holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Updates for RC1

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@429 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-02-04 15:26:02 +00:00
parent 98cab703a2
commit 0079744348
9 changed files with 6932 additions and 6552 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6264
Shorewall-docs/Documentation.htm
View File

File diff suppressed because it is too large Load Diff

1745
Shorewall-docs/FAQ.htm
View File

File diff suppressed because it is too large Load Diff

2993
Shorewall-docs/News.htm
View File

File diff suppressed because it is too large Load Diff

281
Shorewall-docs/OPENVPN.html Executable file
View File

@ -0,0 +1,281 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title>GRE/IPIP Tunnels</title>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" bordercolor="#111111" width="100%"
id="AutoNumber1" bgcolor="#400169" height="90">
<tbody>
<tr>
<td width="100%">
<h1 align="center"><font color="#ffffff">OpenVPN Tunnels</font></h1>
</td>
</tr>
</tbody>
</table>
<h3><br>
</h3>
<p>OpenVPN is a robust and highly configurable VPN (Virtual Private Network)
daemon which can be used to securely link two or more private networks using
an encrypted tunnel over the internet. OpenVPN is an Open Source project and
is <a href="http://openvpn.sourceforge.net/license.html">licensed under the
GPL</a>. OpenVPN can be downloaded from <a
href="http://openvpn.sourceforge.net/">http://openvpn.sourceforge.net/</a>.<br>
</p>
<p>OpenVPN support was added to Shorewall in version 1.3.14.<br>
</p>
<h2>Bridging two Masqueraded Networks</h2>
<p>Suppose that we have the following situation:</p>
<p align="center"><img border="0" src="images/TwoNets1.png" width="745"
height="427">
</p>
<p align="left">We want systems in the 192.168.1.0/24 subnetwork to be able
to communicate with the systems in the 10.0.0.0/8 network. This is accomplished
through use of the /etc/shorewall/tunnels file and the /etc/shorewall/policy
file and OpenVPN.</p>
<p align="left">While it was possible to use the Shorewall start and stop
script to start and stop OpenVPN, I decided to use the init script of OpenVPN
to start and stop it.</p>
<p align="left">On each firewall, you will need to declare a zone to represent
the remote subnet. We'll assume that this zone is called 'vpn' and declare
it in /etc/shorewall/zones on both systems as follows.</p>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><strong>ZONE</strong></td>
<td><strong>DISPLAY</strong></td>
<td><strong>COMMENTS</strong></td>
</tr>
<tr>
<td>vpn</td>
<td>VPN</td>
<td>Remote Subnet</td>
</tr>
</tbody>
</table>
</blockquote>
<p align="left">On system A, the 10.0.0.0/8 will comprise the <b>vpn</b> zone.
In /etc/shorewall/interfaces:</p>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><b>ZONE</b></td>
<td><b>INTERFACE</b></td>
<td><b>BROADCAST</b></td>
<td><b>OPTIONS</b></td>
</tr>
<tr>
<td>vpn</td>
<td>tun0</td>
<td><br>
</td>
<td> </td>
</tr>
</tbody>
</table>
</blockquote>
<p align="left">In /etc/shorewall/tunnels on system A, we need the following:</p>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><b>TYPE</b></td>
<td><b>ZONE</b></td>
<td><b>GATEWAY</b></td>
<td><b>GATEWAY ZONE</b></td>
</tr>
<tr>
<td>openvpn</td>
<td>net</td>
<td>134.28.54.2</td>
<td> </td>
</tr>
</tbody>
</table>
</blockquote>
<p>This entry in /etc/shorewall/tunnels opens the firewall so that OpenVPN
traffic on the default port 5000/udp will be accepted to/from the remote gateway.
If you change the port used by OpenVPN to 7777, you can define /etc/shorewall/tunnels
like this:<br>
</p>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><b>TYPE</b></td>
<td><b>ZONE</b></td>
<td><b>GATEWAY</b></td>
<td><b>GATEWAY ZONE</b></td>
</tr>
<tr>
<td>openvpn:7777</td>
<td>net</td>
<td>134.28.54.2</td>
<td> </td>
</tr>
</tbody>
</table>
</blockquote>
<p>This is the OpenVPN config on system A:</p>
<blockquote>
<p></p>
</blockquote>
<blockquote>
<p>dev tun<br>
local 206.162.148.9<br>
remote 134.28.54.2<br>
ifconfig 192.168.99.1 192.168.99.2<br>
up ./route-a.up<br>
tls-server<br>
dh dh1024.pem<br>
ca ca.crt<br>
cert my-a.crt<br>
key my-a.key<br>
comp-lzo<br>
verb 5<br>
</p>
</blockquote>
<p>Similarly, On system B the 192.168.1.0/24 subnet will comprise the <b>vpn</b>
zone. In /etc/shorewall/interfaces:</p>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><b>ZONE</b></td>
<td><b>INTERFACE</b></td>
<td><b>BROADCAST</b></td>
<td><b>OPTIONS</b></td>
</tr>
<tr>
<td>vpn</td>
<td>tun0</td>
<td>192.168.1.255</td>
<td> </td>
</tr>
</tbody>
</table>
</blockquote>
<p>In /etc/shorewall/tunnels on system B, we have:</p>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><b>TYPE</b></td>
<td><b>ZONE</b></td>
<td><b>GATEWAY</b></td>
<td><b>GATEWAY ZONE</b></td>
</tr>
<tr>
<td>openvpn</td>
<td>net</td>
<td>206.191.148.9</td>
<td> </td>
</tr>
</tbody>
</table>
</blockquote>
<p>And in the OpenVPN config on system B:</p>
<blockquote>
<p>dev tun<br>
local 134.28.54.2<br>
remote 206.162.148.9<br>
ifconfig 192.168.99.2 192.168.99.1<br>
up ./route-b.up<br>
tls-client<br>
ca ca.crt<br>
cert my-b.crt<br>
key my-b.key<br>
comp-lzo<br>
verb 5<br>
</p>
</blockquote>
<p align="left">You will need to allow traffic between the "vpn" zone and
the "loc" zone on both systems -- if you simply want to admit all traffic
in both directions, you can use the policy file:</p>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><strong>SOURCE</strong></td>
<td><strong>DEST</strong></td>
<td><strong>POLICY</strong></td>
<td><strong>LOG LEVEL</strong></td>
</tr>
<tr>
<td>loc</td>
<td>vpn</td>
<td>ACCEPT</td>
<td> </td>
</tr>
<tr>
<td>vpn</td>
<td>loc</td>
<td>ACCEPT</td>
<td> </td>
</tr>
</tbody>
</table>
</blockquote>
<p>On both systems, restart Shorewall and start OpenVPN. The systems in the
two masqueraded subnetworks can now talk to each other.</p>
<p><font size="2">Updated 2/4/2003 - <a href="support.htm">Tom Eastep</a></font>
<small>and Simon Mater</small><br>
</p>
<p><font size="2"> </font></p>
<p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
© <font size="2">2003 Thomas M. Eastep. and Simon Mater<br>
</font></a></font></p>
<br>
<br>
</body>
</html>

403
Shorewall-docs/mailing_list.htm
View File

@ -1,144 +1,147 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html> <html>
<head> <head>
<meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" <meta http-equiv="Content-Type"
content="text/html; charset=windows-1252"> content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0"> <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document"> <meta name="ProgId" content="FrontPage.Editor.Document">
<title>Shorewall Mailing Lists</title> <title>Shorewall Mailing Lists</title>
<meta name="Microsoft Theme" content="none"> <meta name="Microsoft Theme" content="none">
</head> </head>
<body> <body>
<table height="90" bgcolor="#400169" id="AutoNumber1" width="100%" <table height="90" bgcolor="#400169" id="AutoNumber1" width="100%"
style="border-collapse: collapse;" cellspacing="0" cellpadding="0" style="border-collapse: collapse;" cellspacing="0" cellpadding="0"
border="0"> border="0">
<tbody> <tbody>
<tr> <tr>
<td width="33%" valign="middle" align="left"> <td width="33%" valign="middle" align="left">
<h1 align="center"><a <h1 align="center"><a
href="http://www.centralcommand.com/linux_products.html"><img href="http://www.centralcommand.com/linux_products.html"><img
src="images/Vexira_Antivirus_Logo.gif" alt="Vexira Logo" width="78" src="images/Vexira_Antivirus_Logo.gif" alt="Vexira Logo" width="78"
height="79" align="left"> height="79" align="left">
</a></h1> </a></h1>
<a <a
href="http://www.gnu.org/software/mailman/mailman.html"> <img href="http://www.gnu.org/software/mailman/mailman.html"> <img
border="0" src="images/logo-sm.jpg" align="left" hspace="5" width="110" border="0" src="images/logo-sm.jpg" align="left" hspace="5" width="110"
height="35" alt=""> height="35" alt="">
</a> </a>
<p align="right"><font color="#ffffff"><b>  </b></font> </p> <p align="right"><font color="#ffffff"><b>  </b></font> </p>
</td> </td>
<td valign="middle" width="34%" align="center"> <td valign="middle" width="34%" align="center">
<h1 align="center"><font color="#ffffff">Shorewall Mailing Lists</font></h1> <h1 align="center"><font color="#ffffff">Shorewall Mailing Lists</font></h1>
</td> </td>
<td valign="middle" width="33%"> <a <td valign="middle" width="33%"> <a
href="http://www.postfix.org/"> <img href="http://www.postfix.org/"> <img
src="images/small-picture.gif" align="right" border="0" width="115" src="images/small-picture.gif" align="right" border="0" width="115"
height="45" alt="(Postfix Logo)"> height="45" alt="(Postfix Logo)">
</a><br> </a><br>
<div align="left"><a href="http://www.spamassassin.org"><img <div align="left"><a href="http://www.spamassassin.org"><img
src="file:///J:/Shorewall-docs/images/ninjalogo.png" alt="" width="110" src="file:///J:/Shorewall-docs/images/ninjalogo.png" alt="" width="110"
height="42" align="right" border="0"> height="42" align="right" border="0">
</a> </div> </a> </div>
<br> <br>
<div align="right"><br> <div align="right"><br>
<b><font color="#ffffff"><br> <b><font color="#ffffff"><br>
Powered by Postfix    </font></b><br> Powered by Postfix    </font></b><br>
</div> </div>
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<h2 align="left">Not getting List Mail? -- <a <h2 align="left">Not getting List Mail? -- <a
href="mailing_list_problems.htm">Check Here</a></h2> href="mailing_list_problems.htm">Check Here</a></h2>
<p align="left">If you experience problems with any of these lists, please <p align="left">If you experience problems with any of these lists, please
let <a href="mailto:teastep@shorewall.net">me</a> know</p> let <a href="mailto:teastep@shorewall.net">me</a> know</p>
<h2 align="left">Not able to Post Mail to shorewall.net?</h2> <h2 align="left">Not able to Post Mail to shorewall.net?</h2>
<p align="left">You can report such problems by sending mail to tom dot eastep <p align="left">You can report such problems by sending mail to tom dot eastep
at hp dot com.</p> at hp dot com.</p>
<h2>A Word about SPAM Filters <a href="http://ordb.org"></a><a <h2>A Word about SPAM Filters <a href="http://ordb.org"></a><a
href="http://osirusoft.com/"> </a></h2> href="http://osirusoft.com/"> </a></h2>
<p>Before subscribing please read my <a href="spam_filters.htm">policy
about list traffic that bounces.</a> Also please note that the mail server <p>Before subscribing please read my <a href="spam_filters.htm">policy
at shorewall.net checks incoming mail:<br> about list traffic that bounces.</a> Also please note that the mail server
</p> at shorewall.net checks incoming mail:<br>
</p>
<ol> <ol>
<li>against <a href="http://spamassassin.org">Spamassassin</a> <li>against <a href="http://spamassassin.org">Spamassassin</a>
(including <a href="http://razor.sourceforge.net/">Vipul's Razor</a>).<br> (including <a href="http://razor.sourceforge.net/">Vipul's Razor</a>).<br>
</li> </li>
<li>to ensure that the sender address is fully qualified.</li> <li>to ensure that the sender address is fully qualified.</li>
<li>to verify that the sender's domain has an A or MX record <li>to verify that the sender's domain has an A or MX record
in DNS.</li> in DNS.</li>
<li>to ensure that the host name in the HELO/EHLO command <li>to ensure that the host name in the HELO/EHLO command
is a valid fully-qualified DNS name that resolves.</li> is a valid fully-qualified DNS name that resolves.</li>
</ol> </ol>
<h2>Please post in plain text</h2> <h2>Please post in plain text</h2>
A growing number of MTAs serving list subscribers are rejecting all A growing number of MTAs serving list subscribers are rejecting all
HTML traffic. At least one MTA has gone so far as to blacklist shorewall.net HTML traffic. At least one MTA has gone so far as to blacklist shorewall.net
"for continuous abuse" because it has been my policy to allow HTML in list "for continuous abuse" because it has been my policy to allow HTML in list
posts!!<br> posts!!<br>
<br> <br>
I think that blocking all HTML is a Draconian way to control spam I think that blocking all HTML is a Draconian way to control spam
and that the ultimate losers here are not the spammers but the list subscribers and that the ultimate losers here are not the spammers but the list subscribers
whose MTAs are bouncing all shorewall.net mail. As one list subscriber whose MTAs are bouncing all shorewall.net mail. As one list subscriber
wrote to me privately "These e-mail admin's need to get a <i>(explitive deleted)</i> wrote to me privately "These e-mail admin's need to get a <i>(explitive
life instead of trying to rid the planet of HTML based e-mail". Nevertheless, deleted)</i> life instead of trying to rid the planet of HTML based e-mail".
to allow subscribers to receive list posts as must as possible, I have now Nevertheless, to allow subscribers to receive list posts as must as possible,
configured the list server at shorewall.net to strip all HTML from outgoing I have now configured the list server at shorewall.net to strip all HTML
posts. This means that HTML-only posts will be bounced by the list server.<br> from outgoing posts. This means that HTML-only posts will be bounced by
the list server.<br>
<p align="left"> <b>Note: </b>The list server limits posts to 120kb.<br>
</p>
<p align="left"> <b>Note: </b>The list server limits posts to 120kb.<br>
</p>
<h2>Other Mail Delivery Problems</h2> <h2>Other Mail Delivery Problems</h2>
If you find that you are missing an occasional list post, your e-mail If you find that you are missing an occasional list post, your e-mail
admin may be blocking mail whose <i>Received:</i> headers contain the names admin may be blocking mail whose <i>Received:</i> headers contain the names
of certain ISPs. Again, I believe that such policies hurt more than they of certain ISPs. Again, I believe that such policies hurt more than they
help but I'm not prepared to go so far as to start stripping <i>Received:</i> help but I'm not prepared to go so far as to start stripping <i>Received:</i>
headers to circumvent those policies.<br> headers to circumvent those policies.<br>
<h2 align="left">Mailing Lists Archive Search</h2> <h2 align="left">Mailing Lists Archive Search</h2>
<form method="post" action="http://lists.shorewall.net/cgi-bin/htsearch"> <form method="post" action="http://lists.shorewall.net/cgi-bin/htsearch">
<p> <font size="-1"> Match: <p> <font size="-1"> Match:
<select name="method"> <select name="method">
<option value="and">All </option> <option value="and">All </option>
<option value="or">Any </option> <option value="or">Any </option>
<option value="boolean">Boolean </option> <option value="boolean">Boolean </option>
</select> </select>
Format: Format:
<select name="format"> <select name="format">
<option value="builtin-long">Long </option> <option value="builtin-long">Long </option>
<option value="builtin-short">Short </option> <option value="builtin-short">Short </option>
</select> </select>
Sort by: Sort by:
<select name="sort"> <select name="sort">
<option value="score">Score </option> <option value="score">Score </option>
<option value="time">Time </option> <option value="time">Time </option>
@ -147,148 +150,150 @@ help but I'm not prepared to go so far as to start stripping <i>Received:</i>
<option value="revtime">Reverse Time </option> <option value="revtime">Reverse Time </option>
<option value="revtitle">Reverse Title </option> <option value="revtitle">Reverse Title </option>
</select> </select>
</font> <input type="hidden" name="config" </font> <input type="hidden" name="config"
value="htdig"> <input type="hidden" name="restrict" value="htdig"> <input type="hidden" name="restrict"
value="[http://lists.shorewall.net/pipermail/.*]"> <input type="hidden" value="[http://lists.shorewall.net/pipermail/.*]"> <input type="hidden"
name="exclude" value=""> <br> name="exclude" value=""> <br>
Search: <input type="text" size="30" name="words" Search: <input type="text" size="30" name="words"
value=""> <input type="submit" value="Search"> </p> value=""> <input type="submit" value="Search"> </p>
</form> </form>
<h2 align="left"><font color="#ff0000">Please do not try to download the <h2 align="left"><font color="#ff0000">Please do not try to download the entire
entire Archive -- it is 75MB (and growing daily) and my slow DSL line simply Archive -- it is 75MB (and growing daily) and my slow DSL line simply won't
won't stand the traffic. If I catch you, you will be blacklisted.<br> stand the traffic. If I catch you, you will be blacklisted.<br>
</font></h2> </font></h2>
<h2 align="left">Shorewall CA Certificate</h2> <h2 align="left">Shorewall CA Certificate</h2>
If you want to trust X.509 certificates issued by Shoreline If you want to trust X.509 certificates issued by Shoreline
Firewall (such as the one used on my web site), you may <a Firewall (such as the one used on my web site), you may <a
href="Shorewall_CA_html.html">download and install my CA certificate</a> href="Shorewall_CA_html.html">download and install my CA certificate</a>
in your browser. If you don't wish to trust my certificates then you in your browser. If you don't wish to trust my certificates then
can either use unencrypted access when subscribing to Shorewall mailing you can either use unencrypted access when subscribing to Shorewall
lists or you can use secure access (SSL) and accept the server's certificate mailing lists or you can use secure access (SSL) and accept the server's
when prompted by your browser.<br> certificate when prompted by your browser.<br>
<h2 align="left">Shorewall Users Mailing List</h2> <h2 align="left">Shorewall Users Mailing List</h2>
<p align="left">The Shorewall Users Mailing list provides a way for users <p align="left">The Shorewall Users Mailing list provides a way for users
to get answers to questions and to report problems. Information of to get answers to questions and to report problems. Information
general interest to the Shorewall user community is also posted to of general interest to the Shorewall user community is also posted
this list.</p> to this list.</p>
<p align="left"><b>Before posting a problem report to this list, please see <p align="left"><b>Before posting a problem report to this list, please see
the <a href="support.htm">problem reporting guidelines</a>.</b></p> the <a href="http://www.shorewall.net/support.htm">problem reporting
guidelines</a>.</b></p>
<p align="left">To subscribe to the mailing list:<br>
</p>
<ul>
<li><b>Insecure: </b><a
href="http://lists.shorewall.net/mailman/listinfo/shorewall-users">http://lists.shorewall.net/mailman/listinfo/shorewall-users</a></li>
<li><b>SSL:</b> <a
href="https://lists.shorewall.net/mailman/listinfo/shorewall-users"
target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-users</a></li>
</ul>
<p align="left">To post to the list, post to <a
href="mailto:shorewall-users@lists.shorewall.net">shorewall-users@lists.shorewall.net</a>.</p>
<p align="left">The list archives are at <a
href="http://lists.shorewall.net/pipermail/shorewall-users/index.html">http://lists.shorewall.net/pipermail/shorewall-users</a>.</p>
<p align="left">Note that prior to 1/1/2002, the mailing list was hosted at
<a href="http://sourceforge.net">Sourceforge</a>. The archives from that list
may be found at <a
href="http://www.geocrawler.com/lists/3/Sourceforge/9327/0/">www.geocrawler.com/lists/3/Sourceforge/9327/0/</a>.</p>
<h2 align="left">Shorewall Announce Mailing List</h2>
<p align="left">This list is for announcements of general interest to the
Shorewall community. To subscribe:<br>
</p>
<p align="left"></p>
<ul>
<li><b>Insecure:</b> <a
href="http://lists.shorewall.net/mailman/listinfo/shorewall-announce">http://lists.shorewall.net/mailman/listinfo/shorewall-announce</a></li>
<li><b>SSL</b>: <a
href="https://lists.shorewall.net/mailman/listinfo/shorewall-announce"
target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-announce.</a></li>
</ul>
<p align="left"><br>
The list archives are at <a
href="http://lists.shorewall.net/pipermail/shorewall-announce">http://lists.shorewall.net/pipermail/shorewall-announce</a>.</p>
<h2 align="left">Shorewall Development Mailing List</h2>
<p align="left">The Shorewall Development Mailing list provides a forum for
the exchange of ideas about the future of Shorewall and for coordinating
ongoing Shorewall Development.</p>
<p align="left">To subscribe to the mailing list:<br> <p align="left">To subscribe to the mailing list:<br>
</p> </p>
<ul> <ul>
<li><b>Insecure: </b><a <li><b>Insecure: </b><a
href="http://lists.shorewall.net/mailman/listinfo/shorewall-users">http://lists.shorewall.net/mailman/listinfo/shorewall-users</a></li>
<li><b>SSL:</b> <a
href="https://lists.shorewall.net/mailman/listinfo/shorewall-users"
target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-users</a></li>
</ul>
<p align="left">To post to the list, post to <a
href="mailto:shorewall-users@lists.shorewall.net">shorewall-users@lists.shorewall.net</a>.</p>
<p align="left">The list archives are at <a
href="http://lists.shorewall.net/pipermail/shorewall-users/index.html">http://lists.shorewall.net/pipermail/shorewall-users</a>.</p>
<p align="left">Note that prior to 1/1/2002, the mailing list was hosted
at <a href="http://sourceforge.net">Sourceforge</a>. The archives from that
list may be found at <a
href="http://www.geocrawler.com/lists/3/Sourceforge/9327/0/">www.geocrawler.com/lists/3/Sourceforge/9327/0/</a>.</p>
<h2 align="left">Shorewall Announce Mailing List</h2>
<p align="left">This list is for announcements of general interest to the
Shorewall community. To subscribe:<br>
</p>
<p align="left"></p>
<ul>
<li><b>Insecure:</b> <a
href="http://lists.shorewall.net/mailman/listinfo/shorewall-announce">http://lists.shorewall.net/mailman/listinfo/shorewall-announce</a></li>
<li><b>SSL</b>: <a
href="https://lists.shorewall.net/mailman/listinfo/shorewall-announce"
target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-announce.</a></li>
</ul>
<p align="left"><br>
The list archives are at <a
href="http://lists.shorewall.net/pipermail/shorewall-announce">http://lists.shorewall.net/pipermail/shorewall-announce</a>.</p>
<h2 align="left">Shorewall Development Mailing List</h2>
<p align="left">The Shorewall Development Mailing list provides a forum for
the exchange of ideas about the future of Shorewall and for coordinating
ongoing Shorewall Development.</p>
<p align="left">To subscribe to the mailing list:<br>
</p>
<ul>
<li><b>Insecure: </b><a
href="http://lists.shorewall.net/mailman/listinfo/shorewall-devel">http://lists.shorewall.net/mailman/listinfo/shorewall-devel</a></li> href="http://lists.shorewall.net/mailman/listinfo/shorewall-devel">http://lists.shorewall.net/mailman/listinfo/shorewall-devel</a></li>
<li><b>SSL:</b> <a <li><b>SSL:</b> <a
href="https://lists.shorewall.net/mailman/listinfo/shorewall-devel" href="https://lists.shorewall.net/mailman/listinfo/shorewall-devel"
target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-devel.</a></li> target="_top">https//lists.shorewall.net/mailman/listinfo/shorewall-devel.</a></li>
</ul> </ul>
<p align="left"> To post to the list, post to <a <p align="left"> To post to the list, post to <a
href="mailto:shorewall-devel@lists.shorewall.net">shorewall-devel@lists.shorewall.net</a>. </p> href="mailto:shorewall-devel@lists.shorewall.net">shorewall-devel@lists.shorewall.net</a>. </p>
<p align="left">The list archives are at <a <p align="left">The list archives are at <a
href="http://lists.shorewall.net/pipermail/shorewall-devel">http://lists.shorewall.net/pipermail/shorewall-devel</a>.</p> href="http://lists.shorewall.net/pipermail/shorewall-devel">http://lists.shorewall.net/pipermail/shorewall-devel</a>.</p>
<h2 align="left"><a name="Unsubscribe"></a>How to Unsubscribe from one of <h2 align="left"><a name="Unsubscribe"></a>How to Unsubscribe from one of
the Mailing Lists</h2> the Mailing Lists</h2>
<p align="left">There seems to be near-universal confusion about unsubscribing <p align="left">There seems to be near-universal confusion about unsubscribing
from Mailman-managed lists although Mailman 2.1 has attempted to from Mailman-managed lists although Mailman 2.1 has attempted to
make this less confusing. To unsubscribe:</p> make this less confusing. To unsubscribe:</p>
<ul> <ul>
<li> <li>
<p align="left">Follow the same link above that you used to subscribe
to the list.</p>
</li>
<li>
<p align="left">Down at the bottom of that page is the following text:
" To <b>unsubscribe</b> from <i>&lt;list name&gt;</i>, get a password
reminder, or change your subscription options enter your subscription
email address:". Enter your email address in the box and click
on the "<b>Unsubscribe</b> or edit options" button.</p>
</li>
<li>
<p align="left">There will now be a box where you can enter your password
and click on "Unsubscribe"; if you have forgotten your password,
there is another button that will cause your password to be emailed
to you.</p>
</li>
<p align="left">Follow the same link above that you used to subscribe
to the list.</p>
</li>
<li>
<p align="left">Down at the bottom of that page is the following text:
" To <b>unsubscribe</b> from <i>&lt;list name&gt;</i>, get a password
reminder, or change your subscription options enter your subscription
email address:". Enter your email address in the box and click
on the "<b>Unsubscribe</b> or edit options" button.</p>
</li>
<li>
<p align="left">There will now be a box where you can enter your password
and click on "Unsubscribe"; if you have forgotten your password,
there is another button that will cause your password to be emailed
to you.</p>
</li>
</ul> </ul>
<hr> <hr>
<h2 align="left">Frustrated by having to Rebuild Mailman to use it with Postfix?</h2> <h2 align="left">Frustrated by having to Rebuild Mailman to use it with Postfix?</h2>
<p align="left"><a href="gnu_mailman.htm">Check out these instructions</a></p> <p align="left"><a href="gnu_mailman.htm">Check out these instructions</a></p>
<p align="left"><font size="2">Last updated 1/14/2003 - <a <p align="left"><font size="2">Last updated 2/3/2003 - <a
href="support.htm">Tom Eastep</a></font></p> href="support.htm">Tom Eastep</a></font></p>
<p align="left"><a href="copyright.htm"> <font size="2">Copyright</font> <p align="left"><a href="copyright.htm"> <font size="2">Copyright</font> ©
© <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br> <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a><br>
</p> </p>
<br>
<br> <br>
<br> <br>
<br> <br>

849
Shorewall-docs/seattlefirewall_index.htm
View File

File diff suppressed because it is too large Load Diff

6
Shorewall-docs/shorewall_features.htm
View File

@ -44,11 +44,11 @@
</ul> </ul>
</li> </li>
<li> <a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> <li> <a href="shorewall_quickstart_guide.htm">QuickStart Guides (HOWTOs)</a>
to help get your first firewall up and running quickly</li> to help get your first firewall up and running quickly</li>
<li>Extensive <b> <a <li>Extensive <b> <a
href="shorewall_quickstart_guide.htm#Documentation" target="_top">documentation</a> href="shorewall_quickstart_guide.htm#Documentation">documentation</a>
</b> included in the .tgz and .rpm downloads.</li> </b> included in the .tgz and .rpm downloads.</li>
<li><b>Flexible address management/routing support</b> (and you can <li><b>Flexible address management/routing support</b> (and you can
use all types in the same firewall): use all types in the same firewall):
<ul> <ul>

393
Shorewall-docs/shorewall_quickstart_guide.htm
View File

@ -1,295 +1,300 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html> <html>
<head> <head>
<meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0"> <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document"> <meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" <meta http-equiv="Content-Type"
content="text/html; charset=windows-1252"> content="text/html; charset=windows-1252">
<title>Shorewall QuickStart Guide</title> <title>Shorewall QuickStart Guide</title>
<meta name="Microsoft Theme" content="none"> <meta name="Microsoft Theme" content="none">
</head> </head>
<body> <body>
<table border="0" cellpadding="0" cellspacing="0" <table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" width="100%" id="AutoNumber1" style="border-collapse: collapse;" width="100%" id="AutoNumber1"
bgcolor="#400169" height="90"> bgcolor="#400169" height="90">
<tbody> <tbody>
<tr> <tr>
<td width="100%"> <td width="100%">
<h1 align="center"><font color="#ffffff">Shorewall QuickStart Guides <h1 align="center"><font color="#ffffff">Shorewall QuickStart Guides
(HOWTO's)<br> (HOWTO's)<br>
Version 3.1</font></h1> Version 3.1</font></h1>
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<p align="center">With thanks to Richard who reminded me once again that <p align="center">With thanks to Richard who reminded me once again that we
we must all first walk before we can run.<br> must all first walk before we can run.<br>
The French Translations are courtesy of Patrice Vetsel<br> The French Translations are courtesy of Patrice Vetsel<br>
</p> </p>
<h2>The Guides</h2> <h2>The Guides</h2>
<p>These guides provide step-by-step instructions for configuring Shorewall <p>These guides provide step-by-step instructions for configuring Shorewall
in common firewall setups.</p> in common firewall setups.</p>
<p>The following guides are for <b>users who have a single public IP address</b>:</p> <p>The following guides are for <b>users who have a single public IP address</b>:</p>
<ul> <ul>
<li><a href="standalone.htm">Standalone</a> Linux System <li><a href="standalone.htm">Standalone</a> Linux System
(<a href="standalone_fr.html">Version Française</a>)</li> (<a href="standalone_fr.html">Version Française</a>)</li>
<li><a href="two-interface.htm">Two-interface</a> Linux <li><a href="two-interface.htm">Two-interface</a> Linux
System acting as a firewall/router for a small local network (<a System acting as a firewall/router for a small local network (<a
href="two-interface_fr.html">Version Française</a>)</li> href="two-interface_fr.html">Version Française</a>)</li>
<li><a href="three-interface.htm">Three-interface</a> <li><a href="three-interface.htm">Three-interface</a>
Linux System acting as a firewall/router for a small local network Linux System acting as a firewall/router for a small local network
and a DMZ. (<a href="three-interface_fr.html">Version Française</a>)</li> and a DMZ. (<a href="three-interface_fr.html">Version Française</a>)</li>
</ul> </ul>
<p>The above guides are designed to get your first firewall up and running <p>The above guides are designed to get your first firewall up and running
quickly in the three most common Shorewall configurations.</p> quickly in the three most common Shorewall configurations.</p>
<p>The <a href="shorewall_setup_guide.htm">Shorewall Setup Guide</a> outlines <p>The <a href="shorewall_setup_guide.htm">Shorewall Setup Guide</a> outlines
the steps necessary to set up a firewall where <b>there are multiple the steps necessary to set up a firewall where <b>there are multiple
public IP addresses involved or if you want to learn more about Shorewall public IP addresses involved or if you want to learn more about Shorewall
than is explained in the single-address guides above.</b></p> than is explained in the single-address guides above.</b></p>
<ul> <ul>
<li><a href="shorewall_setup_guide.htm#Introduction">1.0 <li><a href="shorewall_setup_guide.htm#Introduction">1.0
Introduction</a></li> Introduction</a></li>
<li><a href="shorewall_setup_guide.htm#Concepts">2.0 Shorewall <li><a href="shorewall_setup_guide.htm#Concepts">2.0
Concepts</a></li> Shorewall Concepts</a></li>
<li><a href="shorewall_setup_guide.htm#Interfaces">3.0 <li><a href="shorewall_setup_guide.htm#Interfaces">3.0
Network Interfaces</a></li> Network Interfaces</a></li>
<li><a href="shorewall_setup_guide.htm#Addressing">4.0 <li><a href="shorewall_setup_guide.htm#Addressing">4.0
Addressing, Subnets and Routing</a> Addressing, Subnets and Routing</a>
<ul> <ul>
<li><a href="shorewall_setup_guide.htm#Addresses">4.1 <li><a href="shorewall_setup_guide.htm#Addresses">4.1
IP Addresses</a></li> IP Addresses</a></li>
<li><a <li><a
href="shorewall_setup_guide.htm#Subnets">4.2 Subnets</a></li> href="shorewall_setup_guide.htm#Subnets">4.2 Subnets</a></li>
<li><a href="shorewall_setup_guide.htm#Routing">4.3 <li><a href="shorewall_setup_guide.htm#Routing">4.3
Routing</a></li> Routing</a></li>
<li><a href="shorewall_setup_guide.htm#ARP">4.4 Address <li><a href="shorewall_setup_guide.htm#ARP">4.4 Address
Resolution Protocol</a></li> Resolution Protocol</a></li>
</ul> </ul>
<ul>
<li><a href="shorewall_setup_guide.htm#RFC1918">4.5
RFC 1918</a></li>
</ul>
</li>
<li><a href="shorewall_setup_guide.htm#Options">5.0 Setting
up your Network</a>
<ul> <ul>
<li><a href="shorewall_setup_guide.htm#Routed">5.1 Routed</a></li> <li><a href="shorewall_setup_guide.htm#RFC1918">4.5
RFC 1918</a></li>
</ul>
</li>
<li><a href="shorewall_setup_guide.htm#Options">5.0 Setting
up your Network</a>
<ul>
<li><a href="shorewall_setup_guide.htm#Routed">5.1
Routed</a></li>
</ul> </ul>
<ul> <ul>
<li><a href="shorewall_setup_guide.htm#NonRouted">5.2 <li><a href="shorewall_setup_guide.htm#NonRouted">5.2
Non-routed</a> Non-routed</a>
<ul> <ul>
<li><a href="shorewall_setup_guide.htm#SNAT">5.2.1 <li><a href="shorewall_setup_guide.htm#SNAT">5.2.1
SNAT</a></li> SNAT</a></li>
<li><a href="shorewall_setup_guide.htm#DNAT">5.2.2 <li><a href="shorewall_setup_guide.htm#DNAT">5.2.2
DNAT</a></li> DNAT</a></li>
<li><a href="shorewall_setup_guide.htm#ProxyARP">5.2.3 <li><a href="shorewall_setup_guide.htm#ProxyARP">5.2.3
Proxy ARP</a></li> Proxy ARP</a></li>
<li><a href="shorewall_setup_guide.htm#NAT">5.2.4 <li><a href="shorewall_setup_guide.htm#NAT">5.2.4
Static NAT</a></li> Static NAT</a></li>
</ul> </ul>
</li> </li>
<li><a href="shorewall_setup_guide.htm#Rules">5.3 Rules</a></li> <li><a href="shorewall_setup_guide.htm#Rules">5.3 Rules</a></li>
<li><a href="shorewall_setup_guide.htm#OddsAndEnds">5.4 <li><a
Odds and Ends</a></li> href="shorewall_setup_guide.htm#OddsAndEnds">5.4 Odds and Ends</a></li>
</ul> </ul>
</li> </li>
<li><a href="shorewall_setup_guide.htm#DNS">6.0 DNS</a></li> <li><a href="shorewall_setup_guide.htm#DNS">6.0 DNS</a></li>
<li><a <li><a
href="shorewall_setup_guide.htm#StartingAndStopping">7.0 Starting and href="shorewall_setup_guide.htm#StartingAndStopping">7.0 Starting and
Stopping the Firewall</a></li> Stopping the Firewall</a></li>
</ul> </ul>
<h2><a name="Documentation"></a>Documentation Index</h2> <h2><a name="Documentation"></a>Documentation Index</h2>
<p>The following documentation covers a variety of topics and <b>supplements <p>The following documentation covers a variety of topics and <b>supplements
the <a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> the <a href="shorewall_quickstart_guide.htm">QuickStart Guides</a>
described above</b>. Please review the appropriate guide before trying described above</b>. Please review the appropriate guide before trying
to use this documentation directly.</p> to use this documentation directly.</p>
<ul> <ul>
<li><a href="blacklisting_support.htm">Blacklisting</a> <li><a href="blacklisting_support.htm">Blacklisting</a>
<ul> <ul>
