Hi! Today I have the opportunity to update a machine which is still running 1.1.13. But right now I don´t get it up`n`running. Our setup is like this: Three interfaces on the shorewall box, eth0 points to 4 subnets of 192.168.10 eth1 points to the DMZ eth2 points to the router for the leased line. eth0 and eth1 are marked multi in the zones file; the host files seems no longer needed. But when restarting shorewall I get warnings about empty zones, is this ok? It seems that the empty zone are processed by the forward chain? Any hint to get started highly appreciated :) Thanks, Christian -- we reject: kings, presidents, religions we accept: working code
Christian Lox wrote:> Hi! > > Today I have the opportunity to update a machine which is still > running 1.1.13. > But right now I don´t get it up`n`running. > Our setup is like this: > Three interfaces on the shorewall box, > eth0 points to 4 subnets of 192.168.10 > eth1 points to the DMZ > eth2 points to the router for the leased line. > > eth0 and eth1 are marked multi in the zones file; the host files > seems no longer needed.If you had a hosts file before, you still need one.> But when restarting shorewall I get warnings about empty zones, is > this ok? >Usually not a good thing.> It seems that the empty zone are processed by the forward chain?Yes -- and they are processed by the all->all policy which usually is DROP or REJECT.> > Any hint to get started highly appreciated :) >If you had a a hosts file previously, you will need one now and all interface and zone names contained in the file must also be defined in the zones or interfaces file respectively. Also be sure to read the Upgrade Issues (http://www.shorewall.net/upgrade_issues.htm) about changes in the format of some rules. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net