<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
                                                                      
  <meta http-equiv="Content-Language" content="en-us">
                                                                      
  <meta http-equiv="Content-Type"
 content="text/html; charset=windows-1252">
  <title>Shorewall Support Guide</title>
</head>
  <body>
                                   
<table border="0" cellpadding="0" cellspacing="0"
 style="border-collapse: collapse;" width="100%" id="AutoNumber1"
 bgcolor="#3366ff" height="90">
                                                                       <tbody>
                                                                        <tr>
                                                                        
      <td width="100%">                                                 
                                                                        
 
      <h1 align="center"><font color="#ffffff">Shorewall Support Guide<img
 src="images/obrasinf.gif" alt="" width="90" height="90" align="middle">
                                                          </font></h1>
                                                                        
      </td>
                                                                       </tr>
                                                                      
  </tbody>                 
</table>
                                   
<h2>Before Reporting a Problem or Asking a Question<br>
                    </h2>
                                                                        
 There    are   a  number    of  sources of Shorewall information. Please 
    try  these  before   you   post.                   
<ul>
                                                    <li>Shorewall versions
 earlier    that 1.3.0 are no longer supported.<br>
          </li>
          <li>More than half of the questions    posted    on  the   support
      list   have answers directly accessible  from  the    <a
 href="http://www.shorewall.net/shorewall_quickstart_guide.htm#Documentation">Documentation 
       Index</a><br>
                                            </li>
                                            <li>                        
          The       <a href="http://www.shorewall.net/FAQ.htm">FAQ</a>  
  has    solutions    to  more than 20 common      problems.            
    </li>
                                    <li>                                
  The           <a href="http://www.shorewall.net/troubleshoot.htm">Troubleshooting</a>
      Information           contains                a    number of tips to
 help    you solve common  problems.        </li>
                                   <li>                                 
 The           <a href="http://www.shorewall.net/errata.htm">   Errata</a> 
has links     to  download        updated     components.         </li>
                                    <li>                                
  The   Site   and   Mailing        List   Archives     search facility can
 locate   documents   and  posts    about         similar   problems:   
     </li>
                                  
</ul>
                                   
<h2>Site and Mailing List Archive Search</h2>
                                  
<blockquote>                                                   
  <form method="post"
 action="http://lists.shorewall.net/cgi-bin/htsearch"> <font size="-1"> Match: 
                                                                         
                   
    <select name="method">
    <option value="and">All </option>
    <option value="or">Any </option>
    <option value="boolean">Boolean </option>
    </select>
                         Format:                                        
                                            
    <select name="format">
    <option value="builtin-long">Long </option>
    <option value="builtin-short">Short </option>
    </select>
                         Sort by:                                       
                                             
    <select name="sort">
    <option value="score">Score </option>
    <option value="time">Time </option>
    <option value="title">Title </option>
    <option value="revscore">Reverse Score </option>
    <option value="revtime">Reverse Time </option>
    <option value="revtitle">Reverse Title </option>
    </select>
                          </font><input type="hidden" name="config"
 value="htdig"><input type="hidden" name="restrict" value=""><font
 size="-1"> Include  Mailing        List Archives:                      
                                                              
    <select size="1" name="exclude">
    <option value="">Yes</option>
    <option value="[http://lists.shorewall.net/pipermail/.*]">No</option>
    </select>
                          </font><br>
                         Search: <input type="text" size="30"
 name="words" value="">      <input type="submit" value="Search"><br>
                       </form>
                     </blockquote>
                                  
<h2>Problem Reporting Guidelines<br>
                         </h2>
                                   
<ul>
                                             <li>Please remember we only
know   what   is  posted    in  your   message.      Do  not  leave out any
information      that  appears   to be  correct,    or was   mentioned  
 in  a previous    post.  There  have  been countless   posts   by people
  who were   sure    that some  part  of their     configuration  was correct
 when  it actually      contained   a  small error.     We tend to be  skeptics
where  detail    is lacking.<br>
                                               <br>
                                             </li>
                                             <li>Please keep in mind that 
you're    asking    for       <strong>free</strong>            technical 
support.   Any help  we  offer   is an act of generosity, not    an   obligation.
    Try  to make   it easy  for us to help you. Follow good,    courteous
  practices    in  writing and formatting your e-mail. Provide   details
that    we need if  you  expect good  answers. <em>Exact quoting     </em>
 of error messages,  log  entries,  command output, and other output  is
better   than a paraphrase   or  summary.<br>
                                               <br>
                                             </li>
                                             <li>                       
           Please    don't    describe     your   environment   and then
 ask    us   to  send   you             custom     configuration   files. 
  We're   here    to answer     your  questions     but    we           can't 
  do  your   job for you.<br>
                                               <br>
                                                    </li>
                                             <li>When reporting a problem,
     <strong>ALWAYS</strong>            include     this   information:</li>
                                  
</ul>
                                  
<ul>
                                                                     
  <ul>
                                               <li>the exact version of Shorewall 
    you   are   running.<br>
                                                 <br>
                                                 <b><font
 color="#009900">shorewall      version</font><br>
                                            </b>    <br>
                                               </li>
                                                                     
  </ul>
                                                                     
  <ul>
                                                                        
                                         
  </ul>
                                                                     
  <ul>
                                               <li>the complete, exact output 
  of<br>
                                                 <br>
                                                 <font color="#009900"><b>ip
  addr   show<br>
                                                 <br>
                                                 </b></font></li>
                                                                     
  </ul>
                                                                     
  <ul>
                                               <li>the complete, exact output 
  of<br>
                                                 <br>
                                                 <font color="#009900"><b>ip
  route    show<br>
                                                 </b></font></li>
                                                                     
  </ul>
                                                                     
  <ul>
                                                                        
                                                                        
  </ul>
                                  
</ul>
                                  
<ul>
                                                                    
  <ul>
                     <li><big><font color="#ff0000"><u><i><big><b>THIS IS 
IMPORTANT!</b></big></i></u></font><big><big><big> </big>If your problem is
that some type of connection to/from or through your firewall isn't working 
then please perform the following four steps:</big></big></big><br>
        <br>
  1. <b><font color="#009900">/sbin/shorewall reset</font></b><br>
                                    <br>
                                2. Try making the connection that is failing.<br>
                                    <br>
                                3.<b><font color="#009900"> /sbin/shorewall 
 status    &gt;   /tmp/status.txt</font></b><br>
                                    <br>
                                4. Post the /tmp/status.txt file as an attachment 
(you may compress it if you like).<br>
                      <br>
                    </li>
                    <li>the exact wording of any <code
 style="color: green; font-weight: bold;">ping</code> failure responses<br>
                                         <br>
                                       </li>
                    <li>If you installed Shorewall using one of the QuickStart
       Guides,        please  indicate which one. <br>
                                         <br>
                                       </li>
                    <li><b>If you are running Shorewall under Mandrake using
     the     Mandrake      installation of Shorewall, please say so.<br>
                      <br>
                      </b></li>
                                                                   
  </ul>
                                                                        
       <li>As    a  general    matter,   please <strong>do not edit the 
diagnostic        information</strong>        in   an attempt to conceal
your IP address,     netmask,      nameserver    addresses,     domain name,
etc. These aren't     secrets,  and concealing   them often   misleads  us
(and 80% of the time,     a hacker  could derive them       anyway   from
information  contained  in   the SMTP headers  of your post).<br>
                              <br>
                              <strong></strong></li>
                            <li>Do you see  any   "Shorewall"      messages 
 ("<b><font color="#009900">/sbin/shorewall  show   log</font></b>")     
      when              you exercise the function that is giving   you problems? 
 If   so,    include    the message(s) in your post along with a  copy of 
your /etc/shorewall/interfaces               file.<br>
                              <br>
                            </li>
                            <li>Please include any of the Shorewall configuration 
     files        (especially               the    /etc/shorewall/hosts file 
   if you have      modified    that     file)      that  you    think are 
    relevant.  If   you  include /etc/shorewall/rules,         please include 
   /etc/shorewall/policy       as well (rules are meaningless   unless   
  one also knows the policies).<br>
                              <br>
                            </li>
                            <li>If an error occurs    when   you   try  
to  "<font color="#009900"><b>shorewall  start</b></font>",        include
    a  trace       (See the <a
 href="http://www.shorewall.net/troubleshoot.htm">Troubleshooting</a>    
  section  for    instructions).<br>
                              <br>
                            </li>
                            <li><b>The list server limits posts to 120kb
so  don't     post    GIFs     of               your             network
layout,  etc.   to the Mailing   List    --   your      post      will  be
rejected.</b></li>
                                  
