on Bering, the contents of the modules file is > irrelevant (Bering has a mononlithic kernel WRT netfilter). >Just took another look at the Bering web site and looks like the ftp conntrack and nat code IS modular -- what does "lsmod" show? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net