<li>Static Blacklisting using /etc/shorewall/blacklist</li> <li>Static Blacklisting using /etc/shorewall/blacklist</li>
<li>Dynamic Blacklisting using /sbin/shorewall</li> <li>Dynamic Blacklisting using /sbin/shorewall</li>
</ul> </ul>
</li> </li>
<li><a href="configuration_file_basics.htm">Common configuration <li><a href="configuration_file_basics.htm">Common configuration
file features</a> file features</a>
<ul> <ul>
<li><a <li><a
href="configuration_file_basics.htm#Comments">Comments in configuration href="configuration_file_basics.htm#Comments">Comments in configuration
files</a></li> files</a></li>
<li><a <li><a
href="configuration_file_basics.htm#Continuation">Line Continuation</a></li> href="configuration_file_basics.htm#Continuation">Line Continuation</a></li>
<li><a href="configuration_file_basics.htm#Ports">Port <li><a href="configuration_file_basics.htm#Ports">Port
Numbers/Service Names</a></li> Numbers/Service Names</a></li>
<li><a href="configuration_file_basics.htm#Ranges">Port <li><a href="configuration_file_basics.htm#Ranges">Port
Ranges</a></li> Ranges</a></li>
<li><a <li><a
href="configuration_file_basics.htm#Variables">Using Shell Variables</a></li> href="configuration_file_basics.htm#Variables">Using Shell Variables</a></li>
<li><a <li><a
href="configuration_file_basics.htm#dnsnames">Using DNS Names</a><br> href="configuration_file_basics.htm#dnsnames">Using DNS Names</a><br>
</li> </li>
<li><a <li><a
href="configuration_file_basics.htm#Compliment">Complementing an IP address href="configuration_file_basics.htm#Compliment">Complementing an IP address
or Subnet</a></li> or Subnet</a></li>
<li><a href="configuration_file_basics.htm#Configs">Shorewall <li><a
Configurations (making a test configuration)</a></li> href="configuration_file_basics.htm#Configs">Shorewall Configurations
<li><a href="configuration_file_basics.htm#MAC">Using (making a test configuration)</a></li>
<li><a href="configuration_file_basics.htm#MAC">Using
MAC Addresses in Shorewall</a></li> MAC Addresses in Shorewall</a></li>
</ul> </ul>
</li> </li>
<li><a href="Documentation.htm">Configuration File Reference <li><a href="Documentation.htm">Configuration File Reference
Manual</a> Manual</a>
<ul> <ul>
<li> <a href="Documentation.htm#Variables">params</a></li> <li> <a href="Documentation.htm#Variables">params</a></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="Documentation.htm#Zones">zones</a></font></li> href="Documentation.htm#Zones">zones</a></font></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="Documentation.htm#Interfaces">interfaces</a></font></li> href="Documentation.htm#Interfaces">interfaces</a></font></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="Documentation.htm#Hosts">hosts</a></font></li> href="Documentation.htm#Hosts">hosts</a></font></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="Documentation.htm#Policy">policy</a></font></li> href="Documentation.htm#Policy">policy</a></font></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="Documentation.htm#Rules">rules</a></font></li> href="Documentation.htm#Rules">rules</a></font></li>
<li><a href="Documentation.htm#Common">common</a></li> <li><a href="Documentation.htm#Common">common</a></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="Documentation.htm#Masq">masq</a></font></li> href="Documentation.htm#Masq">masq</a></font></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="Documentation.htm#ProxyArp">proxyarp</a></font></li> href="Documentation.htm#ProxyArp">proxyarp</a></font></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="Documentation.htm#NAT">nat</a></font></li> href="Documentation.htm#NAT">nat</a></font></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="Documentation.htm#Tunnels">tunnels</a></font></li> href="Documentation.htm#Tunnels">tunnels</a></font></li>
<li><a href="traffic_shaping.htm#tcrules">tcrules</a></li> <li><a href="traffic_shaping.htm#tcrules">tcrules</a></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="Documentation.htm#Conf">shorewall.conf</a></font></li> href="Documentation.htm#Conf">shorewall.conf</a></font></li>
<li><a href="Documentation.htm#modules">modules</a></li> <li><a href="Documentation.htm#modules">modules</a></li>
<li><a href="Documentation.htm#TOS">tos</a> </li> <li><a href="Documentation.htm#TOS">tos</a> </li>
<li><a href="Documentation.htm#Blacklist">blacklist</a></li> <li><a href="Documentation.htm#Blacklist">blacklist</a></li>
<li><a href="Documentation.htm#rfc1918">rfc1918</a></li> <li><a href="Documentation.htm#rfc1918">rfc1918</a></li>
<li><a href="Documentation.htm#Routestopped">routestopped</a></li> <li><a href="Documentation.htm#Routestopped">routestopped</a></li>
</ul> </ul>
</li> </li>
<li><a href="dhcp.htm">DHCP</a></li> <li><a href="dhcp.htm">DHCP</a></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="shorewall_extension_scripts.htm">Extension Scripts</a></font> (How href="shorewall_extension_scripts.htm">Extension Scripts</a></font>
to extend Shorewall without modifying Shorewall code)</li> (How to extend Shorewall without modifying Shorewall code)</li>
<li><a href="fallback.htm">Fallback/Uninstall</a></li> <li><a href="fallback.htm">Fallback/Uninstall</a></li>
<li><a href="shorewall_firewall_structure.htm">Firewall <li><a href="shorewall_firewall_structure.htm">Firewall
Structure</a></li> Structure</a></li>
<li><font color="#000099"><a href="kernel.htm">Kernel <li><font color="#000099"><a href="kernel.htm">Kernel
Configuration</a></font></li> Configuration</a></font></li>
<li><a href="shorewall_logging.html">Logging</a><br> <li><a href="shorewall_logging.html">Logging</a><br>
</li>
<li><a href="MAC_Validation.html">MAC Verification</a><br>
</li>
<li><a href="myfiles.htm">My Configuration Files</a> (How I personally
use Shorewall)</li>
<li><a href="ping.html">'Ping' Management</a><br>
</li> </li>
<li><a href="ports.htm">Port Information</a> <li><a href="MAC_Validation.html">MAC Verification</a><br>
</li>
<li><a href="myfiles.htm">My Configuration Files</a> (How I personally
use Shorewall)</li>
<li><a href="ping.html">'Ping' Management</a><br>
</li>
<li><a href="ports.htm">Port Information</a>
<ul> <ul>
<li>Which applications use which ports</li> <li>Which applications use which ports</li>
<li>Ports used by Trojans</li> <li>Ports used by Trojans</li>
</ul> </ul>
</li> </li>
<li><a href="ProxyARP.htm">Proxy ARP</a></li> <li><a href="ProxyARP.htm">Proxy ARP</a></li>
<li><a href="samba.htm">Samba</a></li> <li><a href="samba.htm">Samba</a></li>
<li><font color="#000099"><a <li><font color="#000099"><a
href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li> href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li>
<ul> <ul>
<li>Description of all /sbin/shorewall commands</li> <li>Description of all /sbin/shorewall commands</li>
<li>How to safely test a Shorewall configuration change<br> <li>How to safely test a Shorewall configuration change<br>
</li> </li>
</ul> </ul>
<li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li> <li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li>
<li><a href="Shorewall_Squid_Usage.html">Squid as a Transparent Proxy <li><a href="Shorewall_Squid_Usage.html">Squid as a Transparent Proxy
with Shorewall</a><br> with Shorewall</a><br>
</li> </li>
<li><a href="traffic_shaping.htm">Traffic Shaping/QOS</a></li> <li><a href="traffic_shaping.htm">Traffic Shaping/QOS</a></li>
<li>VPN <li>VPN
<ul> <ul>
<li><a href="IPSEC.htm">IPSEC</a></li> <li><a href="IPSEC.htm">IPSEC</a></li>
<li><a href="IPIP.htm">GRE and IPIP</a></li> <li><a href="IPIP.htm">GRE and IPIP</a></li>
<li><a href="PPTP.htm">PPTP</a></li> <li><a href="OPENVPN.html">OpenVPN</a><br>
<li><a href="VPN.htm">IPSEC/PPTP</a> from a system behind </li>
your firewall to a remote network.</li> <li><a href="PPTP.htm">PPTP</a></li>
<li><a href="VPN.htm">IPSEC/PPTP</a> from a system
behind your firewall to a remote network.</li>
</ul> </ul>
</li> </li>
<li><a href="whitelisting_under_shorewall.htm">White List <li><a href="whitelisting_under_shorewall.htm">White
Creation</a></li> List Creation</a></li>
</ul> </ul>
<p>If you use one of these guides and have a suggestion for improvement <a <p>If you use one of these guides and have a suggestion for improvement <a
href="mailto:webmaster@shorewall.net">please let me know</a>.</p> href="mailto:webmaster@shorewall.net">please let me know</a>.</p>
<p><font size="2">Last modified 1/28/2003 - <a href="support.htm">Tom Eastep</a></font></p> <p><font size="2">Last modified 2/4/2003 - <a href="support.htm">Tom Eastep</a></font></p>
<p><a href="copyright.htm"><font size="2">Copyright 2002, 2003 Thomas M. <p><a href="copyright.htm"><font size="2">Copyright 2002, 2003 Thomas M.
Eastep</font></a><br> Eastep</font></a><br>
</p> </p>
<br>
<br> <br>
<br> <br>
<br> <br>

