I can confirm that. I would really help if the drak config of shorewall was as the person who wrote shorewall intended.
the only thing that the drak config is useful for is keeping out unwanted visitors while you manually the sholewall files to do what you wnt, and after that it works like a dream. Its easier to configure than bastille. The drak conf of shorewall is non compliant with shorewall, it does'nt understand any protocol apart from tcp & udp and the use of a colon on port range is'nt recognised, that makes it pretty basic with what can be done from the gui. And it would have helped if Ulogd was used to handled to log enties, syslog gets very full otherwise. thats my two penneth,,,now breakfast Richard On Sat, 2003-11-15 at 05:24, Jack Coates wrote: > I have three production Shorewall installs, two of which are on 9.2. If > it was broken, I wouldn't have been online for the last month :-) I'll > buy that Webmin's configuration of Shorewall is broken, or that drakfw's > configuration is broken, but 9.2's Shorewall is just fine. > > On Fri, 2003-11-14 at 13:45, Lawson, Jim wrote: > > Thomas I will Monday. I installed iptables and it works. 9.2 shore wall is > > broken. I did the same think I did at home for 9.0 in control center and it > > works. Just on 9.2 it's broken. > > > > -----Original Message----- > > From: Thomas Backlund [mailto:[EMAIL PROTECTED] > > Sent: Friday, November 14, 2003 4:27 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [expert] shorewall > > > > > > From: "Lawson, Jim" <[EMAIL PROTECTED]> > > > > > > Did this below still nothing everything stops... Can you help more Please. > > > > > > > the three last lines of /etc/shorewall/routestopped should be: > > --- cut --- > > #INTERFACE HOST(S) > > eth0 > > #LAST LINE... > > --- cut --- > > > > > [EMAIL PROTECTED] shorewall]# service shorewall check > > > Loading /usr/share/shorewall/functions... > > > Processing /etc/shorewall/params ... > > > Processing /etc/shorewall/shorewall.conf... > > > > > > Notice: The 'check' command is unsupported and problem > > > reports complaining about errors that it didn't catch > > > will not be accepted > > > > > > Shorewall has detected the following iptables/netfilter capabilities: > > > NAT: Available > > > Packet Mangling: Available > > > Multi-port Match: Available > > > Connection Tracking Match: Available > > > Verifying Configuration... > > > Loading Modules... > > > Determining Zones... > > > Zones: net loc > > > Validating interfaces file... > > > Warning: Invalid option (routestopped) in record "net eth0 detect > > > routestopped" > > > > remove the 'routestopped' from /etc/shorewall/interfaces > > > > so the four last lines in that file should be: > > --- cut --- > > #ZONE INTERFACE BROADCAST OPTIONS > > loc eth0 detect > > net eth1 detect > > #LAST LINE ... > > --- cut --- > > > > > > btw, as I forgot to ask before, what internet connection do you have? > > is it a dsl? and does it get it's ip through dhcp or is it static? > > > > if you have dsl that uses PPPoE or PPPoA, > > you need to change /etc/shorewall/interfaces to: > > --- cut --- > > #ZONE INTERFACE BROADCAST OPTIONS > > loc eth0 detect > > net ppp0 detect > > #LAST LINE ... > > --- cut --- > > > > and if it's also using dhcp, you need it like this: > > --- cut --- > > #ZONE INTERFACE BROADCAST OPTIONS > > loc eth0 detect > > net ppp0 detect dhcp > > #LAST LINE ... > > --- cut --- > > > > > > and of course restart shorewall after you have made the changes > > -- > > Regards > > > > Thomas > > > > PS. > > sorry for the delays in answering, I had to leave my computer for a while... > > > > > > > > > > > > ______________________________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com > > -- > Jack at Monkeynoodle Dot Org: It's A Scientific Venture... > > "There was a shopping mall, now it's all covered with flowers, if this > is Paradise I wish I had a lawnmower." > -- (Nothing But) Flowers from Sand in The Vaseline by The Talking Heads > > > > ______________________________________________________________________ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Richard Bown <[EMAIL PROTECTED]>
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
