<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Shorewall Support Guide</title> </head> <body> <h1 align="center" style="background-color: rgb(255, 255, 255);">Shorewall Support Guide <font><font color="#ffffff"><img src="images/obrasinf.gif" alt="" style="width: 90px; height: 90px; color: rgb(51, 0, 51);" align="middle" title=""></font></font></h1> <h2>Before Reporting a Problem or Asking a Question<br> </h2> There are a number of sources of Shorewall information. Please try these before you post. <ul> <li>Shorewall versions earlier that 1.3.0 are no longer supported.<br> </li> <li>More than half of the questions posted on the support list have answers directly accessible from the <a href="shorewall_quickstart_guide.htm#Documentation">Documentation Index</a><br> </li> <li> The <a href="FAQ.htm">FAQ</a> has solutions to more than 20 common problems. </li> <li> The <a href="troubleshoot.htm">Troubleshooting</a> Information contains a number of tips to help you solve common problems. </li> <li> The <a href="errata.htm"> Errata</a> has links to download updated components. </li> <li> The Site and Mailing List Archives search facility can locate documents and posts about similar problems: </li> </ul> <h2>Site and Mailing List Archive Search</h2> <blockquote> <form method="post" action="http://lists.shorewall.net/cgi-bin/htsearch"> <font size="-1">Match: <select name="method"> <option value="and">All </option> <option value="or">Any </option> <option value="boolean">Boolean </option> </select> Format: <select name="format"> <option value="builtin-long">Long </option> <option value="builtin-short">Short </option> </select> Sort by: <select name="sort"> <option value="score">Score </option> <option value="time">Time </option> <option value="title">Title </option> <option value="revscore">Reverse Score </option> <option value="revtime">Reverse Time </option> <option value="revtitle">Reverse Title </option> </select> </font><input type="hidden" name="config" value="htdig"><input type="hidden" name="restrict" value=""><font size="-1"> Include Mailing List Archives: <select size="1" name="exclude"> <option value="">Yes</option> <option value="[http://lists.shorewall.net/pipermail/.*]">No</option> </select> </font><br> Search: <input type="text" size="30" name="words" value=""> <input type="submit" value="Search"><br> </form> </blockquote> <h2>Problem Reporting Guidelines<br> </h2> <ul> <li>Please remember we only know what is posted in your message. Do not leave out any information that appears to be correct, or was mentioned in a previous post. There have been countless posts by people who were sure that some part of their configuration was correct when it actually contained a small error. We tend to be skeptics where detail is lacking.<br> <br> </li> <li>Please keep in mind that you're asking for <strong>free</strong> technical support. Any help we offer is an act of generosity, not an obligation. Try to make it easy for us to help you. Follow good, courteous practices in writing and formatting your e-mail. Provide details that we need if you expect good answers. <em>Exact quoting </em> of error messages, log entries, command output, and other output is better than a paraphrase or summary.<br> <br> </li> <li>Please don't describe your problem as "Computer A can't see Computer B". Of course it can't -- it hasn't any eyes! If ping from A to B fails, say so (and see below for information about reporting 'ping' problems). If Computer B doesn't show up in "Network Neighborhood" then say so. <br> <br> </li> <li>Please give details about what doesn't work. Reports that say "I followed the directions and it didn't work" will elicit sympathy but probably little in the way of help. Again -- if ping from A to B fails, say so (and see below for information about reporting 'ping' problems). If Computer B doesn't show up in "Network Neighborhood" then say so. If access by IP address works but by DNS names it doesn't then say so.<br> <br> </li> <li> Please don't describe your environment and then ask us to send you custom configuration files. We're here to answer your questions but we can't do your job for you.<br> <br> </li> <li>When reporting a problem, <strong>ALWAYS</strong> include this information:</li> </ul> <ul> <ul> <li>the exact version of Shorewall you are running.<br> <br> <b><font color="#009900">shorewall version</font><br> </b> <br> </li> </ul> <ul> </ul> <ul> <li>the complete, exact output of<br> <br> <font color="#009900"><b>ip addr show<br> <br> </b></font></li> </ul> <ul> <li>the complete, exact output of<br> <br> <font color="#009900"><b>ip route show<br> </b></font></li> </ul> <ul> </ul> </ul> <ul> <ul> <li><small><small><font color="#ff0000"><u><i><big><b>THIS IS IMPORTANT!</b></big></i></u></font></small></small><big> </big>If your problem is that some type of connection to/from or through your firewall isn't working then please perform the following four steps:<br> <br> 1. <b><font color="#009900"><span style="color: rgb(0, 0, 0);">If shorewall isn't running then </span></font></b><font color="#009900" style="font-weight: bold; color: rgb(0, 153, 0);">/sbin/shorewall/start</font><b><font color="#009900"><span style="color: rgb(0, 0, 0);">. Otherwise</span> /sbin/shorewall reset<span style="color: rgb(0, 0, 0);">.</span></font></b><br> <br> 2. Try making the connection that is failing.<br> <br> 3.<b><font color="#009900"> /sbin/shorewall status > /tmp/status.txt</font></b><br> <br> 4. Post the /tmp/status.txt file as an attachment (you may compress it if you like).<br> <br> </li> <li>the exact wording of any <code style="color: green; font-weight: bold;">ping</code> failure responses<br> <br> </li> <li>If you installed Shorewall using one of the QuickStart Guides, please indicate which one. <br> <br> </li> <li><b>If you are running Shorewall under Mandrake using the Mandrake installation of Shorewall, please say so.<br> <br> </b></li> </ul> <li>As a general matter, please <strong>do not edit the diagnostic information</strong> in an attempt to conceal your IP address, netmask, nameserver addresses, domain name, etc. These aren't secrets, and concealing them often misleads us (and 80% of the time, a hacker could derive them anyway from information contained in the SMTP headers of your post).<br> <br> <strong></strong></li> <li>Do you see any "Shorewall" messages ("<b><font color="#009900">/sbin/shorewall show log</font></b>") when you exercise the function that is giving you problems? If so, include the message(s) in your post along with a copy of your /etc/shorewall/interfaces file.<br> <br> </li> <li>Please include any of the Shorewall configuration files (especially the /etc/shorewall/hosts file if you have modified that file) that you think are relevant. If you include /etc/shorewall/rules, please include /etc/shorewall/policy as well (rules are meaningless unless one also knows the policies).<br> <br> </li> <li>If an error occurs when you try to "<font color="#009900"><b>shorewall start</b></font>", include a trace (See the <a href="troubleshoot.htm">Troubleshooting</a> section for instructions).<br> <br> </li> <li><b>The list server limits posts to 120kb so don't post GIFs of your network layout, etc. to the Mailing List -- your post will be rejected.</b></li> </ul> <blockquote> The author gratefully acknowleges that the above list was heavily plagiarized from the excellent LEAF document by <i>Ray</i> <em>Olszewski</em> found at <a href="http://leaf-project.org/pub/doc/docmanager/docid_1891.html">http://leaf-project.org/pub/doc/docmanager/docid_1891.html</a>.<br> </blockquote> <h2>When using the mailing list, please post in plain text</h2> <blockquote> A growing number of MTAs serving list subscribers are rejecting all HTML traffic. At least one MTA has gone so far as to blacklist shorewall.net "for continuous abuse" because it has been my policy to allow HTML in list posts!!<br> <br> I think that blocking all HTML is a Draconian way to control spam and that the ultimate losers here are not the spammers but the list subscribers whose MTAs are bouncing all shorewall.net mail. As one list subscriber wrote to me privately "These e-mail admin's need to get a <i>(expletive deleted)</i> life instead of trying to rid the planet of HTML based e-mail". Nevertheless, to allow subscribers to receive list posts as must as possible, I have now configured the list server at shorewall.net to convert all HTML to plain text. These converted posts are difficult to read so all of us will appreciate it if you just post in plain text to begin with.<br> </blockquote> <h2>Where to Send your Problem Report or to Ask for Help</h2> <blockquote> <h4>If you run Shorewall under Bering -- <span style="font-weight: 400;">please post your question or problem to the <a href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing list</a>.</span></h4> <span style="font-weight: bold;">If you are new to Shorewall and have a question or need help with a problem, </span>please post to the <a href="mailto:shorewall-newbies@lists.shorewall.net">Shorewall Newbies mailing list</a>.<span style="font-weight: bold;"><br> <br> </span> <b>If you run Shorewall under MandrakeSoft Multi Network Firewall (MNF) and you have not purchased an MNF license from MandrakeSoft then you can post non MNF-specific Shorewall questions to the </b><a href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing list</a>. <b>Do not expect to get free MNF support on the list</b> <p>Otherwise, please post your question or problem to the <a href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing list.</a><span style="font-weight: bold;"> IMPORTANT: </span>If you are not subscribed to the list, please say so -- otherwise, you will not be included in any replies.<br> </p> </blockquote> <h2>Subscribing to the Newbies Mailing List<br> </h2> To Subscribe to the mailing list go to <a href="https://lists.shorewall.net/mailman/listinfo/shorewall-newbies" target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-newbies</a>. <h2>Subscribing to the Users Mailing List<br> </h2> <blockquote> <p> To Subscribe to the mailing list go to <a href="https://lists.shorewall.net/mailman/listinfo/shorewall-users" target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-users</a>.<br> </p> </blockquote> <p>For information on other Shorewall mailing lists, go to <a href="http://lists.shorewall.net">http://lists.shorewall.net</a><br> </p> <p align="left"><font size="2">Last Updated 12/02/2003 - Tom Eastep</font></p> <p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font size="2">Copyright</font> � <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a></font><br> </p> <br> <br> <br> </body> </html>