550
Shorewall-docs/support.htm
View File

@ -2,120 +2,121 @@
<html> <html>
<head> <head>
<meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" <meta http-equiv="Content-Type"
content="text/html; charset=windows-1252"> content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0"> <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document"> <meta name="ProgId" content="FrontPage.Editor.Document">
<title>Support</title> <title>Support</title>
<meta name="Microsoft Theme" content="none"> <meta name="Microsoft Theme" content="none">
</head> </head>
<body> <body>
<table border="0" cellpadding="0" cellspacing="0" <table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" width="100%" id="AutoNumber1" style="border-collapse: collapse;" width="100%" id="AutoNumber1"
bgcolor="#400169" height="90"> bgcolor="#400169" height="90">
<tbody> <tbody>
<tr> <tr>
<td width="100%"> <td width="100%">
<h1 align="center"><font color="#ffffff">Shorewall Support<img <h1 align="center"><font color="#ffffff">Shorewall Support<img
src="images/obrasinf.gif" alt="" width="90" height="90" align="middle"> src="images/obrasinf.gif" alt="" width="90" height="90" align="middle">
</font></h1> </font></h1>
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<p> <b><big><big><font color="#ff0000">While I don't answer Shorewall  questions <p> <b><big><big><font color="#ff0000">While I don't answer Shorewall  questions
emailed directly to me, I try to spend some time each day answering questions emailed directly to me, I try to spend some time each day answering questions
on the Shorewall Users Mailing List.</font></big><span on the Shorewall Users Mailing List.</font></big><span
style="font-weight: 400;"></span></big></b></p> style="font-weight: 400;"></span></big></b></p>
<h2 align="center"><big><font color="#ff0000"><b>-Tom Eastep</b></font></big></h2> <h2 align="center"><big><font color="#ff0000"><b>-Tom Eastep</b></font></big></h2>
<h1>Before Reporting a Problem</h1> <h1>Before Reporting a Problem</h1>
There are a number of sources for problem There are a number of sources for problem
solution information. Please try these before you post. solution information. Please try these before you post.
<h3> </h3> <h3> </h3>
<h3> </h3> <h3> </h3>
<ul> <ul>
<li>More than half of the questions posted on the support <li>More than half of the questions posted on the support
list have answers directly accessible from the <a list have answers directly accessible from the <a
href="shorewall_quickstart_guide.htm#Documentation">Documentation Index</a><br> href="shorewall_quickstart_guide.htm#Documentation">Documentation Index</a><br>
<br> <br>
</li>
<li> The <a href="FAQ.htm">FAQ</a>
has solutions to more than 20 common problems. </li>
</ul>
<h3> </h3>
<ul>
<li> The <a
href="troubleshoot.htm">Troubleshooting</a> Information contains
a number of tips to help you solve common problems. </li>
</ul>
<h3> </h3>
<ul>
<li> The <a
href="errata.htm"> Errata</a> has links to download updated
components. </li>
</ul>
<h3> </h3>
<ul>
<li> The Mailing List Archives
search facility can locate posts about similar problems:
</li> </li>
<li> The <a href="FAQ.htm">FAQ</a>
has solutions to more than 20 common problems. </li>
</ul> </ul>
<h3> </h3>
<ul>
<li> The <a
href="troubleshoot.htm">Troubleshooting</a> Information contains
a number of tips to help you solve common problems. </li>
</ul>
<h3> </h3>
<ul>
<li> The <a
href="errata.htm"> Errata</a> has links to download updated
components. </li>
</ul>
<h3> </h3>
<ul>
<li> The Mailing List Archives
search facility can locate posts about similar problems:
</li>
</ul>
<h2> </h2> <h2> </h2>
<h2>Mailing List Archive Search</h2> <h2>Mailing List Archive Search</h2>
<form method="post" action="http://lists.shorewall.net/cgi-bin/htsearch"> <form method="post" action="http://lists.shorewall.net/cgi-bin/htsearch">
<p> <font size="-1"> Match: <p> <font size="-1"> Match:
<select name="method"> <select name="method">
<option value="and">All </option> <option value="and">All </option>
<option value="or">Any </option> <option value="or">Any </option>
<option value="boolean">Boolean </option> <option value="boolean">Boolean </option>
</select> </select>
Format: Format:
<select name="format"> <select name="format">
<option value="builtin-long">Long </option> <option value="builtin-long">Long </option>
<option value="builtin-short">Short </option> <option value="builtin-short">Short </option>
</select> </select>
Sort by: Sort by:
<select name="sort"> <select name="sort">
<option value="score">Score </option> <option value="score">Score </option>
<option value="time">Time </option> <option value="time">Time </option>
@ -124,242 +125,245 @@ list have answers directly accessible from the <a
<option value="revtime">Reverse Time </option> <option value="revtime">Reverse Time </option>
<option value="revtitle">Reverse Title </option> <option value="revtitle">Reverse Title </option>
</select> </select>
</font> <input type="hidden" name="config" </font> <input type="hidden" name="config"
value="htdig"> <input type="hidden" name="restrict" value="htdig"> <input type="hidden" name="restrict"
value="[http://lists.shorewall.net/pipermail/.*]"> <input type="hidden" value="[http://lists.shorewall.net/pipermail/.*]"> <input type="hidden"
name="exclude" value=""> <br> name="exclude" value=""> <br>
Search: <input type="text" size="30" Search: <input type="text" size="30"
name="words" value=""> <input type="submit" value="Search"> </p> name="words" value=""> <input type="submit" value="Search"> </p>
</form> </form>
<h2>Problem Reporting Guidelines </h2> <h2>Problem Reporting Guidelines </h2>
<i>"Let me see if I can translate your message into a real-world <i>"Let me see if I can translate your message into a real-world
example. It would be like saying that you have three rooms at home, example. It would be like saying that you have three rooms at home,
and when you walk into one of the rooms, you detect this strange smell. and when you walk into one of the rooms, you detect this strange smell.
Can anyone tell you what that strange smell is?<br> Can anyone tell you what that strange smell is?<br>
<br> <br>
Now, all of us could do some wonderful guessing as to the smell Now, all of us could do some wonderful guessing as to the smell
and even what's causing it. You would be absolutely amazed at the range and even what's causing it. You would be absolutely amazed at the
and variety of smells we could come up with. Even more amazing is that range and variety of smells we could come up with. Even more amazing
all of the explanations for the smells would be completely plausible."<br> is that all of the explanations for the smells would be completely
</i><br> plausible."<br>
</i><br>
<div align="center"> - <i>Russell Mosemann</i> on the Postfix mailing list<br> <div align="center"> - <i>Russell Mosemann</i> on the Postfix mailing list<br>
</div> </div>
<br> <br>
<h3> </h3> <h3> </h3>
<ul> <ul>
<li>Please remember we only know what is posted in your message. <li>Please remember we only know what is posted in your message.
Do not leave out any information that appears to be correct, or was mentioned Do not leave out any information that appears to be correct, or was mentioned
in a previous post. There have been countless posts by people who were in a previous post. There have been countless posts by people who were
sure that some part of their configuration was correct when it actually sure that some part of their configuration was correct when it actually
contained a small error. We tend to be skeptics where detail is lacking.<br> contained a small error. We tend to be skeptics where detail is lacking.<br>
<br> <br>
</li> </li>
<li>Please keep in mind that you're asking for <strong>free</strong> <li>Please keep in mind that you're asking for <strong>free</strong>
technical support. Any help we offer is an act of generosity, not an obligation. technical support. Any help we offer is an act of generosity, not an obligation.
Try to make it easy for us to help you. Follow good, courteous practices Try to make it easy for us to help you. Follow good, courteous practices
in writing and formatting your e-mail. Provide details that we need if in writing and formatting your e-mail. Provide details that we need if
you expect good answers. <em>Exact quoting </em> of error messages, log you expect good answers. <em>Exact quoting </em> of error messages, log
entries, command output, and other output is better than a paraphrase or entries, command output, and other output is better than a paraphrase or
summary.<br> summary.<br>
<br> <br>
</li> </li>
<li> Please don't describe your <li> Please don't describe your
environment and then ask us to send you custom configuration environment and then ask us to send you custom configuration
files. We're here to answer your questions but we can't files. We're here to answer your questions but we can't
do your job for you.<br> do your job for you.<br>
<br> <br>
</li> </li>
<li>When reporting a problem, <strong>ALWAYS</strong> include this <li>When reporting a problem, <strong>ALWAYS</strong> include this
information:</li> information:</li>
</ul>
<ul>
<ul>
<li>the exact version of Shorewall you are running.<br>
<br>
<b><font color="#009900">shorewall version</font><br>
</b> <br>
</li>
</ul>
<ul>
<li>the exact kernel version you are running<br>
<br>
<font color="#009900"><b>uname -a<br>
<br>
</b></font></li>
</ul>
<ul>
<li>the complete, exact output of<br>
<br>
<font color="#009900"><b>ip addr show<br>
<br>
</b></font></li>
</ul>
<ul>
<li>the complete, exact output of<br>
<br>
