mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-24 16:43:21 +01:00
ba123e3eba
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@487 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
409 lines
19 KiB
HTML
409 lines
19 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
<html>
|
||
<head>
|
||
|
||
|
||
|
||
<meta http-equiv="Content-Language" content="en-us">
|
||
|
||
|
||
|
||
<meta http-equiv="Content-Type"
|
||
content="text/html; charset=windows-1252">
|
||
|
||
|
||
|
||
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
|
||
|
||
|
||
|
||
<meta name="ProgId" content="FrontPage.Editor.Document">
|
||
<title>Shorewall Support Guide</title>
|
||
|
||
|
||
|
||
|
||
<meta name="Microsoft Theme" content="none">
|
||
</head>
|
||
<body>
|
||
|
||
|
||
<table border="0" cellpadding="0" cellspacing="0"
|
||
style="border-collapse: collapse;" width="100%" id="AutoNumber1"
|
||
bgcolor="#400169" height="90">
|
||
<tbody>
|
||
<tr>
|
||
<td width="100%">
|
||
|
||
|
||
|
||
|
||
<h1 align="center"><font color="#ffffff">Shorewall Support Guide<img
|
||
src="images/obrasinf.gif" alt="" width="90" height="90" align="middle">
|
||
</font></h1>
|
||
</td>
|
||
</tr>
|
||
|
||
|
||
|
||
</tbody>
|
||
</table>
|
||
|
||
|
||
<p> <b><big><big><font color="#ff0000">While I don't answer Shorewall <20>questions
|
||
emailed directly to me, I try to spend some time each day answering questions
|
||
on the Shorewall Users Mailing List and on the Support Forum.</font></big><span
|
||
style="font-weight: 400;"></span></big></b></p>
|
||
|
||
<h2 align="center"><big><font color="#ff0000"><b>-Tom Eastep</b></font></big></h2>
|
||
|
||
<h1>Before Reporting a Problem</h1>
|
||
<i>"Well at least you tried to read the documentation, which is a lot
|
||
more than some people on this list appear to do.</i>"<br>
|
||
<br>
|
||
|
||
<div align="center">- Wietse Venema - On the Postfix mailing list<br>
|
||
</div>
|
||
<br>
|
||
There are a number of sources
|
||
for problem solution information. Please try these before you
|
||
post.
|
||
<h3> </h3>
|
||
|
||
<h3> </h3>
|
||
|
||
<ul>
|
||
<li>More than half of the questions posted on the
|
||
support list have answers directly accessible from the <a
|
||
href="shorewall_quickstart_guide.htm#Documentation">Documentation Index</a><br>
|
||
<br>
|
||
</li>
|
||
<li> The <a
|
||
href="FAQ.htm">FAQ</a> has solutions to more than 20 common problems.
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
<h3> </h3>
|
||
|
||
<ul>
|
||
<li> The <a
|
||
href="troubleshoot.htm">Troubleshooting</a> Information contains
|
||
a number of tips to help you solve common problems. </li>
|
||
|
||
</ul>
|
||
|
||
<h3> </h3>
|
||
|
||
<ul>
|
||
<li> The <a
|
||
href="errata.htm"> Errata</a> has links to download updated
|
||
components. </li>
|
||
|
||
</ul>
|
||
|
||
<h3> </h3>
|
||
|
||
<ul>
|
||
<li> The Mailing
|
||
List Archives search facility can locate posts about similar
|
||
problems: </li>
|
||
|
||
</ul>
|
||
|
||
<h2> </h2>
|
||
|
||
<h2>Mailing List Archive Search</h2>
|
||
|
||
<form method="post" action="http://lists.shorewall.net/cgi-bin/htsearch">
|
||
|
||
|
||
<p> <font size="-1"> Match:
|
||
|
||
<select name="method">
|
||
<option value="and">All </option>
|
||
<option value="or">Any </option>
|
||
<option value="boolean">Boolean </option>
|
||
</select>
|
||
Format:
|
||
|
||
|
||
<select name="format">
|
||
<option value="builtin-long">Long </option>
|
||
<option value="builtin-short">Short </option>
|
||
</select>
|
||
Sort by:
|
||
|
||
|
||
<select name="sort">
|
||
<option value="score">Score </option>
|
||
<option value="time">Time </option>
|
||
<option value="title">Title </option>
|
||
<option value="revscore">Reverse Score </option>
|
||
<option value="revtime">Reverse Time </option>
|
||
<option value="revtitle">Reverse Title </option>
|
||
</select>
|
||
</font> <input type="hidden"
|
||
name="config" value="htdig"> <input type="hidden" name="restrict"
|
||
value="[http://lists.shorewall.net/pipermail/.*]"> <input type="hidden"
|
||
name="exclude" value=""> <br>
|
||
Search: <input type="text"
|
||
size="30" name="words" value=""> <input type="submit" value="Search">
|
||
</p>
|
||
</form>
|
||
|
||
<h2>Problem Reporting Guidelines </h2>
|
||
<i>"Let me see if I can translate your message into a
|
||
real-world example. It would be like saying that you have three
|
||
rooms at home, and when you walk into one of the rooms, you detect
|
||
this strange smell. Can anyone tell you what that strange smell is?<br>
|
||
<br>
|
||
Now, all of us could do some wonderful guessing as to
|
||
the smell and even what's causing it. You would be absolutely amazed
|
||
at the range and variety of smells we could come up with. Even more
|
||
amazing is that all of the explanations for the smells would be completely
|
||
plausible."<br>
|
||
</i><br>
|
||
|
||
<div align="center"> - <i>Russell Mosemann</i> on the Postfix mailing list<br>
|
||
</div>
|
||
<br>
|
||
|
||
|
||
<h3> </h3>
|
||
|
||
<ul>
|
||
<li>Please remember we only know what is posted in your message.
