Hi, I try to configure Shorewall on an OpenBrick. the server is on the net, and i''ve only a ssh access, (no physical/console) I''ve many problems to configure it : i loose my ssh when doing "service shorewall start" and must ask for a reboot which can take upn to 2 days :-(. If someone could explain what i''m doing wrong, i would be definetly thanksfull... Here are my config files : routestopped contains my IP. ------------ "shorewall stop" works fine => everything is dropped, but i still have ssh acc?s. My problem is only when doing shorewall start. rules : ------- ACCEPT net loc tcp 20,21,22,25,42,53,80,110,10000 - ACCEPT loc net tcp 20,21,22,25,42,53,80,110,10000 - ACCEPT net fw tcp 20,21,22,25,42,53,80,110,10000 - ACCEPT fw net tcp 20,21,22,25,42,53,80,110,10000 - ACCEPT net loc udp 20,21,22,25,42,53,80,110,10000 - ACCEPT loc net udp 20,21,22,25,42,53,80,110,10000 - ACCEPT net fw udp 20,21,22,25,42,53,80,110,10000 - ACCEPT fw net udp 20,21,22,25,42,53,80,110,10000 - zones : ------- net Net Internet loc Local Local networks dmz DMZ Demilitarized zone & of course fw as defined in main config file. dmz & loc are useless i think, but i haven''t tried them for instance. policy : -------- loc net ACCEPT net all DROP info all all REJECT info In my logs, i''ve : Jun 13 09:49:15 ccn kernel: Shorewall:INPUT:REJECT:IN=eth0 OUT= MAC=00:e0:4c:40:04:21:00:80:c8:ca:d9:d9:08:00 SRC=213.41.155.35 DST=80.67.180.196 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=63194 DF PROTO=TCP SPT=32934 DPT=110 WINDOW=5808 RES=0x00 SYN URGP=0 Note : i''m under Mandrake 9.0, but NO graphic install, and configuring only with vi /etc/... -- Paul POULAIN Consultant ind?pendant en logiciels libres responsable francophone de koha (SIGB libre http://www.koha-fr.org)
Could you give us the interfaces file ? Thx Nicolas Helleringer Wanadoo Maps 47 rue de Charonne 75011 Paris T?l : +33 1 48 07 58 55 -----Message d''origine----- De : paul POULAIN [mailto:paul.poulain@free.fr] Envoy? : lundi 16 juin 2003 11:29 ? : shorewall-users@lists.shorewall.net Objet : [Shorewall-users] config problem, but where ? Hi, I try to configure Shorewall on an OpenBrick. the server is on the net, and i''ve only a ssh access, (no physical/console) I''ve many problems to configure it : i loose my ssh when doing "service shorewall start" and must ask for a reboot which can take upn to 2 days :-(. If someone could explain what i''m doing wrong, i would be definetly thanksfull... Here are my config files : routestopped contains my IP. ------------ "shorewall stop" works fine => everything is dropped, but i still have ssh acc?s. My problem is only when doing shorewall start. rules : ------- ACCEPT net loc tcp 20,21,22,25,42,53,80,110,10000 - ACCEPT loc net tcp 20,21,22,25,42,53,80,110,10000 - ACCEPT net fw tcp 20,21,22,25,42,53,80,110,10000 - ACCEPT fw net tcp 20,21,22,25,42,53,80,110,10000 - ACCEPT net loc udp 20,21,22,25,42,53,80,110,10000 - ACCEPT loc net udp 20,21,22,25,42,53,80,110,10000 - ACCEPT net fw udp 20,21,22,25,42,53,80,110,10000 - ACCEPT fw net udp 20,21,22,25,42,53,80,110,10000 - zones : ------- net Net Internet loc Local Local networks dmz DMZ Demilitarized zone & of course fw as defined in main config file. dmz & loc are useless i think, but i haven''t tried them for instance. policy : -------- loc net ACCEPT net all DROP info all all REJECT info In my logs, i''ve : Jun 13 09:49:15 ccn kernel: Shorewall:INPUT:REJECT:IN=eth0 OUT= MAC=00:e0:4c:40:04:21:00:80:c8:ca:d9:d9:08:00 SRC=213.41.155.35 DST=80.67.180.196 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=63194 DF PROTO=TCP SPT=32934 DPT=110 WINDOW=5808 RES=0x00 SYN URGP=0 Note : i''m under Mandrake 9.0, but NO graphic install, and configuring only with vi /etc/... -- Paul POULAIN Consultant ind?pendant en logiciels libres responsable francophone de koha (SIGB libre http://www.koha-fr.org) _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Nicolas Helleringer wrote:>Could you give us the interfaces file ? > >Empty. Seems you''ve found the problem, shouldn''t it be something like : net eth0 detect ? (as in my personnal computer) If someone confirm, i''ll try and hope i won''t need a "call-for-manual-reboot" :-) -- Paul POULAIN Consultant ind?pendant en logiciels libres responsable francophone de koha (SIGB libre http://www.koha-fr.org)
Hum ... perhaps you souhld read the docs/faqs and above all mini howto more deeply to understand how to configure shorewall correctly Follow the guidelines Do not miss some files In fact you should have your interfaces in the interfaces files (does this make on sense ? :) B sure not to leave any stage of the configuration steps untouched. go visit http://www.shorewall.net more deeply Nicolas Helleringer Wanadoo Maps 47 rue de Charonne 75011 Paris T?l : +33 1 48 07 58 55 -----Message d''origine----- De : paul POULAIN [mailto:paul.poulain@free.fr] Envoy? : lundi 16 juin 2003 12:09 ? : Nicolas Helleringer Cc : shorewall-users@lists.shorewall.net Objet : Re: RE : [Shorewall-users] config problem, but where ? Nicolas Helleringer wrote:>Could you give us the interfaces file ? > >Empty. Seems you''ve found the problem, shouldn''t it be something like : net eth0 detect ? (as in my personnal computer) If someone confirm, i''ll try and hope i won''t need a "call-for-manual-reboot" :-) -- Paul POULAIN Consultant ind?pendant en logiciels libres responsable francophone de koha (SIGB libre http://www.koha-fr.org)
Nicolas Helleringer wrote:>Hum ... perhaps you souhld read the docs/faqs and above all mini howto more deeply to understand >how to configure shorewall correctly >Follow the guidelines >Do not miss some files > >In fact you should have your interfaces in the interfaces files (does this make on sense ? :) >B sure not to leave any stage of the configuration steps untouched. > >I did. I even have print the french version of "Standalone firewall" doc. I just missed the interfaces file. As they had been correctly created on my "home" shorewall install, that works fine, i didn''t checked on my "OpenBrick" installation. Anyway, now it works :-) Many thanks. -- Paul POULAIN Consultant ind?pendant en logiciels libres responsable francophone de koha (SIGB libre http://www.koha-fr.org)