<font color="#009900"><b>ip route show<br>
<br>
</b></font></li>
</ul>
<ul>
<li>If your kernel is modularized, the exact output from<br>
<br>
<font color="#009900"><b>lsmod</b></font><br>
<br>
</li>
<li>the exact wording of any <code
style="color: green; font-weight: bold;">ping</code> failure responses.<br>
<br>
</li>
</ul>
</ul> </ul>
<ul> <ul>
<li><b>NEVER </b>include the output of "<b><font
<ul> color="#009900">iptables -L</font></b>". Instead, if you are having connection
<li>the exact version of Shorewall you are running.<br> problems please post the exact output of<br>
<br> <br>
<b><font color="#009900">shorewall version</font><br> <b><font color="#009900">/sbin/shorewall status<br>
</b> <br> <br>
</li> </font></b>Since that command generates a lot of output, we suggest
that you redirect the output to a file and attach the file to your post<br>
</ul> <br>
<b><font color="#009900">/sbin/shorewall status &gt; /tmp/status.txt</font></b><br>
<ul> <br>
<li>the exact kernel version you are running<br> </li>
<br> <li>As a general matter, please <strong>do not edit the diagnostic
<font color="#009900"><b>uname -a<br> information</strong> in an attempt to conceal your IP address, netmask,
<br> nameserver addresses, domain name, etc. These aren't secrets, and concealing
</b></font></li> them often misleads us (and 80% of the time, a hacker could derive them
</ul>
<ul>
<li>the complete, exact output of<br>
<br>
<font color="#009900"><b>ip addr show<br>
<br>
</b></font></li>
</ul>
<ul>
<li>the complete, exact output of<br>
<br>
<font color="#009900"><b>ip route show<br>
<br>
</b></font></li>
</ul>
<ul>
<li>If your kernel is modularized, the exact output from<br>
<br>
<font color="#009900"><b>lsmod</b></font><br>
<br>
</li>
<li>the exact wording of any <code
style="color: green; font-weight: bold;">ping</code> failure responses.<br>
<br>
</li>
</ul>
</ul>
<ul>
<li><b>NEVER </b>include the output of "<b><font color="#009900">iptables
-L</font></b>". Instead, please post the exact output of<br>
<br>
<b><font color="#009900">/sbin/shorewall status<br>
<br>
</font></b>Since that command generates a lot of output, we suggest
that you redirect the output to a file and attach the file to your post<br>
<br>
<b><font color="#009900">/sbin/shorewall status &gt; /tmp/status.txt</font></b><br>
<br>
</li>
<li>As a general matter, please <strong>do not edit the diagnostic
information</strong> in an attempt to conceal your IP address, netmask,
nameserver addresses, domain name, etc. These aren't secrets, and concealing
them often misleads us (and 80% of the time, a hacker could derive them
anyway from information contained in the SMTP headers of your post).<strong></strong></li> anyway from information contained in the SMTP headers of your post).<strong></strong></li>
</ul> </ul>
<ul> <ul>
</ul>
<h3> </h3>
<ul>
</ul>
<h3> </h3>
<ul>
<li> Do you see any "Shorewall"
messages ("<b><font color="#009900">/sbin/shorewall show log</font></b>")
when you exercise the function that is giving you problems? If
so, include the message(s) in your post along with a copy of your /etc/shorewall/interfaces
file.<br>
<br>
</li>
<li>Please include any of the Shorewall configuration files (especially
the /etc/shorewall/hosts file if you have modified that file)
that you think are relevant. If you include /etc/shorewall/rules,
please include /etc/shorewall/policy as well (rules are meaningless unless
one also knows the policies). </li>
</ul>
<h3> </h3>
<ul>
</ul>
<h3> </h3>
<ul>
<li> If an error occurs when
you try to "<font color="#009900"><b>shorewall start</b></font>",
include a trace (See the <a href="troubleshoot.htm">Troubleshooting</a>
section for instructions). </li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>The list server limits posts to 120kb so don't post GIFs of
your network layout, etc. to the Mailing List -- your
post will be rejected.</b></h3>
</li>
</ul>
The author gratefully acknowleges that the above list was heavily plagiarized
from the excellent LEAF document by <i>Ray</i> <em>Olszewski</em> found
at <a
href="http://leaf-project.org/pub/doc/docmanager/docid_1891.html">http://leaf-project.org/pub/doc/docmanager/docid_1891.html</a>.<br>
<h2>Please post in plain text</h2>
<blockquote> </blockquote>
A growing number of MTAs serving list subscribers are rejecting all
HTML traffic. At least one MTA has gone so far as to blacklist shorewall.net
"for continuous abuse" because it has been my policy to allow HTML in
list posts!!<br>
<br>
I think that blocking all HTML is a Draconian way to control spam
and that the ultimate losers here are not the spammers but the list subscribers
whose MTAs are bouncing all shorewall.net mail. As one list subscriber
wrote to me privately "These e-mail admin's need to get a <i>(expletive
deleted)</i> life instead of trying to rid the planet of HTML based e-mail".
Nevertheless, to allow subscribers to receive list posts as must as possible,
I have now configured the list server at shorewall.net to strip all HTML
from outgoing posts.<br>
</ul>
<h3> </h3>
<ul>
</ul>
<h3> </h3>
<ul>
<li> Do you see any "Shorewall"
messages ("<b><font color="#009900">/sbin/shorewall show log</font></b>")
when you exercise the function that is giving you problems? If
so, include the message(s) in your post along with a copy of your /etc/shorewall/interfaces
file.<br>
<br>
</li>
<li>Please include any of the Shorewall configuration files
(especially the /etc/shorewall/hosts file if you have modified
that file) that you think are relevant. If you include /etc/shorewall/rules,
please include /etc/shorewall/policy as well (rules are meaningless unless
one also knows the policies). </li>
</ul>
<h3> </h3>
<ul>
</ul>
<h3> </h3>
<ul>
<li> If an error occurs when
you try to "<font color="#009900"><b>shorewall start</b></font>",
include a trace (See the <a href="troubleshoot.htm">Troubleshooting</a>
section for instructions). </li>
</ul>
<h3> </h3>
<ul>
<li>
<h3><b>The list server limits posts to 120kb so don't post GIFs of
your network layout, etc. to the Mailing List -- your
post will be rejected.</b></h3>
</li>
</ul>
The author gratefully acknowleges that the above list was heavily
plagiarized from the excellent LEAF document by <i>Ray</i> <em>Olszewski</em>
found at <a
href="http://leaf-project.org/pub/doc/docmanager/docid_1891.html">http://leaf-project.org/pub/doc/docmanager/docid_1891.html</a>.<br>
<h2>Please post in plain text</h2>
<blockquote> </blockquote>
A growing number of MTAs serving list subscribers are rejecting
all HTML traffic. At least one MTA has gone so far as to blacklist shorewall.net
"for continuous abuse" because it has been my policy to allow HTML in list
posts!!<br>
<br>
I think that blocking all HTML is a Draconian way to control
spam and that the ultimate losers here are not the spammers but the list
subscribers whose MTAs are bouncing all shorewall.net mail. As one list
subscriber wrote to me privately "These e-mail admin's need to get a <i>(expletive
deleted)</i> life instead of trying to rid the planet of HTML based e-mail".
Nevertheless, to allow subscribers to receive list posts as must as possible,
I have now configured the list server at shorewall.net to strip all HTML
from outgoing posts.<br>
<h2>Where to Send your Problem Report or to Ask for Help</h2> <h2>Where to Send your Problem Report or to Ask for Help</h2>
<blockquote> <blockquote>
<h4>If you run Shorewall under Bering -- <span <h4>If you run Shorewall under Bering -- <span
style="font-weight: 400;">please post your question or problem style="font-weight: 400;">please post your question or problem
to the <a href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing to the <a href="mailto:leaf-user@lists.sourceforge.net">LEAF Users
list</a>.</span></h4> mailing list</a>.</span></h4>
<b>If you run Shorewall under MandrakeSoft Multi Network Firewall <b>If you run Shorewall under MandrakeSoft Multi Network Firewall
(MNF) and you have not purchased an MNF license from MandrakeSoft then (MNF) and you have not purchased an MNF license from MandrakeSoft then
you can post non MNF-specific Shorewall questions to the </b><a you can post non MNF-specific Shorewall questions to the </b><a
href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing list.</a> href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing
<b>Do not expect to get free MNF support on the list.</b><br> list.</a> <b>Do not expect to get free MNF support on the list.</b><br>
<p>Otherwise, please post your question or problem to the <a <p>Otherwise, please post your question or problem to the <a
href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing list.</a></p> href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing
</blockquote> list.</a></p>
</blockquote>
<p>To Subscribe to the mailing list go to <a <p>To Subscribe to the mailing list go to <a
href="http://lists.shorewall.net/mailman/listinfo/shorewall-users">http://lists.shorewall.net/mailman/listinfo/shorewall-users</a> href="http://lists.shorewall.net/mailman/listinfo/shorewall-users">http://lists.shorewall.net/mailman/listinfo/shorewall-users</a>
.</p> .</p>
<p align="left"><font size="2">Last Updated 1/16/2002 - Tom Eastep</font></p> <p align="left"><font size="2">Last Updated 2/3/2003 - Tom Eastep</font></p>
<p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font <p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font
size="2">Copyright</font> © <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a></font><br> size="2">Copyright</font> © <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a></font><br>
</p> </p>
<br> <br>
<br> <br>
<br>
</body> </body>
</html> </html>