Sorry for the somewhat silly question, but I''m confused. Some time ago, when I was using 2.x, I used to add some required modules to /etc/shorewall/modules. Later I did not need these additions any more. Now I am using 3.2.3 on FC4 and I need to add a couple of modules, but I can''t find the file /etc/shorewall/modules. It is still documented on the page http://shorewall.net/Documentation.htm#modules but the file isn''t there. I did "rpm -ql shorewall" and found the files: /usr/share/shorewall/modules and /usr/share/shorewall/xmodules, but I suppose that they are not intended to be modified by the user. Can someone enlighten me? Thanks Elio ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Elio Tondo wrote:> Sorry for the somewhat silly question, but I''m confused. > > Some time ago, when I was using 2.x, I used to add some required modules > to /etc/shorewall/modules. Later I did not need these additions any more. > Now I am using 3.2.3 on FC4 and I need to add a couple of modules, but > I can''t find the file /etc/shorewall/modules. It is still documented on the page > http://shorewall.net/Documentation.htm#modules but the file isn''t there.The documentation is out of date.> > I did "rpm -ql shorewall" and found the files: /usr/share/shorewall/modules > and /usr/share/shorewall/xmodules, but I suppose that they are not > intended to be modified by the user. Can someone enlighten me?For an explaination of these two files, see the release notes. If you need to make changes, copy whichever file you need (probably /usr/share/shorewall/modules) to /etc/shorewall/modules and modify the copy. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
I have some nat with yes in local and all interfaces and work well, but if apply redirect por squid transparent dont work http conecction. Redirect lan 3328 tcp www !lan_ips,wan_ip Howto exclude lan and wan IP for proxy and work nat well with http request o.o? ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Tom Eastep wrote:> The documentation is out of date. > .. > For an explaination of these two files, see the release notes.Thanks.> If you need to make changes, copy whichever file you need > (probably /usr/share/shorewall/modules) to /etc/shorewall/modules > and modify the copy.Done; I used xmodules because I''m running kernel-2.6.17. I simply added the two modules required pptp support because I have some users that need to concurrently connect to a remote VPN server. Thanks again Elio p.s.: is it normal receiving bounces from users having mailbox problems when posting to this list? I just received a bounce of my message from a server in China... ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Rodrigo Cortes wrote:> I have some nat with yes in local and all interfaces and work well, > but if apply redirect por squid transparent dont work http conecction. > > Redirect lan 3328 tcp www !lan_ips,wan_ip > > > Howto exclude lan and wan IP for proxy and work nat well with http request > o.o?Please supply the problem documentation requested at http://www.shorewall.net/support.htm. Also please give us complete details about what doesn''t work (source IP address and destination IP address). Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Elio Tondo wrote:> p.s.: is it normal receiving bounces from users having mailbox > problems when posting to this list? I just received a bounce of > my message from a server in China...No that is not normal. But it is sometimes typical. It indicates a broken mail transfer agent from the system you received the bounce from, not from this mailing list. Mailing list messages are all sent with a "Precedence: list" or "Precedence: bulk" header. That header informs correctly operating MTAs not to generate a bounce if the message cannot be delivered. Additionally and Errors-To: header is added so that regardless of the previous that if errors are to be reported that they should go to the -bounces address. So the MTA has two problems in the case that you saw. By my observation this mailing list is configured properly. It includes the required headers. But users are subscribed to the list from sites with broken configurations. Those other sites are most often the source of the trouble. I see this problem on other lists periodically as well. I always generate as nice and polite of a note that I can and send it to the postmaster at the misconfigured site. I inform them of the problem and hope that they will take action. Usually they don''t though. As a mailing list administrator on other lists I will suspend delivery to subscribers with this problem active until the problem gets resolved. So on those other lists I always appreciate a note to the -owner address informing me of the problem so that I can deal with it. Now here I am going really out on a limb because I have not tested this properly but... I believe if you "bounce" the message to the mailing list -bounces address that Mailman will process the bounce as a normal bounce as if it had gone to the Errors-To address in the first place, as if the problem MTA had done half of the right thing in the first place. It should extract the problem user and handle it as it would any account that starts generating bounces and automatically suspend delivery. It takes several bounces before Mailman will do this but this would save other users from the continuing problem. If I am wrong in this analysis I would appreciate a correction. Bob ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Wong Chee Chun
