Hi everyone! I''ve been setting up a leaf system with shorewall on it, but it doesn''t really work. I''ve followed the next steps to configure it: www.shorewall.net/3.0/NewBridge.html this with a few modification because both interface are in the local network : loc and the idea is to have a server on one side and an ordinary computer accessing the server for instance only by port:80 btw : this is only for testing purposes As attachment I''ve included the trace.. Greetings Tom ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Tom Hendrickx wrote:> Hi everyone! > > I''ve been setting up a leaf system with shorewall on it, but it doesn''t > really work. I''ve followed the next steps to configure it: > > www.shorewall.net/3.0/NewBridge.html > > this with a few modification because both interface are in the local > network : loc and the idea is to have a server on one side and an > ordinary computer accessing the server for instance only by port:80 > btw : this is only for testing purposes > > As attachment I''ve included the trace..From the trace: ERROR: Invalid zone definition for zone loc That error means that you are either: a) trying to define the zone ''loc'' in both the /etc/shorewall/interfaces and /etc/shorewall/hosts files interfaces loc br0 ... hosts loc br0:192.168.1.0/24 ... or b) have entries such as follows in /etc/shorewall/hosts: loc br0:0.0.0.0/0 loc br0:192.168.1.0/24 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Hi, Citeren Tom Eastep <teastep@shorewall.net>:> Content-Type: text/plain; charset=ISO-8859-1; format=flowed > Content-Transfer-Encoding: quoted-printable > > Tom Hendrickx wrote: >> Hi everyone! >> >> I''ve been setting up a leaf system with shorewall on it, but it >> doesn''t really work. I''ve followed the next steps to configure it: >> >> www.shorewall.net/3.0/NewBridge.html >> >> this with a few modification because both interface are in the local >> network : loc and the idea is to have a server on one side and an >> ordinary computer accessing the server for instance only by port:80 >> btw : this is only for testing purposes >> >> As attachment I''ve included the trace.. > > From the trace: > > ERROR: Invalid zone definition for zone loc > > That error means that you are either: > > a) trying to define the zone ''loc'' in both the > /etc/shorewall/interfaces and /etc/shorewall/hosts files > > interfaces > > loc br0 ... > > hosts > > loc br0:192.168.1.0/24 ... > > or > > b) have entries such as follows in /etc/shorewall/hosts: > > loc br0:0.0.0.0/0 > loc br0:192.168.1.0/24 > > -Tommy entries are almost exactly like in the example www.shorewall.net/3.0/NewBridge.html only in the hosts I''ve not used any exceptions and for interfaces I''ve used standard options out of leaf and followed www.shorewall.net/SimpleBridge.html My interfaces file looks like this: #ZONE INTERFACE BROADCAST OPTIONS loc br0 192.168.1.255 routeback,dhcp,routefilter,norfc1918 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE and my hosts file like this: #ZONE HOST(S) OPTIONS loc br0:192.168.1.0/24 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE thx for the reply! Tom> -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > >------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Tom Hendrickx wrote:> > my entries are almost exactly like in the example > www.shorewall.net/3.0/NewBridge.html > only in the hosts I''ve not used any exceptions > and for interfaces I''ve used standard options out of leaf and followed > www.shorewall.net/SimpleBridge.htmlYou can''t mix and match between those two articles and expect it to work. You either need to restrict connections through your bridge or you don''t -- there''s no middle ground.> > > My interfaces file looks like this: > #ZONE INTERFACE BROADCAST OPTIONS > loc br0 192.168.1.255 > routeback,dhcp,routefilter,norfc1918 > #LAST LINE -- ADD YOUR ENTRIES > BEFORE THIS ONE -- DO NOT REMOVE and my hosts file like this: > #ZONE HOST(S) OPTIONS > loc br0:192.168.1.0/24 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO > NOT REMOVE> thx for the reply! That configuration makes no sense and Shorewall is telling you that. The entry in /etc/shorewall/hosts is redundant since you have already defined the ''loc'' zone to include ALL hosts routed through br0. What possible value could the entry in /etc/shorewall/hosts add? Nothing! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace