Hello, I wonder what is the best technique for remote administration , and configuration for shorewall firewall Something else, I telnet to firewall, and try to run shorewall start or stop but it never works N.B. I hope that is not a stupid question , but sometimes it is needed, and I did not find anything related to that on the web site Kind Regards Samer Y. Azmy ________________________________ CONFIDENTIALITY NOTICE This message is intended only for the use of the individual(s) or entity(s) to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure under law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient,you are hereby notified that any dissemination,distribution or copying of this communication is strictlyprohibited. If you have received this communication in error, please notify us by reply e-mail and delete the original message from your computer. Thank you
On 22 Jun 2004 at 22:04, Samer Y. Azmy wrote:> Hello, > > I wonder what is the best technique for remote administration , and > configuration for shorewall firewall > > Something else, I telnet to firewall, and try to run shorewallstart> or stop but it never works > > N.B. I hope that is not a stupid question , but sometimes it is > needed, and I did not find anything related to that on the web siteI use ssh, as it seems to survive a shorewall restart. (not stop and start, as you mentioned). However, anytime you do this on a remote server you have to be very carefull, because you can lock yourself out. But with carefull attention to detail I have managed servers as far away as Australia with no problems in over a year. -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 ._______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/
John wrote on 22/06/2004 16:16:22:> On 22 Jun 2004 at 22:04, Samer Y. Azmy wrote: > > > Hello, > > > > I wonder what is the best technique for remote administration , and > > configuration for shorewall firewall[...]> > I use ssh, as it seems to survive a shorewall restart. > (not stop and start, as you mentioned). > > However, anytime you do this on a remote server you have > to be very carefull, because you can lock yourself out.I use ssh too, but as I''m on the ADMINABSENTMINDED=YES side ;-), I usually put 1 or 2 ips in the routestopped file, so that I can reach my server, just in case any problem happens... ________________________ Eduardo Ferreira Icatu Holding S.A. Supervisor de TI (5521) 3804-8606
Samer Y. Azmy wrote:> Something else, I telnet to firewall, and try to run shorewall start or stop but it never worksIf you "shorewall stop", don''t have ADMINISABSENTMINDED=Yes and don''t have the client listed in /etc/shorewall/routestopped then you are dead. Also, one of the cardinal rules of remote administration is to not use telnet but rather to use ssh instead. The "shorewall try" command was also designed with remote administration in mind; if things go wrong, the default configuration is restored. Finally, if you are using Shorewall 2.0.2 or later then before making a change and with shorewall running, do "shorewall save"; that way, if "shorewall restart" with your changes fails then the previous config will be quickly restored. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net