2006-Sep-07 18:13 UTC
Re: mailing list administrivia (was: /etc/shorewall/modules)
yeah..i got that email bounce from china too. i think you should report it to sourceforge.net. On 9/8/06, Bob Proulx <bob@proulx.com> wrote:> Elio Tondo wrote: > > p.s.: is it normal receiving bounces from users having mailbox > > problems when posting to this list? I just received a bounce of > > my message from a server in China... > > No that is not normal. But it is sometimes typical. It indicates a > broken mail transfer agent from the system you received the bounce > from, not from this mailing list. > > Mailing list messages are all sent with a "Precedence: list" or > "Precedence: bulk" header. That header informs correctly operating > MTAs not to generate a bounce if the message cannot be delivered. > Additionally and Errors-To: header is added so that regardless of the > previous that if errors are to be reported that they should go to the > -bounces address. So the MTA has two problems in the case that you > saw. > > By my observation this mailing list is configured properly. It > includes the required headers. But users are subscribed to the list > from sites with broken configurations. Those other sites are most > often the source of the trouble. > > I see this problem on other lists periodically as well. I always > generate as nice and polite of a note that I can and send it to the > postmaster at the misconfigured site. I inform them of the problem > and hope that they will take action. Usually they don''t though. > > As a mailing list administrator on other lists I will suspend delivery > to subscribers with this problem active until the problem gets > resolved. So on those other lists I always appreciate a note to the > -owner address informing me of the problem so that I can deal with it. > > Now here I am going really out on a limb because I have not tested > this properly but... I believe if you "bounce" the message to the > mailing list -bounces address that Mailman will process the bounce as > a normal bounce as if it had gone to the Errors-To address in the > first place, as if the problem MTA had done half of the right thing in > the first place. It should extract the problem user and handle it as > it would any account that starts generating bounces and automatically > suspend delivery. It takes several bounces before Mailman will do > this but this would save other users from the continuing problem. If > I am wrong in this analysis I would appreciate a correction. > > Bob > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Tom Eastep wrote:> Wong Chee Chun wrote: >> yeah..i got that email bounce from china too. i think you should >> report it to sourceforge.net. >> > > Paul & Matt, > > It appears that I am the only person posting on this list who is capable of > looking at https://lists.sourceforge.net/lists/listinfo/shorewall-users to > determine who the mailing list admins are for the list and who is also capable > of sending the admins a post to report this problem.Everyone, please note that the correct address for reporting any problems with sourceforge.net mailing lists is just the list name with "-owner" appended to the user name part. So for this list, it''s shorewall-users-owner@lists.sourceforge.net Matt and i both receive any emails sent to this address, so you don''t have to know more than one address, and we don''t have to get duplicate emails. Note that this applies to *all SourceForge.net mailing lists*, not just shorewall-users, and also to the vast majority of Mailman lists in the known universe. As Tom implies, **it shouldn''t be that hard** to work out whom to contact. If you''ve used Linux, you''ve probably used a Mailman mailing list, and you should know how to contact the list owner.> Will one of you please disable list mail delivery to ygabc2008@sina.com so that > we can stop this moaning and groaning about bounces from that address.I looked at this when requested and found that the address given above was not subscribed. The one that came the closest was ygabc@263.net, which while similar, i wasn''t prepared to unsubscribe just on the assumption that it was the same person. I will temporarily disable mail delivery to that account to see if it solves the problem. Please report its success or failure to shorewall-users-owner@lists.sourceforge.net (not to the list!). Thanks, Paul -- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Any personal information in this e-mail must be handled in accordance with the provisions of the Privacy Act 1988. Any views or opinions expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views or opinions of Redlands College (ABN 66 822 314 68). Any use of information in this message for sales or marketing purposes without a current business relationship with the sender is expressly forbidden. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642