holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

1.3.11 release changes

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@347 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-12-04 00:02:25 +00:00
parent a237911ebc
commit 1ad262c7cb
14 changed files with 3739 additions and 3589 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
STABLE/INSTALL
View File

@ -24,8 +24,12 @@ o Unpack the tarball
o cd to the shorewall-<version> directory
o If you have an earlier version of Shoreline Firewall installed,see the
upgrade instructions below
o Edit the files policy, interfaces, rules, nat, proxyarp and masq to
fit your environment.
o Edit the configuration files to fit your environment.
To do this, I strongly advise you to follow the instructions at:
http://shorewall.sf.net/shorewall_quickstart_guide.htm
o If you are using Caldera, Redhat, Mandrake, Corel, Slackware, SuSE or
Debian, then type "./install.sh".
o For other distributions, determine where your distribution installs

1395
STABLE/documentation/FAQ.htm
View File

File diff suppressed because it is too large Load Diff

2724
STABLE/documentation/News.htm
View File

File diff suppressed because it is too large Load Diff

669
STABLE/documentation/download.htm
View File

@ -1,388 +1,401 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Download</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" bordercolor="#111111" width="100%"
id="AutoNumber1" bgcolor="#400169" height="90">
<tbody>
<tr>
<td width="100%">
<tbody>
<tr>
<td width="100%">
<h1 align="center"><font color="#ffffff">Shorewall Download</font></h1>
</td>
</tr>
</tbody>
</td>
</tr>
</tbody>
</table>
<p><b>I strongly urge you to read and print a copy of the <a
href="shorewall_quickstart_guide.htm">Shorewall QuickStart Guide</a>
for the configuration that most closely matches your own.</b></p>
href="shorewall_quickstart_guide.htm">Shorewall QuickStart Guide</a>
for the configuration that most closely matches your own.<br>
</b></p>
<p>The entire set of Shorewall documentation is also available in PDF format
at:</p>
<p>    <a href="ftp://slovakia.shorewall.net/mirror/shorewall/pdf/">ftp://slovakia.shorewall.net/mirror/shorewall/pdf/</a><br>
    <a href="http://slovakia.shorewall.net/pub/shorewall/pdf/">http://slovakia.shorewall.net/pub/shorewall/pdf/</a><br>
    <a href="rsync://slovakia.shorewall.net/shorewall/pdf/">rsync://slovakia.shorewall.net/shorewall/pdf/</a><br>
<br>
Once you've done that, download <u> one</u> of the modules:</p>
<p>Once you've done that, download <u> one</u> of the modules:</p>
<ul>
<li>If you run a <b>RedHat</b>, <b>SuSE, Mandrake</b>, <b>
Linux PPC</b> or <b> TurboLinux</b> distribution with a
2.4 kernel, you can use the RPM version (note: the RPM should
also work with other distributions that store init scripts
<li>If you run a <b>RedHat</b>, <b>SuSE, Mandrake</b>, <b>
Linux PPC</b> or <b> TurboLinux</b> distribution with
a 2.4 kernel, you can use the RPM version (note: the RPM
should also work with other distributions that store init scripts
in /etc/init.d and that include chkconfig or insserv). If you
find that it works in other cases, let <a
href="mailto:teastep@shorewall.net"> me</a> know so that
I can mention them here. See the <a href="Install.htm">Installation Instructions</a>
if you have problems installing the RPM.</li>
<li>If you are running LRP, download the .lrp file (you might
also want to download the .tgz so you will have a copy of the documentation).</li>
<li>If you run <a href="http://www.debian.org"><b>Debian</b></a>
and would like a .deb package, Shorewall is in both the <a
