Hello I just installed new Firewall with the following : 1) CENTOS 4.1 Final - Kernel 2.6.9.11 2) Shorewall 2.4 3)webmin 1.2 (sometimes I use the GUI to give better visability) 4) two NIC setup (one of them connected to my router, and have aliased interfaces to have all my IPs - 16 IPs) (net) and the other NIC is connected to my 192.168.201 network (loc) when i add a new rule or modify an excisting rule, and issue 1) service shorewall restart 2) or use the GUI to apply configuraiton as I used to do with my old firewall Shorewall stops routing/briding to the net/loc in other words, I can not reach my servers when i restart the whole box, it works find So, I ended up whenever i modify or add a rule , I restart the firewall I do not know why this problem is happening N.B. I enabled IP_forward in /etc/sysctl.conf please advise Kind Regards Samer _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
On 7/14/05, samer Y. Azmy <samer_symantec@hotmail.com> wrote:> when i add a new rule or modify an excisting rule, and issue > 1) service shorewall restart > 2) or use the GUI to apply configuraiton > as I used to do with my old firewallThere is a problem with the 2.4 initialization scripts. Upgrading to 4.2.1 or using the Fedora rpm link on the Shorewall download page will probably resolve this. -Tom ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
> There is a problem with the 2.4 initialization scripts. Upgrading to > 4.2.1 or using the Fedora rpm link on the Shorewall download page will > probably resolve this.I meant 2.4.1. -Tom ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
Hello, Thank you for your fast reply I hate to tell you that I have done the upgrade to version 2.4.1.1 by rpm -Uvh shorewall-2.4.1-1.noarch.rpm at the following link http://www.invoca.ch/pub/packages/shorewall/2.4/shorewall-2.4.1/shorewall-2.4.1-1.noarch.rpm but still when i make any change at the rules,and apply the configurations, or issue shorewall restart or service shorewall restart still can not see my servers if i restart the whole machine , everything works fine please advice Kind Regards Samer>From: Tom Lisjac <netdxr@gmail.com> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: Re: [Shorewall-users] service shorewall restart >Date: Thu, 14 Jul 2005 17:35:38 -0600 > >On 7/14/05, samer Y. Azmy <samer_symantec@hotmail.com> wrote: > > > when i add a new rule or modify an excisting rule, and issue > > 1) service shorewall restart > > 2) or use the GUI to apply configuraiton > > as I used to do with my old firewall > >There is a problem with the 2.4 initialization scripts. Upgrading to >4.2.1 or using the Fedora rpm link on the Shorewall download page will >probably resolve this. > >-Tom > > >------------------------------------------------------- >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies >from IBM. Find simple to follow Roadmaps, straightforward articles, >informative Webcasts and more! Get everything you need to get up to >speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Hi Folks, I have a really strange behavior here. I put shorewall 2.4.1 with kernel 2.6.12-2 and iptables 3.1 using proxyarp to control traffic and connection of 4 complete classes. Everything works great, i know when a user is online or not (using arp -a and grep) etc etc . But now my router start to show in sometimes errors and looking from outside (ping in) a bigger time . With Shorewall in my firewall pinging over net my router show 32 ms 46 ms etc then 1090 ms 2000 ms then crash !!! Without shorewall everything goes fine without errors etc. This happend after i upgrade my kernel to 2.6.12-2 and iptables to 3.1 Any tip please ?? My router is a Xedia 1000 from Lucent Thanks ! Carlos Arnt. ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
Often RPM packages will not replace old configuration files when upgrading, for fear of overwriting user changes. I can''t speak for the initialization file, because I''m not sure if it''s considered configuration or system, but check and make sure that the initialization script is the 2.4.1 version. Usually RPMs will save newer files as .RPMNEW (or replaced files as .RPMSAVE). You will probably have one or the other in init.d - Matt> -----Original Message----- > From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users- > admin@lists.sourceforge.net] On Behalf Of samer Y. Azmy > Sent: Friday, July 15, 2005 8:11 AM > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] service shorewall restart > > Hello, > Thank you for your fast reply > > I hate to tell you that I have done the upgrade to version 2.4.1.1 > by rpm -Uvh shorewall-2.4.1-1.noarch.rpm > at the following link > http://www.invoca.ch/pub/packages/shorewall/2.4/shorewall-2.4.1/shorewall- > 2.4.1-1.noarch.rpm > > but still when i make any change at the rules,and apply the > configurations, > or issue shorewall restart > or > service shorewall restart > still can not see my servers > if i restart the whole machine , everything works fine > > please advice > > Kind Regards > Samer------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Samer wrote on 15/07/2005 09:10:45:> Hello, > Thank you for your fast reply > > > but still when i make any change at the rules,and apply theconfigurations,> or issue shorewall restart > or > service shorewall restart > still can not see my servers > if i restart the whole machine , everything works fine >time to ask for your configuration as stated in: http://www.shorewall.net/support.htm besides, what changes are you doing? regards, -- Eduardo Ferreira
Hello I uninstalled 2.5 and installed 2.2 but i still have the same problem I follow all the procedure at the support link , but no hope Does any one tried shorewall on CentOS 4.1 Final or in other words what is the recommended version to run with kernel 2.6.9.11 Kind Regards Samer>From: "Eduardo Ferreira" <duda@icatu.com.br> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: Re: [Shorewall-users] service shorewall restart >Date: Fri, 15 Jul 2005 09:52:30 -0300 > >Samer wrote on 15/07/2005 09:10:45: > > > Hello, > > Thank you for your fast reply > > > > > > but still when i make any change at the rules,and apply the >configurations, > > or issue shorewall restart > > or > > service shorewall restart > > still can not see my servers > > if i restart the whole machine , everything works fine > > >time to ask for your configuration as stated in: >http://www.shorewall.net/support.htm > >besides, what changes are you doing? > >regards, > >-- >Eduardo Ferreira_________________________________________________________________ Don''t just search. Find. Check out the new MSN Search! http://search.msn.com/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
On 7/15/05, samer Y. Azmy <samer_symantec@hotmail.com> wrote:> Does any one tried shorewall on CentOS 4.1 Final or in other words > what is the recommended version to run with kernel 2.6.9.11Shorewall 2.4.1 works fine with CentOS 4.1 and kernel version 2.6.9-11.EL. After issuing a shorewall restart, do you see: Activating Rules... Shorewall Started If not, what is the message you get? If so, what is the output of: /sbin/shorewall version ip addr show ip route show -Tom ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
Hello, May be it is the way, I recover my old rules, and setting I copy nat,zones,masq,rules from the old shorewall installation 1.2 to the new installation Does that cuz a problem ? Kind Regards Samer _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
On Friday 15 July 2005 05:36, Carlos Arnt wrote:> Hi Folks, > > I have a really strange behavior here. > > I put shorewall 2.4.1 with kernel 2.6.12-2 and iptables 3.1 using proxyarp > to control traffic and connection of 4 complete classes. >2.6.12 is so broken WRT netfilter that I wouldn''t run it on a firewall under any circumstances. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hello Tom Welcome back Man Do you think that is the reason of my problem If i boot the CentOS box running 2.6.9-11 shorewall runs fine if i issue shorewall restart or service shorewall restart it does not work, and stop routing Please advice Kind REgards Samer>From: Tom Eastep <teastep@shorewall.net> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: Re: [Shorewall-users] Router strange behavior... >Date: Fri, 15 Jul 2005 13:48:03 -0700 > >On Friday 15 July 2005 05:36, Carlos Arnt wrote: > > Hi Folks, > > > > I have a really strange behavior here. > > > > I put shorewall 2.4.1 with kernel 2.6.12-2 and iptables 3.1 using >proxyarp > > to control traffic and connection of 4 complete classes. > > > >2.6.12 is so broken WRT netfilter that I wouldn''t run it on a firewall >under >any circumstances. > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net >PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ><< attach3 >>_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click