Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 4/15/12 6:24 PM, dark_night@aol.es wrote:> Hi everybody. > I''m trying to configure shorewall folowing this manual: > http://www.montanalinux.org/proxmox-ve-with-shorewall.html > But with shorewall check it tells me thah: > Checking /etc/shorewall/interfaces... > ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) > How can I define it in the zone file?dmz ipv4 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
m Subject: Re: [Shorewall-users] problems with shorewall proxyarp Hello Tom, I configured shorewall as explained in the guide, starts well but when I try to start a vps with shorewall started get this error: Starting CT 101: Starting container ... Container is mounted Adding IP address(es): 94.23.87.229 RTNETLINK answers: File exists vps-net_add ERROR: Unable to add route ip route add 94.23.87.229 dev venet0 Container start failed (try to check kernel messages, e.g. "dmesg | tail") What should edit to work well proxy arp? my proxyarp file: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 94.23.87.229 vmbr0 eth0 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE masq file: #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK eth0 10.1.1.0/24 interfaces: net eth0 detect tcpflags,routefilter,nosmurfs,logmartians dmz venet0 detect routeback dmz vmbr0 detect routeback,bridge zones file: fw firewall net ipv4 loc ipv4 dmz ipv4 thanks for the help. best regards, Santiago.-----Original Message----- From: Tom Eastep <teastep@shorewall.net> To: shorewall-users <shorewall-users@lists.sourceforge.net> Sent: Sun, Apr 15, 2012 9:46 pm Subject: Re: [Shorewall-users] problems with shorewall proxyarp On 4/15/12 6:24 PM, dark_night@aol.es wrote:> Hi everybody. > I''m trying to configure shorewall folowing this manual: > http://www.montanalinux.org/proxmox-ve-with-shorewall.html > But with shorewall check it tells me thah: > Checking /etc/shorewall/interfaces... > ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) > How can I define it in the zone file?dmz ipv4 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- ----- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 4/16/12 9:07 AM, dark_night@aol.es wrote:> m > Subject: Re: [Shorewall-users] problems with shorewall proxyarp > > Hello Tom, > > I configured shorewall as explained in the guide, starts well but when > I try to start a vps with shorewall started get this error: > Starting CT 101: Starting container ... > Container is mounted > Adding IP address(es): 94.23.87.229 > RTNETLINK answers: File exists > vps-net_add ERROR: Unable to add route ip route add 94.23.87.229 dev > venet0 > Container start failed (try to check kernel messages, e.g. "dmesg | > tail") > What should edit to work well proxy arp? > my proxyarp file: > #ADDRESS INTERFACE EXTERNAL HAVEROUTE > PERSISTENT > 94.23.87.229 vmbr0 eth0 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > masq file: > #INTERFACE SOURCE ADDRESS PROTO PORT(S) > IPSEC MARK > eth0 10.1.1.0/24 > interfaces: > net eth0 detect > tcpflags,routefilter,nosmurfs,logmartians > dmz venet0 detect routeback > dmz vmbr0 detect routeback,bridge > zones file: > fw firewall > net ipv4 > loc ipv4 > dmz ipv4Put ''Yes'' in the HAVEROUTE column of the proxyarp file. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
Hello tom, proxyarp file: 94.23.87.229 vmbr0 eth0 no yes same error with openvz. thanks for the help. regards, Santiago. -----Original Message----- From: Tom Eastep <teastep@shorewall.net> To: shorewall-users <shorewall-users@lists.sourceforge.net> Sent: Mon, Apr 16, 2012 1:52 pm Subject: Re: [Shorewall-users] problems with shorewall proxyarp On 4/16/12 9:07 AM, dark_night@aol.es wrote:> m > Subject: Re: [Shorewall-users] problems with shorewall proxyarp > > Hello Tom, > > I configured shorewall as explained in the guide, starts well but when > I try to start a vps with shorewall started get this error: > Starting CT 101: Starting container ... > Container is mounted > Adding IP address(es): 94.23.87.229 > RTNETLINK answers: File exists > vps-net_add ERROR: Unable to add route ip route add 94.23.87.229 dev > venet0 > Container start failed (try to check kernel messages, e.g. "dmesg | > tail") > What should edit to work well proxy arp? > my proxyarp file: > #ADDRESS INTERFACE EXTERNAL HAVEROUTE > PERSISTENT > 94.23.87.229 vmbr0 eth0 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > masq file: > #INTERFACE SOURCE ADDRESS PROTOPORT(S)> IPSEC MARK > eth0 10.1.1.0/24 > interfaces: > net eth0 detect > tcpflags,routefilter,nosmurfs,logmartians > dmz venet0 detect routeback > dmz vmbr0 detect routeback,bridge > zones file: > fw firewall > net ipv4 > loc ipv4 > dmz ipv4Put ''Yes'' in the HAVEROUTE column of the proxyarp file. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- ----- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/16/2012 12:09 PM, dark_night@aol.es wrote:> Hello tom, > proxyarp file: > 94.23.87.229 vmbr0 eth0 no yes > same error with openvz.You are setting HAVEROUTE to No and Persistent to Yes. You want HAVEROUTE set to Yes. And you might have to manually delete the existing route, depending on which version of Shorewall you are running (you haven''t said). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
Hello toms, it works. thanks for the help. best regards, Santiago. -----Original Message----- From: Tom Eastep <teastep@shorewall.net> To: shorewall-users <shorewall-users@lists.sourceforge.net> Sent: Mon, Apr 16, 2012 2:43 pm Subject: Re: [Shorewall-users] problems with shorewall proxyarp On 04/16/2012 12:09 PM, dark_night@aol.es wrote:> Hello tom, > proxyarp file: > 94.23.87.229 vmbr0 eth0 no yes > same error with openvz.You are setting HAVEROUTE to No and Persistent to Yes. You want HAVEROUTE set to Yes. And you might have to manually delete the existing route, depending on which version of Shorewall you are running (you haven''t said). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- ----- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2