Hi, I have a firewall in Fedora Core 9 with shorewall using NAT one to one, this linux box have four ethernet interfaces. This linux Box is a Pentium 4 HT 3.0 ghz, 4 Gb RAM. 4 Nic´s 82541GI Gigabit Ethernet Controller. The problem is, some times, the firewall remains inhibited and not give response to some connection. If you try to restart shorewall in the linux box, shorewall does not stop, do not responding. I am reading the log files from O/S "/var/log/messages - /var/log/dmesg and others", to discard a hardware problem. I increase the parameters in /proc net.netfilter.nf_conntrack_max = 262144 net.nf_conntrack_max = 262144 but i don´t found some positive result. -- Saludos / Regards Ricardo Morón ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Robert K Coffman Jr. -Info From Data Corp.
2008-Nov-11 02:44 UTC
Re: NAT one to one problem
>shorewall does not stop, do not responding.Does anything at all happen when you try to restart Shorewall? I''m not sure what is going on, but this doesn''t sound like a Shorewall problem. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Hi, when it type: service shorewall restart shorewall never stop it, if i want to restart the machie typing the command "reboot", the linux box become freeze in "stopping shorewall" and not shutdown. I have to push the power button and again turn on the machine. This firewall handle very, very connections. I don´t know what to do. 2008/11/10 Robert K Coffman Jr. -Info From Data Corp. < bcoffman@infofromdata.com>> >shorewall does not stop, do not responding. > Does anything at all happen when you try to restart Shorewall? > > > I''m not sure what is going on, but this doesn''t sound like a Shorewall > problem. > > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >-- Saludos / Regards Ricardo Morón ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
On Tue, Nov 11, 2008 at 08:31:41AM -0430, Ricardo Morón wrote:> Hi, > > when it type: service shorewall restart >What about if you use ''/sbin/shorewall restart''? Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
I just had to rebuild my gateway system due to a similar problem that ended up being A failed hard drive. From: Ricardo Morón [mailto:ricardomoron@gmail.com] Sent: Wednesday, 12 November 2008 12:02 AM To: Shorewall Users Subject: Re: [Shorewall-users] NAT one to one problem Hi, when it type: service shorewall restart shorewall never stop it, if i want to restart the machie typing the command "reboot", the linux box become freeze in "stopping shorewall" and not shutdown. I have to push the power button and again turn on the machine. This firewall handle very, very connections. I don´t know what to do. 2008/11/10 Robert K Coffman Jr. -Info From Data Corp. <bcoffman@infofromdata.com>>shorewall does not stop, do not responding.Does anything at all happen when you try to restart Shorewall? I''m not sure what is going on, but this doesn''t sound like a Shorewall problem. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Saludos / Regards Ricardo Morón ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Ricardo Morón wrote:> Hi, > > when it type: service shorewall restart > > shorewall never stop it, if i want to restart the machie typing the > command "reboot", the linux box become freeze in "stopping shorewall" > and not shutdown. I have to push the power button and again turn on the > machine. >When this occurs, can you run ANY programs? Remember that Shorewall is not something that runs continuously in your system; it is just a configuration tool. Once ''service shorewall start'' (/sbin/shorewall start) completes, there is no Shorewall code running in your system at all. So whatever is happening in your system after that is not Shorewall-related. Junky ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
> when it type: service shorewall restart > shorewall never stop it, if i want to restart the machie typing > the command "reboot", the linux box become freeze in "stopping > shorewall" and not shutdown. I have to push the power button > and again turn on the machine. > This firewall handle very, very connections. > I don´t know what to do.This sounds like a hardware problem. (It''s very clear it''s not a Shorewall problem.) Some BUT NOT ALL hardware problems can be detected by a Linux kernel and make a log entry that you can see with dmesg. Just because there''s no log entry doesn''t necessarily mean there''s no hardware problem. You may need to get some help - pulling in an acquaintance that''s familiar with the insides of a computer may be worthwhile even if you have to pay them a "consulting fee" (a case of premium beer? a gift certificate at your local pizza parlor? - $50?). Try to remember what might have changed right around the time the problems started. If any hardware was added or replaced recently, concentrate on the possibility that job wasn''t done quite right. Look especially for incompletely seated wire connectors and circuit board edge connectors. If the problem isn''t yet obvious, I have a couple other suggestions (in order) for you: 1) Shut the computer off, power it off if it isn''t already, and open the cover. Take out all the RAM sticks (remember which way they go in), clean the contacts by briefly rubbing from one end to the other with a _SOFT_ pencil eraser, change the order (for example stick1->stick2 and stick2->stick1), and put them back in. (The idea is to rub any invisible dirt and grime and corrosion off the connector pads near the edge; you do NOT want to rub so hard you damage the connector pads or the "wires" that connect to them or the protective coating over most of the stick. Things that were "shiny" when you started should still be "shiny". Using a _soft_ pencil eraser as a cleaning tool works pretty well; just remember your goal is _not_ to actually "erase" the connector pads.) Then put the cover back on, boot up the machine, and see if it works any better. 