Shorewall
Support Guide
Before Reporting a Problem or Asking a Question
There are a number of sources of Shorewall information. Please try
these before you post.
- Shorewall versions earlier that 1.3.0 are no longer supported.
- More than half of the questions posted on the support list have
answers directly accessible from the Documentation
Index
- The FAQ has
solutions to more than 20 common problems.
- The Troubleshooting
Information contains a number of tips
to help you solve common problems.
- The Errata
has links to download updated components.
- The Site and Mailing List Archives search facility can locate
documents and posts about similar problems:
Site and Mailing List Archive Search
Problem Reporting Guidelines
- Please remember we only know what is posted in your message. Do
not leave out
any information that appears to be correct, or was mentioned in a
previous post. There have been countless posts by people who were sure
that some part of their configuration was correct when it actually
contained a small error. We tend to be skeptics where detail is lacking.
- Please keep in mind that you're asking for free
technical support. Any help we offer is an act of generosity, not an
obligation. Try to make it easy for us to help you. Follow good,
courteous practices in writing and formatting your e-mail. Provide
details
that we need if you expect good answers. Exact quoting of
error messages, log entries, command output, and other output is
better than a paraphrase or summary.
- Please don't describe your environment and then ask us to send
you custom configuration files. We're here to answer your questions but
we can't do your job for you.
- When reporting a problem, ALWAYS include this
information:
- the exact version of Shorewall you are running.
shorewall version
- the complete, exact
output of
ip addr show
- the complete, exact
output of
ip route show
- THIS
IS IMPORTANT! If
your
problem is that some type of connection to/from or through your
firewall
isn't working then please perform the following four steps:
1. If
shorewall isn't running then /sbin/shorewall/start. Otherwise
/sbin/shorewall reset.
2. Try making the connection that is failing.
3. /sbin/shorewall status > /tmp/status.txt
4. Post the /tmp/status.txt file as an
attachment (you may compress it if you like).
- the exact wording of any
ping
failure responses
- If you installed Shorewall using one of the QuickStart Guides,
please indicate which one.
- If you are running Shorewall under Mandrake
using the Mandrake installation of Shorewall, please say so.
- As a general matter, please do not edit the diagnostic
information in an attempt to conceal your IP address, netmask,
nameserver addresses, domain name, etc. These aren't secrets, and
concealing them often misleads us (and 80% of the time, a hacker could
derive them anyway from information contained in the SMTP headers of
your post).
- Do you see any "Shorewall" messages ("/sbin/shorewall
show log") when you exercise the function that is giving you
problems? If so, include the message(s) in your post along with a copy
of your /etc/shorewall/interfaces file.
- Please include any of the Shorewall configuration files
(especially the /etc/shorewall/hosts file if you have modified that
file) that you think are relevant. If you include /etc/shorewall/rules,
please include /etc/shorewall/policy as well (rules are meaningless
unless one also knows the policies).
- If an error occurs when you try to "shorewall
start", include a trace (See the Troubleshooting
section for instructions).
- The list server limits posts to 120kb so don't post GIFs of
your network
layout, etc. to the Mailing List -- your post will be
rejected.
The author gratefully acknowleges that the above list was
heavily plagiarized from the excellent LEAF document by Ray Olszewski
found at http://leaf-project.org/pub/doc/docmanager/docid_1891.html.
When using the mailing list, please post in plain text
A growing number of MTAs serving list subscribers are
rejecting all HTML traffic. At least one MTA has gone so far as to
blacklist shorewall.net "for continuous abuse" because it has been
my policy to allow HTML in list posts!!
I think that blocking all HTML is a Draconian way to control spam and
that the ultimate losers here are not the spammers but the list
subscribers whose MTAs are bouncing all shorewall.net mail. As one list
subscriber wrote to me privately "These e-mail admin's need to get a (expletive
deleted) life instead of trying to rid the planet of HTML based
e-mail". Nevertheless, to allow
subscribers to receive list posts as must as possible, I have now
configured the list server at shorewall.net to convert all HTML to
plain text. These converted posts are difficult to read so all of us
will appreciate it if you just post in plain text to begin with.
Where to Send your Problem Report or to Ask for Help
If you run Shorewall under Bering -- please post your question or problem to the LEAF Users mailing list.
If you run Shorewall under MandrakeSoft Multi Network Firewall
(MNF) and you have not purchased an MNF license from MandrakeSoft then
you can post non MNF-specific Shorewall questions to the Shorewall users
mailing list. Do not expect to get free MNF support on the list
Otherwise, please post your question or problem to the Shorewall users
mailing list. IMPORTANT: If
you are not subscribed to the list, please say so -- otherwise, you
will not be included in any replies.
Subscribing to the Users Mailing List
To Subscribe to the mailing list go to https//lists.shorewall.net/mailman/listinfo/shorewall-users.
For information on other Shorewall mailing lists, go to http://lists.shorewall.net
Last Updated 10/29/2003 - Tom Eastep
Copyright © 2001, 2002, 2003 Thomas M.
Eastep.