|
||
Do not leave out any information that appears to be correct, or was
|
||
mentioned in a previous post. There have been countless posts by people
|
||
who were sure that some part of their configuration was correct when
|
||
it actually contained a small error. We tend to be skeptics where detail
|
||
is lacking.<br>
|
||
<br>
|
||
</li>
|
||
<li>Please keep in mind that you're asking for <strong>free</strong>
|
||
technical support. Any help we offer is an act of generosity, not
|
||
an obligation. Try to make it easy for us to help you. Follow good,
|
||
courteous practices in writing and formatting your e-mail. Provide
|
||
details that we need if you expect good answers. <em>Exact quoting </em>
|
||
of error messages, log entries, command output, and other output is better
|
||
than a paraphrase or summary.<br>
|
||
<br>
|
||
</li>
|
||
<li> Please don't describe
|
||
your environment and then ask us to send you custom
|
||
configuration files. We're here to answer your questions but
|
||
we can't do your job for you.<br>
|
||
<br>
|
||
</li>
|
||
<li>When reporting a problem, <strong>ALWAYS</strong> include
|
||
this information:</li>
|
||
|
||
</ul>
|
||
|
||
<ul>
|
||
|
||
<ul>
|
||
<li>the exact version of Shorewall you are running.<br>
|
||
<br>
|
||
<b><font color="#009900">shorewall version</font><br>
|
||
</b> <br>
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
<ul>
|
||
<li>the exact kernel version you are running<br>
|
||
<br>
|
||
<font color="#009900"><b>uname -a<br>
|
||
<br>
|
||
</b></font></li>
|
||
|
||
</ul>
|
||
|
||
<ul>
|
||
<li>the complete, exact output of<br>
|
||
<br>
|
||
<font color="#009900"><b>ip addr show<br>
|
||
<br>
|
||
</b></font></li>
|
||
|
||
</ul>
|
||
|
||
<ul>
|
||
<li>the complete, exact output of<br>
|
||
<br>
|
||
<font color="#009900"><b>ip route show<br>
|
||
<br>
|
||
</b></font></li>
|
||
|
||
</ul>
|
||
|
||
<ul>
|
||
<li>If your kernel is modularized, the exact output from<br>
|
||
<br>
|
||
<font color="#009900"><b>lsmod</b></font><br>
|
||
<br>
|
||
</li>
|
||
<li>the exact wording of any <code
|
||
style="color: green; font-weight: bold;">ping</code> failure responses<br>
|
||
<br>
|
||
</li>
|
||
<li>If you installed Shorewall using one of the QuickStart Guides,
|
||
please indicate which one. <br>
|
||
<br>
|
||
</li>
|
||
<li><b>If you are running Shorewall under Mandrake using the Mandrake
|
||
installation of Shorewall, please say so.</b><br>
|
||
<br>
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
</ul>
|
||
|
||
<ul>
|
||
<li><b>NEVER </b>include the output of "<b><font
|
||
color="#009900">iptables -L</font></b>". Instead,<font
|
||
color="#ff0000"><u><i><big> <b>if you are having connection problems of
|
||
any kind then:</b></big></i></u></font><br>
|
||
<br>
|
||
1. <b><font color="#009900">/sbin/shorewall/reset</font></b><br>
|
||
<br>
|
||
2. Try the connection that is failing.<br>
|
||
<br>
|
||
3.<b><font color="#009900"> /sbin/shorewall status > /tmp/status.txt</font></b><br>
|
||
<br>
|
||
4. Post the /tmp/status.txt file as an attachment.<br>
|
||
<br>
|
||
</li>
|
||
<li>As a general matter, please <strong>do not edit the diagnostic
|
||
information</strong> in an attempt to conceal your IP address, netmask,
|
||
nameserver addresses, domain name, etc. These aren't secrets, and concealing
|
||
them often misleads us (and 80% of the time, a hacker could derive
|
||
them anyway from information contained in the SMTP headers of your post).<strong></strong></li>
|
||
|
||
</ul>
|
||
|
||
<ul>
|
||
|
||
</ul>
|
||
|
||
<h3> </h3>
|
||
|
||
<ul>
|
||
|
||
</ul>
|
||
|
||
<h3> </h3>
|
||
|
||
<ul>
|
||
<li> Do you see
|
||
any "Shorewall" messages ("<b><font color="#009900">/sbin/shorewall
|
||
show log</font></b>") when you exercise the function that
|
||
is giving you problems? If so, include the message(s) in your post
|
||
along with a copy of your /etc/shorewall/interfaces file.<br>
|
||
<br>
|
||
</li>
|
||
<li>Please include any of the Shorewall configuration files
|
||
(especially the /etc/shorewall/hosts file if you have
|
||
modified that file) that you think are relevant. If you
|
||
include /etc/shorewall/rules, please include /etc/shorewall/policy
|
||
as well (rules are meaningless unless one also knows the policies).
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
<h3> </h3>
|
||
|
||
<ul>
|
||
|
||
</ul>
|
||
|
||
<h3> </h3>
|
||
|
||
<ul>
|
||
<li> If an error occurs
|
||
when you try to "<font color="#009900"><b>shorewall start</b></font>",
|
||
include a trace (See the <a href="troubleshoot.htm">Troubleshooting</a>
|
||
section for instructions). </li>
|
||
|
||
</ul>
|
||
|
||
<h3> </h3>
|
||
|
||
<ul>
|
||
<li>
|
||
|
||
<h3><b>The list server limits posts to 120kb so don't post GIFs of
|
||
your network layout, etc. to the Mailing List -- your
|
||
post will be rejected.</b></h3>
|
||
</li>
|
||
|
||
</ul>
|
||
The author gratefully acknowleges that the above list was heavily
|
||
plagiarized from the excellent LEAF document by <i>Ray</i> <em>Olszewski</em>
|
||
found at <a
|
||
href="http://leaf-project.org/pub/doc/docmanager/docid_1891.html">http://leaf-project.org/pub/doc/docmanager/docid_1891.html</a>.<br>
|
||
|
||
<h2>Please post in plain text</h2>
|
||
|
||
<blockquote> </blockquote>
|
||
A growing number of MTAs serving list subscribers are rejecting
|
||
all HTML traffic. At least one MTA has gone so far as to blacklist
|
||
shorewall.net "for continuous abuse" because it has been my policy to
|
||
allow HTML in list posts!!<br>
|
||
<br>
|
||
I think that blocking all HTML is a Draconian way to control
|
||
spam and that the ultimate losers here are not the spammers but the
|
||
list subscribers whose MTAs are bouncing all shorewall.net mail. As
|
||
one list subscriber wrote to me privately "These e-mail admin's need
|
||
to get a <i>(expletive deleted)</i> life instead of trying to rid the planet
|
||
of HTML based e-mail". Nevertheless, to allow subscribers to receive list
|
||
posts as must as possible, I have now configured the list server at shorewall.net
|
||
to strip all HTML from outgoing posts.<br>
|
||
|
||
<h2>Where to Send your Problem Report or to Ask for Help</h2>
|
||
|
||
|
||
<blockquote>
|
||
|
||
<h4>If you run Shorewall under Bering -- <span
|
||
style="font-weight: 400;">please post your question or problem
|
||
to the <a href="mailto:leaf-user@lists.sourceforge.net">LEAF Users
|
||
mailing list</a>.</span></h4>
|
||
<b>If you run Shorewall under MandrakeSoft Multi Network
|
||
Firewall (MNF) and you have not purchased an MNF license from MandrakeSoft
|
||
then you can post non MNF-specific Shorewall questions to the </b><a
|
||
href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing
|
||
list</a> or to the <a
|
||
href="http://www.developercube.com/forum/index.php?c=8">Shorewall Support
|
||
Forum</a>. <b>Do not expect to get free MNF support on the list or forum.</b><br>
|
||
|
||
|
||
<p>Otherwise, please post your question or problem to the <a
|
||
href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing
|
||
list</a> or to the <a
|
||
href="http://www.developercube.com/forum/index.php?c=8">Shorewall Support
|
||
Forum</a>.</p>
|
||
</blockquote>
|
||
|
||
|
||
|
||
|
||
<p>The Shorewall List Server provides additional information about <a
|
||
href="http://lists.shorewall.net/mailing_list.htm">Shorewall Mailing Lists</a>.<br>
|
||
</p>
|
||
|
||
|
||
<p align="left"><font size="2">Last Updated 3/6/2003 - Tom Eastep</font></p>
|
||
|
||
|
||
<p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font
|
||
size="2">Copyright</font> <20> <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a></font><br>
|
||
</p>
|
||
<br>
|
||
<br>
|
||
</body>
|
||
</html>
|