</ul>
                                  
<blockquote>    The author gratefully   acknowleges that the above list was
         heavily plagiarized    from the  excellent LEAF document by <i>Ray</i>
         <em>Olszewski</em>      found  at  <a
 href="http://leaf-project.org/pub/doc/docmanager/docid_1891.html">http://leaf-project.org/pub/doc/docmanager/docid_1891.html</a>.<br>
                    </blockquote>
                                  
<h2>When using the mailing list, please post in plain text</h2>
                                  
<blockquote>      A growing  number of MTAs serving list subscribers are
rejecting   all    HTML  traffic.  At least one MTA has gone so far as to
blacklist   shorewall.net      "for  continuous abuse" because it has been
my policy   to  allow HTML in  list    posts!!<br>
                       <br>
                                                I think that blocking all 
HTML   is  a  Draconian      way   to  control     spam    and  that the ultimate
  losers   here are not    the spammers    but the   list  subscribers  
   whose MTAs   are bouncing    all shorewall.net    mail. As   one list
  subscriber    wrote    to me privately      "These e-mail admin's   need
  to get a <i>(expletive      deleted)</i>  life     instead of trying to
rid   the planet of HTML based   e-mail".   Nevertheless,       to allow
subscribers  to  receive list posts   as must as possible,   I  have   now
  configured the  list  server at shorewall.net   to strip all HTML    from
 outgoing  posts.<br>
      <br>
      <big><font color="#cc0000"><b>If you run your own outgoing mail server
  and it doesn't have a valid DNS PTR record, your email won't reach the
lists   unless/until the postmaster notices that your posts are being rejected. 
To  avoid this problem, you should configure your MTA to forward posts to 
shorewall.net  through an MTA that <u>does</u> have a valid PTR record (such 
as the one at your ISP). </b></font></big><br>
    </blockquote>
       
<h2>Where to Send your Problem Report or to Ask for Help</h2>
                                   
<blockquote>                                        
  <h4>If you run Shorewall under Bering -- <span
 style="font-weight: 400;">please           post your question or problem 
                        to the <a
 href="mailto:leaf-user@lists.sourceforge.net">LEAF      Users      mailing 
            list</a>.</span></h4>
                                                <b>If you run Shorewall under 
  MandrakeSoft       Multi    Network     Firewall     (MNF)   and you have 
  not purchased  an   MNF  license    from MandrakeSoft     then    you can 
   post non MNF-specific     Shorewall  questions   to the </b><a
 href="mailto:shorewall-users@lists.shorewall.net">Shorewall   users mailing 
              list</a>. <b>Do not expect to get free MNF support on the list</b>
                                                                   
  <p>Otherwise, please post your question or problem to the <a
 href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing 
                 list</a> .</p>
                                   
  <p>         To Subscribe to the  mailing list go to <a
 href="http://lists.shorewall.net/mailman/listinfo/shorewall-users">http://lists.shorewall.net/mailman/listinfo/shorewall-users</a> 
                                      .<br>
                            </p>
                                                  </blockquote>
                                      
<p>For information on other Shorewall mailing lists, go to <a
 href="http://lists.shorewall.net">http://lists.shorewall.net</a><br>
                            </p>
                                   
<p align="left"><font size="2">Last Updated 7/9/2003 - Tom Eastep</font></p>
                                   
<p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font
 size="2">Copyright</font> � <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a></font><br>
 </p>
 <br>
</body>
</html>