href="http://packages.debian.org/testing/net/shorewall.html">Debian
Testing Branch</a> and the <a
href="http://packages.debian.org/unstable/net/shorewall.html">Debian
Unstable Branch</a>.</li>
<li>Otherwise, download the <i>shorewall</i> module
(.tgz)</li>
</ul>
<p>The documentation in HTML format is included in the .tgz and .rpm files
and there is an documentation .deb that also contains the documentation.</p>
href="mailto:teastep@shorewall.net"> me</a> know so that
I can mention them here. See the <a href="Install.htm">Installation Instructions</a>
if you have problems installing the RPM.</li>
<li>If you are running LRP, download the .lrp file (you might
also want to download the .tgz so you will have a copy of the documentation).</li>
<li>If you run <a href="http://www.debian.org"><b>Debian</b></a>
and would like a .deb package, Shorewall is in both the <a
href="http://packages.debian.org/testing/net/shorewall.html">Debian Testing
Branch</a> and the <a
href="http://packages.debian.org/unstable/net/shorewall.html">Debian
Unstable Branch</a>.</li>
<li>Otherwise, download the <i>shorewall</i> module
(.tgz)</li>
</ul>
<p>The documentation in HTML format is included in the .tgz and .rpm files
and there is an documentation .deb that also contains the documentation.</p>
<p>Please verify the version that you have downloaded -- during the
release of a new version of Shorewall, the links below may point
to a newer or an older version than is shown below.</p>
<p>Please verify the version that you have downloaded -- during the
release of a new version of Shorewall, the links below may point
to a newer or an older version than is shown below.</p>
<ul>
<li>RPM - "rpm -qip LATEST.rpm"</li>
<li>TARBALL - "tar -ztf LATEST.tgz" (the directory name will
contain the version)</li>
<li>LRP - "mkdir Shorewall.lrp; cd Shorewall.lrp; tar -zxf
&lt;downloaded .lrp&gt;; cat var/lib/lrpkg/shorwall.version" </li>
</ul>
<li>RPM - "rpm -qip LATEST.rpm"</li>
<li>TARBALL - "tar -ztf LATEST.tgz" (the directory name
will contain the version)</li>
<li>LRP - "mkdir Shorewall.lrp; cd Shorewall.lrp; tar -zxf
&lt;downloaded .lrp&gt;; cat var/lib/lrpkg/shorwall.version" </li>
<p><font face="Arial">Once you have verified the version, check the
</font><font color="#ff0000" face="Arial"> <a href="errata.htm"> errata</a></font><font
face="Arial"> to see if there are updates that apply to the version
that you have downloaded.</font></p>
<p><font color="#ff0000" face="Arial"><b>WARNING - YOU CAN <u>NOT</u> SIMPLY
INSTALL THE RPM AND ISSUE A "shorewall start" COMMAND. SOME CONFIGURATION
IS REQUIRED BEFORE THE FIREWALL WILL START. Once you have completed
configuration of your firewall, you can enable startup by removing the
</ul>
<p><font face="Arial">Once you have verified the version, check the
</font><font color="#ff0000" face="Arial"> <a href="errata.htm"> errata</a></font><font
face="Arial"> to see if there are updates that apply to the version
that you have downloaded.</font></p>
<p><font color="#ff0000" face="Arial"><b>WARNING - YOU CAN <u>NOT</u> SIMPLY
INSTALL THE RPM AND ISSUE A "shorewall start" COMMAND. SOME CONFIGURATION
IS REQUIRED BEFORE THE FIREWALL WILL START. Once you have completed
configuration of your firewall, you can enable startup by removing the
file /etc/shorewall/startup_disabled.</b></font></p>
<p><b>Download Latest Version</b> (<b>1.3.10</b>): <b>Remember that updates
to the mirrors occur 1-12 hours after an update to the primary site.</b></p>
<blockquote>
<p><b>Download Latest Version</b> (<b>1.3.11a</b>): <b>Remember that updates
to the mirrors occur 1-12 hours after an update to the primary site.</b></p>
<blockquote>
<table border="2" cellspacing="3" cellpadding="3"
style="border-collapse: collapse;">
<tbody>
<tr>
<td><b>SERVER LOCATION</b></td>
<td><b>DOMAIN</b></td>
<td><b>HTTP</b></td>
<td><b>FTP</b></td>
</tr>
<tr>
<td valign="top">SourceForge<br>
</td>
<td valign="top">sf.net<br>
</td>
<td valign="top"><a
<tbody>
<tr>
<td><b>SERVER LOCATION</b></td>
<td><b>DOMAIN</b></td>
<td><b>HTTP</b></td>
<td><b>FTP</b></td>
</tr>
<tr>
<td valign="top">SourceForge<br>
</td>
<td valign="top">sf.net<br>
</td>
<td valign="top"><a
href="http://sourceforge.net/project/showfiles.php?group_id=22587">Download</a><br>
</td>
<td valign="top"><br>
</td>
</tr>
<tr>
<td>Slovak Republic</td>
<td>Shorewall.net</td>
<td><a
</td>
<td valign="top"><br>
</td>
</tr>
<tr>
<td>Slovak Republic</td>
<td>Shorewall.net</td>
<td><a
href="http://slovakia.shorewall.net/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
<a
href="http://slovakia.shorewall.net/pub/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a
href="http://slovakia.shorewall.net/pub/shorewall/LATEST.lrp">Download
.lrp</a><br>
<a
href="http://slovakia.shorewall.net/pub/shorewall/LATEST.md5sums">
Download.md5sums</a></td>
<td> <a target="_blank"
href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.rpm">Download
.rpm</a>  <br>
<a target="_blank"
href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.lrp">Download
.rpm</a><br>
<a
href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.md5sums">
Download.md5sums</a></td>
</tr>
<tr>
<td>Texas, USA</td>
<td>Infohiiway.com</td>
<td><a
href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.rpm">Download
.rpm</a><br>
<a
href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a
href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.lrp">Download
.lrp</a><br>
<a
href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.md5sums">
Download.md5sums</a></td>
<td> <a target="_blank"
<a
href="http://slovakia.shorewall.net/pub/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a
href="http://slovakia.shorewall.net/pub/shorewall/LATEST.lrp">Download
.lrp</a><br>
<a
href="http://slovakia.shorewall.net/pub/shorewall/LATEST.md5sums">
Download.md5sums</a></td>
<td> <a target="_blank"
href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.rpm">Download
.rpm</a>  <br>
<a target="_blank"
href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.lrp">Download
.rpm</a><br>
<a
href="ftp://slovakia.shorewall.net/mirror/shorewall/LATEST.md5sums">
Download.md5sums</a></td>
</tr>
<tr>
<td>Texas, USA</td>
<td>Infohiiway.com</td>
<td><a
href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.rpm">Download
.rpm</a><br>
<a
href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a
href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.lrp">Download
.lrp</a><br>
<a
href="http://shorewall.infohiiway.com/pub/shorewall/LATEST.md5sums">
Download.md5sums</a></td>
<td> <a target="_blank"
href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.rpm">Download .rpm</a>  <br>
<a target="_blank"
href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.lrp"> Download
.lrp</a><br>
<a
href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.md5sums">
Download.md5sums</a></td>
</tr>
<tr>
<td>Hamburg, Germany</td>
<td>Shorewall.net</td>
<td><a
href="http://germany.shorewall.net/pub/shorewall/LATEST.rpm"> Download
.rpm</a><br>
<a
href="http://germany.shorewall.net/pub/shorewall/LATEST.tgz">Download
.tgz</a><br>
<a
href="http://germany.shorewall.net/pub/shorewall/LATEST.lrp">Download
<a target="_blank"
href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.lrp"> Download
.lrp</a><br>
<a
href="http://germany.shorewall.net/pub/shorewall/LATEST.md5sums">
Download.md5sums</a></td>
<td> <a target="_blank"
href="ftp://germany.shorewall.net/pub/shorewall/LATEST.rpm"> Download
.rpm</a>  <br>
<a target="_blank"
href="ftp://germany.shorewall.net/pub/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="ftp://germany.shorewall.net/pub/shorewall/LATEST.lrp">Download
.lrp</a><br>
<a target="_blank"
href="ftp://germany.shorewall.net/pub/shorewall/LATEST.md5sums">Download
.md5sums</a></td>
</tr>
<tr>
<td>Martinez (Zona Norte - GBA), Argentina</td>
<td>Correofuego.com.ar</td>
<td> <a target="_blank"
href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download
.rpm</a>  <br>
<a target="_blank"
href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp">
Download .lrp</a><br>
<a target="_blank"
href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.md5sums">Download
.md5sums</a></td>
<td> <a target="_blank"
href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download
.rpm</a>  <br>
<a target="_blank"
href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp">
Download .lrp</a><br>
<a target="_blank"
href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.md5sums">Download
.md5sums</a></td>
</tr>
<tr>
<td>Paris, France</td>
<td>Shorewall.net</td>
<td><a href="http://france.shorewall.net/pub/LATEST.rpm">Download
.rpm</a><br>
<a href="http://france.shorewall.net/pub/LATEST.tgz">Download
.tgz</a> <br>
<a href="http://france.shorewall.net/pub/LATEST.lrp">Download
.lrp</a><br>
<a href="http://france.shorewall.net/pub/LATEST.md5sums">Download
.md5sums</a></td>
<td> <a target="_blank"
href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.rpm">Download
.rpm</a>  <br>
<a target="_blank"
href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.lrp">Download
.lrp</a><br>
<a target="_blank"
href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.md5sums">Download
.md5sums</a></td>
</tr>
<tr>
<td valign="middle">Washington State, USA<br>
</td>
<td valign="middle">Shorewall.net<br>
</td>
<td valign="top"><a
href="http://www.shorewall.net/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
<a
href="http://www.shorewall.net/pub/shorewall/LATEST.tgz">Download
<a
href="ftp://ftp.infohiiway.com/pub/shorewall/LATEST.md5sums">
Download.md5sums</a></td>
</tr>
<tr>
<td>Hamburg, Germany</td>
<td>Shorewall.net</td>
<td><a
href="http://germany.shorewall.net/pub/shorewall/LATEST.rpm"> Download
.rpm</a><br>
<a
href="http://germany.shorewall.net/pub/shorewall/LATEST.tgz">Download
.tgz</a><br>
<a
href="http://germany.shorewall.net/pub/shorewall/LATEST.lrp">Download
.lrp</a><br>
<a
href="http://germany.shorewall.net/pub/shorewall/LATEST.md5sums">
Download.md5sums</a></td>
<td> <a target="_blank"
href="ftp://germany.shorewall.net/pub/shorewall/LATEST.rpm"> Download
.rpm</a>  <br>
<a target="_blank"
href="ftp://germany.shorewall.net/pub/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a
href="http://www.shorewall.net/pub/shorewall/LATEST.lrp">Download
<a target="_blank"
href="ftp://germany.shorewall.net/pub/shorewall/LATEST.lrp">Download
.lrp</a><br>
<a
href="http://www.shorewall.net/pub/shorewall/LATEST.md5sums">Download
.md5sums</a><br>
</td>
<td valign="top"><a
href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.rpm" target="_blank">
Download .rpm</a> <br>
<a
href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.tgz" target="_blank">Download
.tgz</a> <br>
<a
href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.lrp" target="_blank">Download
.lrp</a><br>
<a target="_blank"
href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.md5sums">Download
.md5sums</a><br>
</td>
</tr>
</tbody>
<a target="_blank"
href="ftp://germany.shorewall.net/pub/shorewall/LATEST.md5sums">Download
.md5sums</a></td>
</tr>
<tr>
<td>Martinez (Zona Norte - GBA), Argentina</td>
<td>Correofuego.com.ar</td>
<td> <a target="_blank"
href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download
.rpm</a>  <br>
<a target="_blank"
href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp">
Download .lrp</a><br>
<a target="_blank"
href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.md5sums">Download
.md5sums</a></td>
<td> <a target="_blank"
href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.rpm">Download
.rpm</a>  <br>
<a target="_blank"
href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.lrp">
Download .lrp</a><br>
<a target="_blank"
href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall/LATEST.md5sums">Download
.md5sums</a></td>
</tr>
<tr>
<td>Paris, France</td>
<td>Shorewall.net</td>
<td><a
href="http://france.shorewall.net/pub/LATEST.rpm">Download .rpm</a><br>
<a href="http://france.shorewall.net/pub/LATEST.tgz">Download
.tgz</a> <br>
<a href="http://france.shorewall.net/pub/LATEST.lrp">Download
.lrp</a><br>
<a
href="http://france.shorewall.net/pub/LATEST.md5sums">Download
.md5sums</a></td>
<td> <a target="_blank"
href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.rpm">Download
.rpm</a>  <br>
<a target="_blank"
href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a target="_blank"
href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.lrp">Download
.lrp</a><br>
<a target="_blank"
href="ftp://france.shorewall.net/pub/mirrors/shorewall/LATEST.md5sums">Download
.md5sums</a></td>
</tr>
<tr>
<td valign="middle">Washington State, USA<br>
</td>
<td valign="middle">Shorewall.net<br>
</td>
<td valign="top"><a
href="http://www.shorewall.net/pub/shorewall/LATEST.rpm">Download .rpm</a><br>
<a
href="http://www.shorewall.net/pub/shorewall/LATEST.tgz">Download
.tgz</a> <br>
<a
href="http://www.shorewall.net/pub/shorewall/LATEST.lrp">Download
.lrp</a><br>
<a
href="http://www.shorewall.net/pub/shorewall/LATEST.md5sums">Download
.md5sums</a><br>
</td>
<td valign="top"><a
href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.rpm" target="_blank">
Download .rpm</a> <br>
<a
href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.tgz" target="_blank">Download
.tgz</a> <br>
<a
href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.lrp" target="_blank">Download
.lrp</a><br>
<a target="_blank"
href="ftp://ftp.shorewall.net/pub/shorewall/LATEST.md5sums">Download
.md5sums</a><br>
</td>
</tr>
</tbody>
</table>
</blockquote>
</blockquote>
<p align="left"><b>Documentation in PDF format:</b><br>
</p>
<blockquote>
<p>Juraj Ontkanin has produced a Portable Document Format (PDF) file containing
the Shorewall 1.3.10 documenation (the documentation in HTML format is included
in the .rpm and in the .tgz). The .pdf may be downloaded from</p>
</blockquote>
<blockquote>
</p>
<blockquote>
<p>Juraj Ontkanin has produced a Portable Document Format (PDF) file containing
the Shorewall 1.3.10 documenation (the documentation in HTML format is included
in the .rpm and in the .tgz). The .pdf may be downloaded from</p>
</blockquote>
<blockquote>
<blockquote><a
href="ftp://slovakia.shorewall.net/mirror/shorewall/pdf/"
target="_self">ftp://slovakia.shorewall.net/mirror/shorewall/pdf/</a><a
href="http://slovakia.shorewall.net/pub/shorewall/pdf/"><br>
http://slovakia.shorewall.net/pub/shorewall/pdf/</a><br>
</blockquote>
</blockquote>
http://slovakia.shorewall.net/pub/shorewall/pdf/</a><br>
</blockquote>
</blockquote>
<p><b>Browse Download Sites:</b></p>
<blockquote>
<blockquote>
<table border="2" cellpadding="2" style="border-collapse: collapse;">
<tbody>
<tr>
<td><b>SERVER LOCATION</b></td>
<td><b>DOMAIN</b></td>
<td><b>HTTP</b></td>
<td><b>FTP</b></td>
</tr>
<tr>
<td>SourceForge<br>
</td>
<td>sf.net</td>
<td><a
<tbody>
<tr>
<td><b>SERVER LOCATION</b></td>
<td><b>DOMAIN</b></td>
<td><b>HTTP</b></td>
<td><b>FTP</b></td>
</tr>
<tr>
<td>SourceForge<br>
</td>
<td>sf.net</td>
<td><a
href="http://sourceforge.net/project/showfiles.php?group_id=22587">Browse</a></td>
<td>N/A</td>
</tr>
<tr>
<td>Slovak Republic</td>
<td>Shorewall.net</td>
<td><a
<td>N/A</td>
</tr>
<tr>
<td>Slovak Republic</td>
<td>Shorewall.net</td>
<td><a
href="http://slovakia.shorewall.net/pub/shorewall/">Browse</a></td>
<td> <a target="_blank"
<td> <a target="_blank"
href="ftp://slovakia.shorewall.net/mirror/shorewall/">Browse</a></td>
</tr>
<tr>
<td>Texas, USA</td>
<td>Infohiiway.com</td>
<td><a
</tr>
<tr>
<td>Texas, USA</td>
<td>Infohiiway.com</td>
<td><a
href="http://shorewall.infohiiway.com/pub/shorewall">Browse</a></td>
<td><a target="_blank"
<td><a target="_blank"
href="ftp://ftp.infohiiway.com/pub/shorewall/">Browse</a></td>
</tr>
<tr>
<td>Hamburg, Germany</td>
<td>Shorewall.net</td>
<td><a href="http://germany.shorewall.net/pub/shorewall/">Browse</a></td>
<td><a target="_blank"
</tr>
<tr>
<td>Hamburg, Germany</td>
<td>Shorewall.net</td>
<td><a
href="http://germany.shorewall.net/pub/shorewall/">Browse</a></td>
<td><a target="_blank"
href="ftp://germany.shorewall.net/pub/shorewall">Browse</a></td>
</tr>
<tr>
<td>Martinez (Zona Norte - GBA), Argentina</td>
<td>Correofuego.com.ar</td>
<td><a
</tr>
<tr>
<td>Martinez (Zona Norte - GBA), Argentina</td>
<td>Correofuego.com.ar</td>
<td><a
href="http://shorewall.correofuego.com.ar/pub/mirrors/shorewall">Browse</a></td>
<td> <a target="_blank"
<td> <a target="_blank"
href="ftp://shorewall.correofuego.com.ar/pub/mirrors/shorewall"> Browse</a></td>
</tr>
<tr>
<td>France</td>
<td>Shorewall.net</td>
<td><a
</tr>
<tr>
<td>France</td>
<td>Shorewall.net</td>
<td><a
href="http://france.shorewall.net/pub/shorewall/LATEST.lrp">Browse</a></td>
<td> <a target="_blank"
<td> <a target="_blank"
href="ftp://france.shorewall.net/pub/mirrors/shorewall/">Browse</a></td>
</tr>
<tr>
<td>Washington State, USA</td>
<td>Shorewall.net</td>
<td><a href="http://www.shorewall.net/pub/shorewall/">Browse</a></td>
<td><a href="ftp://ftp.shorewall.net/pub/shorewall/"
</tr>
<tr>
<td>Washington State, USA</td>
<td>Shorewall.net</td>
<td><a href="http://www.shorewall.net/pub/shorewall/">Browse</a></td>
<td><a href="ftp://ftp.shorewall.net/pub/shorewall/"
target="_blank">Browse</a></td>
</tr>
</tbody>
</tr>
</tbody>
</table>
</blockquote>
</blockquote>
<p align="left"><b>CVS:</b></p>
<blockquote>
<blockquote>
<p align="left">The <a target="_top"
href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS repository at
cvs.shorewall.net</a> contains the latest snapshots of the each Shorewall
component. There's no guarantee that what you find there will work at
all.<br>
</p>
</blockquote>
<p align="left"><b></b><font size="2">Last Updated 11/11/2002 - <a
href="http://www.shorewall.net/cgi-bin/cvs/cvsweb.cgi">CVS repository at
cvs.shorewall.net</a> contains the latest snapshots of the each Shorewall
component. There's no guarantee that what you find there will work at
all.<br>
</p>
</blockquote>
<p align="left"><font size="2">Last Updated 12/3/2002 - <a
href="support.htm">Tom Eastep</a></font></p>
<p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
© <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
<p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
