Hello Tom and you all, I have a problem with my Shorewall 4.4.11.6, it''s the opposite to the FAQ 33, I mean, connections to the net from clients behind the firewall work fine but connections (direct, without a proxy) from the firewall itself fail. What''s wrong? I had attached the status.txt. Thanks. Augusto. 2011/12/23, Augusto Vázquez Vázquez <alvaz75@gmail.com>:> Thanks a lot Tom, that was my error, now my Shorewall started OK, thanks. > > August. > > > 2011/12/22 Tom Eastep <teastep@shorewall.net> > >> On Wed, 2011-12-21 at 22:32 -0500, Augusto Vázquez Vázquez wrote: >> > Hi, I''m using Shorewall version 4.4.11.6 it''s configured and when I >> > use the command shorewall check the result is OK, but bellow is the >> > error when I try to start shorewall. >> > There are some attachments to help you understand my problem. Thanks a >> lot. >> > >> > Augusto. >> > >> > Starting Shorewall.... >> > Initializing... >> > /var/lib/shorewall/.start: 2476: /bin: Permission denied >> > ERROR: Command "/bin -4 link list" Failed >> > /var/lib/shorewall/.start: 2476: /bin: Permission denied >> > ERROR: Command "/bin -4 link list" Failed >> > Terminated >> >> It looks like you have this in shorewall.conf: >> >> IP=/bin >> >> Either leave it blank or set it as >> >> IP=/sbin/ip >> >> -Tom >> -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> >> >> >> >> ------------------------------------------------------------------------------ >> Write once. Port to many. >> Get the SDK and tools to simplify cross-platform app development. Create >> new or port existing apps to sell to consumers worldwide. Explore the >> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join >> http://p.sf.net/sfu/intel-appdev >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On 3/29/12 1:09 PM, "Augusto Vázquez Vázquez" <alvaz75@gmail.com> wrote:>Hello Tom and you all, I have a problem with my Shorewall 4.4.11.6, >it''s the opposite to the FAQ 33, I mean, connections to the net from >clients behind the firewall work fine but connections (direct, without >a proxy) from the firewall itself fail.How do they fail? If you use IP addresses instead of DNS names, does that work? -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On 04/02/2012 11:46 AM, Augusto Vázquez Vázquez wrote:> Even using IP addresses instead of DNS names it fail. > I''m trying to access any website from the firewall, using Iceweasel in > Debian 6.0.2, in the firewall is running Shorewall, DNS with views > (Wan, Lan, DMZ) and Proxy server. I can''t use the package aptitude > either.Clearly, Shorewall isn''t blocking web access from the firewall since Squid is able to access the net fine. And there are no firewall rules blocking fw->net traffic: Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 983K 125M fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain fw2net (1 references) pkts bytes target prot opt in out source destination 502K 91M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 33538 2029K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 448K 33M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 If you momentarily ''shorewall clear'', does the problem go away? (be sure to ''shorewall start'' after the test). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
On 04/02/2012 01:18 PM, Tom Eastep wrote:> > If you momentarily ''shorewall clear'', does the problem go away? (be sure > to ''shorewall start'' after the test). >Have you possibly incorrectly configured a Proxy on the firewall system? System->Preferences->Network Proxy? That would explain how Squid works but Aptitude, etc. do not. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure