Hello list, Im testing shorewall in a Fedora Core 9,and am having the following problem: When the machine starts the shorewall removes the entries from the routing table of the kernel, and for this reason can not make connections. After running "service network restart" everything works perfectly. Does anyone have any tips? Thank you. Sorry for the poor English. ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB
Darvin Denmian wrote:> Hello list, > > Im testing shorewall in a Fedora Core 9,and am having the following problem: > When the machine starts the shorewall removes the entries from the > routing table of the kernel, and for this reason can not make > connections. > After running "service network restart" everything works perfectly. > Does anyone have any tips?This is Shorewall FAQ 49. ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB
Thanks for reply ! ---------- Forwarded message ---------- From: Shorewall Guy <shorewalljunky@comcast.net> Date: Fri, Jan 9, 2009 at 1:41 PM Subject: Re: [Shorewall-users] Single Route To: Shorewall Users <shorewall-users@lists.sourceforge.net> Darvin Denmian wrote:> Hello list, > > Im testing shorewall in a Fedora Core 9,and am having the following problem: > When the machine starts the shorewall removes the entries from the > routing table of the kernel, and for this reason can not make > connections. > After running "service network restart" everything works perfectly. > Does anyone have any tips?This is Shorewall FAQ 49. ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB
Hello, The solution presented in the "FAQ 49" not consistent with what I have now, because in my case "/etc/shorewall/nat" is empty . The computer in question is directly connected to the Internet. Any more ideas? Thanks. On Fri, Jan 9, 2009 at 1:53 PM, Darvin Denmian <darvin.denmian@gmail.com> wrote:> Thanks for reply ! > > > ---------- Forwarded message ---------- > From: Shorewall Guy <shorewalljunky@comcast.net> > Date: Fri, Jan 9, 2009 at 1:41 PM > Subject: Re: [Shorewall-users] Single Route > To: Shorewall Users <shorewall-users@lists.sourceforge.net> > > > Darvin Denmian wrote: >> Hello list, >> >> Im testing shorewall in a Fedora Core 9,and am having the following problem: >> When the machine starts the shorewall removes the entries from the >> routing table of the kernel, and for this reason can not make >> connections. >> After running "service network restart" everything works perfectly. >> Does anyone have any tips? > > This is Shorewall FAQ 49. > > > ------------------------------------------------------------------------------ > Check out the new SourceForge.net Marketplace. > It is the best place to buy or sell services for > just about anything Open Source. > http://p.sf.net/sfu/Xq1LFB > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB
On Fri, 2009-01-09 at 14:05 -0200, Darvin Denmian wrote:> Hello, > > The solution presented in the "FAQ 49" not consistent with what I have > now, because in my case "/etc/shorewall/nat" is empty . The computer > in question is directly connected to the Internet. > Any more ideas? > Thanks. >Perhaps you made entries in the providers file? Those entries would not be needed if your using a single ISP. Jerry ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB
Hello, there''s nothing in "/etc/shorewall/providers" . On Fri, Jan 9, 2009 at 2:15 PM, Jerry Vonau <jvonau@shaw.ca> wrote:> On Fri, 2009-01-09 at 14:05 -0200, Darvin Denmian wrote: >> Hello, >> >> The solution presented in the "FAQ 49" not consistent with what I have >> now, because in my case "/etc/shorewall/nat" is empty . The computer >> in question is directly connected to the Internet. >> Any more ideas? >> Thanks. >> > Perhaps you made entries in the providers file? Those entries would not > be needed if your using a single ISP. > > Jerry > > > ------------------------------------------------------------------------------ > Check out the new SourceForge.net Marketplace. > It is the best place to buy or sell services for > just about anything Open Source. > http://p.sf.net/sfu/Xq1LFB > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB
On Fri, 2009-01-09 at 14:24 -0200, Darvin Denmian wrote:> Hello, > > there''s nothing in "/etc/shorewall/providers" . > > On Fri, Jan 9, 2009 at 2:15 PM, Jerry Vonau <jvonau@shaw.ca> wrote: > > On Fri, 2009-01-09 at 14:05 -0200, Darvin Denmian wrote: > >> Hello, > >> > >> The solution presented in the "FAQ 49" not consistent with what I have > >> now, because in my case "/etc/shorewall/nat" is empty . The computer > >> in question is directly connected to the Internet. > >> Any more ideas? > >> Thanks. > >> > > Perhaps you made entries in the providers file? Those entries would not > > be needed if your using a single ISP. > >Ok, I''m done guessing, please summit a dump while shorewall is enabled. Jerry ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB
Here is what i said:
[root@testserver ~]# ping www.google.com
ping: unknown host www.google.com
[root@testserver ~]# ip route list
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.254
[root@testserver ~]# shorewall status
Shorewall-4.0.15 Status at testserver.localdomain - Sex Jan 9
15:06:21 BRST 2009
Shorewall is running
State:Started (Sex Jan 9 15:05:17 BRST 2009)
[root@testserver ~]# service network restart
Desligando a interface eth0: [ OK ]
Desligando a interface loopback: [ OK ]
Desativando o encaminhamento de pacotes IPv4: net.ipv4.ip_forward = 0
[ OK ]
Iniciando a interface loopback: [ OK ]
Iniciando a interface eth0: [ OK ]
[root@testserver ~]# ip route list
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.254
169.254.0.0/16 dev eth0 scope link
default via 192.168.0.2 dev eth0
[root@testserver ~]# ping www.google.com
PING www.l.google.com (74.125.113.103) 56(84) bytes of data.
64 bytes from vw-in-f103.google.com (74.125.113.103): icmp_seq=1
ttl=239 time=189 ms
64 bytes from vw-in-f103.google.com (74.125.113.103): icmp_seq=2
ttl=239 time=212 ms
64 bytes from vw-in-f103.google.com (74.125.113.103): icmp_seq=3
ttl=238 time=193 ms
^C
--- www.l.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2262ms
rtt min/avg/max/mdev = 189.475/198.514/212.359/9.941 ms
Thanks for all replies
On Fri, Jan 9, 2009 at 2:48 PM, Jerry Vonau <jvonau@shaw.ca>
wrote:> On Fri, 2009-01-09 at 14:24 -0200, Darvin Denmian wrote:
>> Hello,
>>
>> there''s nothing in "/etc/shorewall/providers" .
>>
>> On Fri, Jan 9, 2009 at 2:15 PM, Jerry Vonau <jvonau@shaw.ca>
wrote:
>> > On Fri, 2009-01-09 at 14:05 -0200, Darvin Denmian wrote:
>> >> Hello,
>> >>
>> >> The solution presented in the "FAQ 49" not
consistent with what I have
>> >> now, because in my case "/etc/shorewall/nat" is
empty . The computer
>> >> in question is directly connected to the Internet.
>> >> Any more ideas?
>> >> Thanks.
>> >>
>> > Perhaps you made entries in the providers file? Those entries
would not
>> > be needed if your using a single ISP.
>> >
>
> Ok, I''m done guessing, please summit a dump while shorewall is
enabled.
>
> Jerry
>
>
>
>
>
------------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It is the best place to buy or sell services for
> just about anything Open Source.
> http://p.sf.net/sfu/Xq1LFB
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
Darvin, What is needed is described at: http://www.shorewall.net/support.htm ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB