extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-08-09 15:41:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Changes for 1.3.13

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@402 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
2003-01-14 20:32:45 +00:00
parent 5b9b519183
commit f04d58006f
57 changed files with 12980 additions and 11199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

471
STABLE/documentation/support.htm
View File

@ -2,121 +2,120 @@
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Support</title>
<meta name="Microsoft Theme" content="none">
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" width="100%" id="AutoNumber1"
bgcolor="#400169" height="90">
<tbody>
<tr>
<td width="100%">
<tbody>
<tr>
<td width="100%">
<h1 align="center"><font color="#ffffff">Shorewall Support<img
src="images/obrasinf.gif" alt="" width="90" height="90" align="middle">
</font></h1>
</td>
</tr>
</font></h1>
</td>
</tr>
</tbody>
</tbody>
</table>
<p> <br>
<span style="font-weight: 400;"></span></p>
<h2><big><font color="#ff0000"><b>I don't look at problems sent to me directly
but I try to spend some amount of time each day responding to problems
posted on the Shorewall mailing list.</b></font></big></h2>
<h2 align="center"><big><font color="#ff0000"><b>-Tom</b></font></big></h2>
<p> <b><big><big><font color="#ff0000">Due to "Shorewall burnout", I am currently
not involved in either Shorewall development or Shorewall support. Nevertheless,
the mailing list is being ably manned by other Shorewall users.</font></big><span
style="font-weight: 400;"></span></big></b></p>
<h2 align="center"><big><font color="#ff0000"><b>-Tom Eastep</b></font></big></h2>
<h2>Before Reporting a Problem</h2>
<h3>T<b>here are a number of sources for problem solution information. Please
try these before you post.</b></h3>
There are a number of sources for problem
solution information. Please try these before you post.
<h3> </h3>
<h3> </h3>
<ul>
<li>
<h3><b>The <a href="FAQ.htm">FAQ</a> has solutions to more than 20 common
problems.</b></h3>
<li>More than half of the questions posted on the support list
have answers directly accessible from the <a
href="shorewall_quickstart_guide.htm#Documentation">Documentation Index</a><br>
<br>
</li>
<li> The <a href="FAQ.htm">FAQ</a>
has solutions to more than 20 common problems. </li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>The <a href="troubleshoot.htm">Troubleshooting</a> Information
contains a number of tips to help you solve common problems.</b></h3>
</li>
<li> The <a
href="troubleshoot.htm">Troubleshooting</a> Information contains
a number of tips to help you solve common problems. </li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>The <a href="errata.htm"> Errata</a> has links to download
updated components.</b></h3>
</li>
<li> The <a
href="errata.htm"> Errata</a> has links to download updated
components. </li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>The Mailing List Archives search facility can locate posts
about similar problems:</b></h3>
</li>
<li> The Mailing List Archives
search facility can locate posts about similar problems:
</li>
</ul>
<h2> </h2>
<h2>Mailing List Archive Search</h2>
<form method="post" action="http://www.shorewall.net/cgi-bin/htsearch">
<h2>Mailing List Archive Search</h2>
<form method="post" action="http://www.shorewall.net/cgi-bin/htsearch">
<p> <font size="-1"> Match:
<select name="method">
<option value="and">All </option>
<option value="or">Any </option>
<option value="boolean">Boolean </option>
</select>
Format:
Format:
<select name="format">
<option value="builtin-long">Long </option>
<option value="builtin-short">Short </option>
</select>
Sort by:
Sort by:
<select name="sort">
<option value="score">Score </option>
<option value="time">Time </option>
@ -125,163 +124,239 @@
<option value="revtime">Reverse Time </option>
<option value="revtitle">Reverse Title </option>
</select>
</font> <input type="hidden" name="config"
</font> <input type="hidden" name="config"
value="htdig"> <input type="hidden" name="restrict"
value="[http://www.shorewall.net/pipermail/.*]"> <input type="hidden"
value="[http://mail.shorewall.net/pipermail/.*]"> <input type="hidden"
name="exclude" value=""> <br>
Search: <input type="text" size="30" name="words"
value=""> <input type="submit" value="Search"> </p>
</form>
<h2>Problem Reporting Guidelines</h2>
<i>"Let me see if I can translate your message into a real-world example.<2E>
It would be like saying that you have three rooms at home, and when you
walk into one of the rooms, you detect this strange smell.<EFBFBD> Can anyone tell
you what that strange smell is?<br>
<br>
Now, all of us could do some wonderful guessing as to the smell and even
what's causing it.<EFBFBD> You would be absolutely amazed at the range and variety
of smells we could come up with.<EFBFBD> Even more amazing is that all of the explanations
for the smells would be completely plausible."<br>
</i><br>
<div align="center"><EFBFBD><EFBFBD> - Russell Mosemann<br>
</div>
<br>
Search: <input type="text" size="30"
name="words" value=""> <input type="submit" value="Search"> </p>
</form>
<h2>Problem Reporting Guidelines </h2>
<i>"Let me see if I can translate your message into a real-world
example. It would be like saying that you have three rooms at home,
and when you walk into one of the rooms, you detect this strange smell.
Can anyone tell you what that strange smell is?<br>
<br>
Now, all of us could do some wonderful guessing as to the smell
and even what's causing it. You would be absolutely amazed at the range
and variety of smells we could come up with. Even more amazing is that
all of the explanations for the smells would be completely plausible."<br>
</i><br>
<div align="center"> - <i>Russell Mosemann</i> on the Postfix mailing list<br>
</div>
<br>
<h3> </h3>
<ul>
<li>
<h3><b>When reporting a problem, give as much information as you can.
Reports that say "I tried XYZ and it didn't work" are not at all helpful.</b></h3>
</li>
<li>Please remember we only know what is posted in your message. Do
not leave out any information that appears to be correct, or was mentioned
in a previous post. There have been countless posts by people who were
sure that some part of their configuration was correct when it actually
contained a small error. We tend to be skeptics where detail is lacking.<br>
<br>
</li>
<li>Please keep in mind that you're asking for <strong>free</strong>
technical support. Any help we offer is an act of generosity, not an obligation.
Try to make it easy for us to help you. Follow good, courteous practices
in writing and formatting your e-mail. Provide details that we need if
you expect good answers. <em>Exact quoting </em> of error messages, log
entries, command output, and other output is better than a paraphrase or
summary.<br>
<br>
</li>
<li> Please don't describe your environment
and then ask us to send you custom configuration files.
We're here to answer your questions but we can't do your
job for you.<br>
<br>
</li>
<li>When reporting a problem, <strong>ALWAYS</strong> include this
information:</li>
</ul>
<ul>
<ul>
<li>the exact version of Shorewall you are running.<br>
<br>
<b><font color="#009900">shorewall version</font><br>
</b> <br>
</li>
</ul>
<ul>
<li>the exact kernel version you are running<br>
<br>
<font color="#009900"><b>uname -a<br>
<br>
</b></font></li>
</ul>
<ul>
<li>the complete, exact output of<br>
<br>
<font color="#009900"><b>ip addr show<br>
<br>
</b></font></li>
</ul>
<ul>
<li>the complete, exact output of<br>
<br>
<font color="#009900"><b>ip route show<br>
<br>
</b></font></li>
</ul>
<ul>
<li>If your kernel is modularized, the exact output from<br>
<br>
<font color="#009900"><b>lsmod</b></font><br>
<br>
</li>
<li>the exact wording of any <code
style="color: green; font-weight: bold;">ping</code> failure responses.<br>
<br>
</li>
</ul>
</ul>
<ul>
<li><b>NEVER </b>include the output of "<b><font color="#009900">iptables
-L</font></b>". Instead, please post the exact output of<br>
<br>
<b><font color="#009900">/sbin/shorewall status<br>
<br>
</font></b>Since that command generates a lot of output, we suggest
that you redirect the output to a file and attach the file to your post<br>
<br>
<b><font color="#009900">/sbin/shorewall status &gt; /tmp/status.txt</font></b><br>
<br>
</li>
<li>As a general matter, please <strong>do not edit the diagnostic
information</strong> in an attempt to conceal your IP address, netmask,
nameserver addresses, domain name, etc. These aren't secrets, and concealing
them often misleads us (and 80% of the time, a hacker could derive them
anyway from information contained in the SMTP headers of your post).<strong></strong></li>
</ul>
<ul>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>Please don't describe your environment and then ask us to send
you custom configuration files. We're here to answer your
questions but we can't do your job for you.</b></h3>
</li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>Do you see any "Shorewall" messages in /var/log/messages
when you exercise the function that is giving you problems?</b></h3>
</li>
<li> Do you see any "Shorewall"
messages ("<b><font color="#009900">/sbin/shorewall show log</font></b>")
when you exercise the function that is giving you problems? If
so, include the message(s) in your post along with a copy of your /etc/shorewall/interfaces
file.<br>
<br>
</li>
<li>Please include any of the Shorewall configuration files (especially
the /etc/shorewall/hosts file if you have modified that file)
that you think are relevant. If you include /etc/shorewall/rules,
please include /etc/shorewall/policy as well (rules are meaningless unless
one also knows the policies). </li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>Have you looked at the packet flow with a tool like tcpdump
to try to understand what is going on?</b></h3>
</li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>Have you tried using the diagnostic capabilities of the
application that isn't working? For example, if "ssh" isn't able
to connect, using the "-v" option gives you a lot of valuable diagnostic
information.</b></h3>
</li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>Please include any of the Shorewall configuration files (especially
the /etc/shorewall/hosts file if you have modified that file)
that you think are relevant.</b></h3>
</li>
<li>
<h3><b>If an error occurs when you try to "shorewall start", include
a trace (See the <a href="troubleshoot.htm">Troubleshooting</a> section
for instructions).</b></h3>
</li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>The list server limits posts to 120kb so don't post GIFs of
your network layout, etc to the Mailing List -- your post
will be rejected.</b></h3>
</li>
</ul>
<h3> </h3>
<h2>Please post in plain text</h2>
<blockquote>
<h3><b> While the list server here at shorewall.net accepts and distributes
HTML posts, a growing number of MTAs serving list subscribers are rejecting
this HTML list traffic. At least one MTA has gone so far as to blacklist
shorewall.net "for continuous abuse"!!</b></h3>
<h3><b> I think that blocking all HTML is a rather draconian way to control
spam and that the unltimate loser here is not the spammers but the list subscribers
whose MTAs are bouncing all shorewall.net mail. Nevertheless, all of you can
help by restricting your list posts to plain text.</b></h3>
<h3><b> And as a bonus, subscribers who use email clients like pine and
mutt will be able to read your plain text posts whereas they are most likely
simply ignoring your HTML posts.</b></h3>
<h3><b> A final bonus for the use of HTML is that it cuts down the size
of messages by a large percentage -- that is important when the same message
must be sent 500 times over the slow DSL line connecting the list server
to the internet.</b> </h3>
</blockquote>
<h2>Where to Send your Problem Report or to Ask for Help</h2>
<h3></h3>
<blockquote>
</ul>
<h3> </h3>
<ul>
<li> If an error occurs when
you try to "<font color="#009900"><b>shorewall start</b></font>",
include a trace (See the <a href="troubleshoot.htm">Troubleshooting</a>
section for instructions). </li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>The list server limits posts to 120kb so don't post GIFs of
your network layout, etc. to the Mailing List -- your
post will be rejected.</b></h3>
</li>
</ul>
The author gratefully acknowleges that the above list was heavily plagiarized
from the excellent LEAF document by <i>Ray</i> <em>Olszewski</em> found
at <a href="http://leaf-project.org/pub/doc/docmanager/docid_1891.html">http://leaf-project.org/pub/doc/docmanager/docid_1891.html</a>.<br>
<h2>Please post in plain text</h2>
<blockquote> </blockquote>
A growing number of MTAs serving list subscribers are rejecting all
HTML traffic. At least one MTA has gone so far as to blacklist shorewall.net
"for continuous abuse" because it has been my policy to allow HTML in list
posts!!<br>
<br>
I think that blocking all HTML is a Draconian way to control spam
and that the ultimate losers here are not the spammers but the list subscribers
whose MTAs are bouncing all shorewall.net mail. As one list subscriber
wrote to me privately "These e-mail admin's need to get a <i>(expletive
deleted)</i> life instead of trying to rid the planet of HTML based e-mail".
Nevertheless, to allow subscribers to receive list posts as must as possible,
I have now configured the list server at shorewall.net to strip all HTML
from outgoing posts.<br>
<h2>Where to Send your Problem Report or to Ask for Help</h2>
<blockquote>
<h4>If you run Shorewall under Bering -- <span
style="font-weight: 400;">please post your question or problem
to the <a href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing
list</a>.</span></h4>
to the <a href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing
list</a>.</span></h4>
<b>If you run Shorewall under MandrakeSoft Multi Network Firewall
(MNF) and you have not purchased an MNF license from MandrakeSoft then
you can post non MNF-specific Shorewall questions to the </b><a
href="mailto:shorewall-users@shorewall.net">Shorewall users mailing list.</a>
<b>Do not expect to get free MNF support on the list.</b><br>
<p>Otherwise, please post your question or problem to the <a
href="mailto:shorewall-users@shorewall.net">Shorewall users mailing list.</a></p>
</blockquote>
</blockquote>
<p align="center"><big><font color="#ff0000"><b></b></font></big></p>
<p>To Subscribe to the mailing list go to <a
href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a>
.</p>
href="http://mail.shorewall.net/mailman/listinfo/shorewall-users">http://mail.shorewall.net/mailman/listinfo/shorewall-users</a>
.</p>
<p align="left"><font size="2">Last Updated 12/27/2002 - Tom Eastep</font></p>
<p align="left"><font size="2">Last Updated 1/9/2002 - Tom Eastep</font></p>
<p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font
size="2">Copyright</font> <20> <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font><br>
</p>
<br>
<br>
<br>
size="2">Copyright</font> <20> <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a></font><br>
</p>
<br>
<br>
</body>
</html>