Hello, I''m facing a strange problem... ns300321:/etc/shorewall# shorewall safe-start Compiling... Opening /proc/modules: No such file or directory Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... Determining Hosts in Zones... Preprocessing Action Files... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Compiling /etc/shorewall/policy... Compiling /etc/shorewall/blacklist... Adding Anti-smurf Rules Compiling /usr/share/shorewall/rfc1918... Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling /etc/shorewall/tos... ERROR: Unknown Interface (wan) : /etc/shorewall/tos (line 9) If i switch to shorewall-shell, everything works fine. It seems that zones are not read at the good time... ns300321:/etc/shorewall# shorewall status Shorewall-4.0.1 Status at ns300321.ovh.net - samedi 4 août 2007, 01:09:51 (UTC+0200) Shorewall is running State:Started (samedi 4 août 2007, 01:09:23 (UTC+0200)) ns300321:/etc/shorewall# more zones # # Shorewall version 4 - Zones File # # For information about this file, type "man shorewall-zones" # # For more information, see http://www.shorewall.net/Documentation.htm#Zones # ############################################################################### #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall wan ipv4 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE ns300321:/etc/shorewall# more tos # # Shorewall version 3.4 - Tos File # # For information about entries in this file, type "man shorewall-tos" # ############################################################################### #SOURCE DEST PROTOCOL SOURCE DEST TOS # PORTS PORTS fw wan tcp 22 - 16 fw wan tcp 3306 - 16 fw wan tcp 80 - 2 #LAST LINE -- Add your entries above -- DO NOT REMOVE Could you check everything is fine in the source code? Best regards. Jerome Blion. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Jérôme Blion wrote:> > Compiling /etc/shorewall/tos... > ERROR: Unknown Interface (wan) : /etc/shorewall/tos (line 9) > > If i switch to shorewall-shell, everything works fine. > It seems that zones are not read at the good time... > > Could you check everything is fine in the source code?The code is fine. You didn''t read the release notes and/or http://www.shorewall.net/Shorewall-perl.html (or you didn''t read them carefully enough). Shorewall-perl and Shorewall-shell are *not* 100% compatible. In fact, both documents that I mention above contain a list of approximately 20 differences in the two compilers and both documents describe the incompatibility in the TOS file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Tom Eastep a écrit :> Jérôme Blion wrote: > >> Compiling /etc/shorewall/tos... >> ERROR: Unknown Interface (wan) : /etc/shorewall/tos (line 9) >> >> If i switch to shorewall-shell, everything works fine. >> It seems that zones are not read at the good time... >> >> Could you check everything is fine in the source code? >> > > The code is fine. You didn''t read the release notes and/or > http://www.shorewall.net/Shorewall-perl.html (or you didn''t read them > carefully enough). > > Shorewall-perl and Shorewall-shell are *not* 100% compatible. In fact, > both documents that I mention above contain a list of approximately 20 > differences in the two compilers and both documents describe the > incompatibility in the TOS file. > > -Tom >Hello, Ok, I read the documentation. Replacing fw by $FW and wan by all works fine. I understood that it will be not possible anymore to set up differents rulesets in tos file by zone. Am I right? Jerome. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Jérôme Blion wrote:> > > Ok, I read the documentation. Replacing fw by $FW and wan by all works fine. > I understood that it will be not possible anymore to set up differents > rulesets in tos file by zone. Am I right?If eth0 is your wan interface, you can do the following: #SOURCE DEST PROTOCOL SOURCE DEST TOS # PORTS PORTS $FW eth0 tcp 22 - 16 $FW eth0 tcp 3306 - 16 $FW eth0 tcp 80 - 2 #LAST LINE -- Add your entries above -- DO NOT REMOVE -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/