© <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font></p>
<br>
<br>
<br>
<br>
<br>
<br>
<br>

948
STABLE/documentation/errata.htm
View File

File diff suppressed because it is too large Load Diff

587
STABLE/documentation/seattlefirewall_index.htm
View File

@ -4,73 +4,75 @@
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title>Shoreline Firewall (Shorewall) 1.3</title>
<base target="_self">
<base target="_self">
</head>
<body>
<table border="0" cellpadding="0" cellspacing="4"
style="border-collapse: collapse;" width="100%" id="AutoNumber3"
bgcolor="#4b017c">
<tbody>
<tr>
<td
width="100%" height="90">
<tbody>
<tr>
<td
width="100%" height="90">
<h1 align="center"> <font size="4"><i> <a
href="http://www.cityofshoreline.com"> <img vspace="4" hspace="4"
alt="Shorwall Logo" height="70" width="85" align="left"
src="images/washington.jpg" border="0">
</a></i></font><font
color="#ffffff">Shorewall 1.3 - <font size="4">"<i>iptables
made easy"</i></font></font></h1>
</a></i></font><font
color="#ffffff">Shorewall 1.3 - <font size="4">"<i>iptables
made easy"</i></font></font></h1>
<div align="center"><a
href="http://shorewall.sf.net/1.2/index.html" target="_top"><font
color="#ffffff">Shorewall 1.2 Site here</font></a><br>
</div>
<br>
</td>
</tr>
</div>
<br>
</td>
</tr>
</tbody>
</tbody>
</table>
<div align="center">
<center>
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" width="100%" id="AutoNumber4">
<tbody>
<tr>
<td
width="90%">
<tbody>
<tr>
<td
width="90%">
<h2 align="left">What is it?</h2>
@ -78,41 +80,41 @@
<p>The Shoreline Firewall, more commonly known as "Shorewall", is a
<a href="http://www.netfilter.org">Netfilter</a> (iptables) based firewall
that can be used on a dedicated firewall system, a multi-function
gateway/router/server or on a standalone GNU/Linux system.</p>
<p>The Shoreline Firewall, more commonly known as "Shorewall", is
a <a href="http://www.netfilter.org">Netfilter</a> (iptables) based
firewall that can be used on a dedicated firewall system, a multi-function
gateway/router/server or on a standalone GNU/Linux system.</p>
<p>This program is free software; you can redistribute it and/or modify
it under the terms of <a
href="http://www.gnu.org/licenses/gpl.html">Version 2 of the GNU General
Public License</a> as published by the Free Software Foundation.<br>
<br>
This program
is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty
of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.<br>
<br>
You should
have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
USA</p>
<p>This program is free software; you can redistribute it and/or modify
it under the terms of <a
href="http://www.gnu.org/licenses/gpl.html">Version 2 of the GNU
General Public License</a> as published by the Free Software Foundation.<br>
<br>
This program
is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty
of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.<br>
<br>
You should
have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
USA</p>
<p><a href="copyright.htm">Copyright 2001, 2002 Thomas M. Eastep</a></p>
@ -120,23 +122,24 @@ Public License</a> as published by the Free Software Foundation.<br>
<p> <a href="http://leaf.sourceforge.net" target="_top"><img
border="0" src="images/leaflogo.gif" width="49" height="36">
</a>Jacques
Nilo and Eric Wolzak have a LEAF (router/firewall/gateway
on a floppy, CD or compact flash) distribution called
</a>Jacques
Nilo and Eric Wolzak have a LEAF (router/firewall/gateway
on a floppy, CD or compact flash) distribution called
<i>Bering</i> that features Shorewall-1.3.10 and Kernel-2.4.18.
