Shorewall Support
|
While I don't answer Shorewall questions
emailed directly to me, I try to spend some time each day answering questions
on the Shorewall Users Mailing List.
-Tom Eastep
Before Reporting a Problem
"Well at least you tried to read the documentation, which is a lot more
than some people on this list appear to do."
- Wietse Venema - On the Postfix mailing list
There are a number of sources for
problem solution information. Please try these before you post.
- More than half of the questions posted on the support
list have answers directly accessible from the Documentation Index
- The FAQ
has solutions to more than 20 common problems.
- The Troubleshooting Information contains
a number of tips to help you solve common problems.
- The Errata has links to download updated
components.
- The Mailing List
Archives search facility can locate posts about similar
problems:
Mailing List Archive Search
Problem Reporting Guidelines
"Let me see if I can translate your message into a real-world
example. It would be like saying that you have three rooms at home,
and when you walk into one of the rooms, you detect this strange smell.
Can anyone tell you what that strange smell is?
Now, all of us could do some wonderful guessing as to the
smell and even what's causing it. You would be absolutely amazed
at the range and variety of smells we could come up with. Even more
amazing is that all of the explanations for the smells would be completely
plausible."
- Russell Mosemann on the Postfix mailing list
- Please remember we only know what is posted in your message.
Do not leave out any information that appears to be correct, or was
mentioned in a previous post. There have been countless posts by people
who were sure that some part of their configuration was correct when it
actually contained a small error. We tend to be skeptics where detail
is lacking.
- Please keep in mind that you're asking for free
technical support. Any help we offer is an act of generosity, not an
obligation. Try to make it easy for us to help you. Follow good, courteous
practices in writing and formatting your e-mail. Provide details that
we need if you expect good answers. Exact quoting of error messages,
log entries, command output, and other output is better than a paraphrase
or summary.
- Please don't describe
your environment and then ask us to send you custom
configuration files. We're here to answer your questions but we
can't do your job for you.
- When reporting a problem, ALWAYS include
this information:
- the exact version of Shorewall you are running.
shorewall version
- the exact kernel version you are running
uname -a
- the complete, exact output of
ip addr show
- the complete, exact output of
ip route show
- If your kernel is modularized, the exact output from
lsmod
- the exact wording of any
ping
failure responses
- If you installed Shorewall using one of the QuickStart Guides,
please indicate which one.
- If you are running Shorewall under Mandrake using the Mandrake
installation of Shorewall, please say so.
- NEVER include the output of "iptables -L". Instead, if you are having connection problems of
any kind then:
1. /sbin/shorewall/reset
2. Try the connection that is failing.
3. /sbin/shorewall status > /tmp/status.txt
4. Post the /tmp/status.txt file as an attachment.
- As a general matter, please do not edit the diagnostic
information in an attempt to conceal your IP address, netmask,
nameserver addresses, domain name, etc. These aren't secrets, and concealing
them often misleads us (and 80% of the time, a hacker could derive them
anyway from information contained in the SMTP headers of your post).
- Do you see any
"Shorewall" messages ("/sbin/shorewall show
log") when you exercise the function that is giving
you problems? If so, include the message(s) in your post along with a
copy of your /etc/shorewall/interfaces file.
- Please include any of the Shorewall configuration files
(especially the /etc/shorewall/hosts file if you have modified
that file) that you think are relevant. If you include /etc/shorewall/rules,
please include /etc/shorewall/policy as well (rules are meaningless unless
one also knows the policies).
- If an error occurs
when you try to "shorewall start",
include a trace (See the Troubleshooting
section for instructions).
-
The list server limits posts to 120kb so don't post GIFs of
your network layout, etc. to the Mailing List -- your
post will be rejected.
The author gratefully acknowleges that the above list was heavily
plagiarized from the excellent LEAF document by Ray Olszewski
found at http://leaf-project.org/pub/doc/docmanager/docid_1891.html.
Please post in plain text
A growing number of MTAs serving list subscribers are rejecting
all HTML traffic. At least one MTA has gone so far as to blacklist
shorewall.net "for continuous abuse" because it has been my policy to
allow HTML in list posts!!
I think that blocking all HTML is a Draconian way to control
spam and that the ultimate losers here are not the spammers but the
list subscribers whose MTAs are bouncing all shorewall.net mail. As
one list subscriber wrote to me privately "These e-mail admin's need
to get a (expletive deleted) life instead of trying to rid the
planet of HTML based e-mail". Nevertheless, to allow subscribers to receive
list posts as must as possible, I have now configured the list server
at shorewall.net to strip all HTML from outgoing posts.
Where to Send your Problem Report or to Ask for Help
If you run Shorewall under Bering -- please post your question or problem
to the LEAF Users
mailing list.
If you run Shorewall under MandrakeSoft Multi Network
Firewall (MNF) and you have not purchased an MNF license from MandrakeSoft
then you can post non MNF-specific Shorewall questions to the Shorewall users mailing
list. Do not expect to get free MNF support on the list.
Otherwise, please post your question or problem to the Shorewall users mailing
list.
To Subscribe to the mailing list go to http://lists.shorewall.net/mailman/listinfo/shorewall-users
.
Last Updated 2/22/2003 - Tom Eastep
Copyright © 2001, 2002, 2003 Thomas M. Eastep.