1b) If it still doesn''t work, shut it down and do a more thorough cleaning and reseating. One by one unplug each of the network connectors (in back, _out_side the box) and plug it right back in. Take the cover off again. For every connector on every ribbon cable, push it with your finger to be sure it''s completely seated (these connectors are sometimes fairly difficult to put back in place, are often easy to accidentally reverse, and may only fit if the cables are routed one exact way - so don''t disconnect them by pulling if you don''t feel 100% comfortable with them). If there are thin cables to the disks, unplug _one_end_at_a_time_ (one end will be a disk, the other will be a circuit board) and plug it right back in. Push on every other connector you can see (power, etc.?-) to make sure it''s fully seated. Push on the top of each of the printed circuit boards that stands up and connects out the back of the machine (PCI cards?) to be sure it''s fully seated in its edge connector at the bottom (these edge connectors take a non-trivial amount of force to seat, so you have to push fairly hard, not so hard that you break the circuit board though); if they are already fully seated as they ideally should be, nothing will happen - nothing will move at all. Use a vacuum with a small diameter PLASTIC nozzle that will neither cause shorts nor scratch anything nor break anything (and will fit in all the crevices) to remove all the dust from inside the computer. Finally if there''s a filter screen over the fan (there might not be), remove it and wash all the dust off with water in a sink, shake as much water off as you can, and put it back in. Ideally if the computer is more than three years old take out the old fan and replace it with a brand new one. Then put the cover back on, boot up the machine, and see if it works any better. 2) Swap in a different computer. First see if you can remove the system disk drive from the old computer and put it in the new computer so you still have the old software. If that won''t work, a second alternative is if the old computer has a writable CD drive, you may be able to write an "image" of its system disk with some bootable imaging software (Acronis, etc.) onto several CDs, then boot the same image software on the new computer and read the image onto a new disk. If that won''t work either, use your "emergency backup" (you do have one, right?-) If all else fails, you may need to reinstall all the software from scratch. (If the old computer is clearly hopeless and you''ve gotten as much off it as you can and you can''t find a replacement lying around and you can''t get somebody to spend the money for a new replacement, one possibility is to treat it analogous to how you would deal with a cracked windshield in a car by "fixing" it with a hammer [for a computer a couple sprays with a plain water misting bottle when the computer is powered on can cause lots of invisible shorts].) thanks! -Chuck Kollars ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Run OpenVpn have configured 2 tunnels. Another tip. For externals reasons, also configured in shorewall, settings in masq file, this setting http://www.shorewall.net/FAQ.htm#faq2. Shorewall documentation says: Never write in the masq file if you are usin nat one to one? May be the problem? 2008/11/11 Shorewall Junky <shorewalljunky@comcast.net>> Ricardo Morón wrote: > > Hi, > > > > when it type: service shorewall restart > > > > shorewall never stop it, if i want to restart the machie typing the > > command "reboot", the linux box become freeze in "stopping shorewall" > > and not shutdown. I have to push the power button and again turn on the > > machine. > > > > When this occurs, can you run ANY programs? > > Remember that Shorewall is not something that runs continuously in your > system; it is just a configuration tool. Once ''service shorewall start'' > (/sbin/shorewall start) completes, there is no Shorewall code running in > your system at all. So whatever is happening in your system after that > is not Shorewall-related. > > Junky > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Saludos / Regards Ricardo Morón ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Ricardo Morón wrote:> Run OpenVpn have configured 2 tunnels. > > Another tip. For externals reasons, also configured in shorewall, > settings in masq file, this setting > > http://www.shorewall.net/FAQ.htm#faq2. > > Shorewall documentation says: Never write in the masq file if you are > usin nat one to one?Where do you believe that is says that? Entries in the /etc/shorewall/nat file take precedence over those in /etc/shorewall/masq. I personally have both.> > May be the problem?I don''t believe that any of us knows of a way that Shorewall mis-configuration can cause you to lose control of your system to the point that you have to power it off and on to regain control. So, no; that is not the problem. Geek ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/