You can find their work at: <a
You can find their work at: <a
href="http://leaf.sourceforge.net/devel/jnilo"> http://leaf.sourceforge.net/devel/jnilo<br>
</a></p>
<p><b>Congratulations to Jacques and Eric on the recent release of Bering
1.0 Final!!! </b><br>
</p>
<h2>This is a mirror of the main Shorewall web site at SourceForge (<a
href="http://shorewall.sf.net" target="_top">http://shorewall.sf.net</a>)</h2>
</a></p>
<p><b>Congratulations to Jacques and Eric on the recent release of
Bering 1.0 Final!!! </b><br>
</p>
<h2>This is a mirror of the main Shorewall web site at SourceForge
(<a href="http://shorewall.sf.net" target="_top">http://shorewall.sf.net</a>)</h2>
@ -145,7 +148,8 @@ Public License</a> as published by the Free Software Foundation.<br>
<h2>News</h2>
@ -153,259 +157,286 @@ Public License</a> as published by the Free Software Foundation.<br>
<h2></h2>
<p><b>11/24/2002 - Shorewall 1.3.11</b><b> </b><b><img border="0"
<p><b>12/3/2002 - Shorewall 1.3.11a </b><b><img border="0"
src="images/new10.gif" width="28" height="12" alt="(New)">
</b></p>
</b></p>
<p>In this version:</p>
<p>This is a bug-fix roll up which includes Roger Aich's fix for DNAT
with excluded subnets (e.g., "DNAT foo!bar ..."). Current 1.3.11 users who
don't need rules of this type need not upgrade to 1.3.11.</p>
<ul>
<li>A 'tcpflags' option has been added to entries in <a
href="file:///home/teastep/Shorewall-docs/Documentation.htm#Interfaces">/etc/shorewall/interfaces</a>.
This option causes Shorewall to make a set of sanity check on TCP packet
header flags.</li>
<li>It is now allowed to use 'all' in the SOURCE or DEST column in
a <a href="file:///home/teastep/Shorewall-docs/Documentation.htm#Rules">rule</a>.
When used, 'all' must appear by itself (in may not be qualified) and it does
not enable intra-zone traffic. For example, the rule <br>
<br>
    ACCEPT loc all tcp 80<br>
<br>
does not enable http traffic from 'loc' to 'loc'.</li>
<li>Shorewall's use of the 'echo' command is now compatible with
bash clones such as ash and dash.</li>
<li>fw-&gt;fw policies now generate a startup error. fw-&gt;fw rules
generate a warning and are ignored</li>
</ul>
<p><b>11/14/2002 - Shorewall Documentation in PDF Format</b><b>
</b></p>
<p>Juraj Ontkanin has produced a PDF containing the Shorewall 1.3.10
documenation. the PDF may be downloaded from</p>
<p><b>11/25/2002 - Shorewall 1.3.11 Documentation in PDF Format</b><b>
</b></p>
<p>Juraj Ontkanin has produced a PDF containing the Shorewall 1.3.11
documenation. the PDF may be downloaded from</p>
<p>    <a
href="ftp://slovakia.shorewall.net/mirror/shorewall/pdf/" target="_top">ftp://slovakia.shorewall.net/mirror/shorewall/pdf/</a><br>
    <a href="http://slovakia.shorewall.net/pub/shorewall/pdf/">http://slovakia.shorewall.net/pub/shorewall/pdf/</a><br>
</p>
<p><b>11/09/2002 - Shorewall is Back at SourceForge</b><b>
</b></p>
    <a href="http://slovakia.shorewall.net/pub/shorewall/pdf/">http://slovakia.shorewall.net/pub/shorewall/pdf/</a><br>
</p>
<p><b>11/24/2002 - Shorewall 1.3.11</b><b> </b><b>
</b></p>
<p>In this version:</p>
<ul>
<li>A 'tcpflags' option has been added to entries in <a
href="Documentation.htm#Interfaces">/etc/shorewall/interfaces</a>. This
option causes Shorewall to make a set of sanity check on TCP packet header
flags.</li>
<li>It is now allowed to use 'all' in the SOURCE or DEST column
in a <a href="Documentation.htm#Rules">rule</a>. When used, 'all' must
appear by itself (in may not be qualified) and it does not enable intra-zone
traffic. For example, the rule <br>
<br>
    ACCEPT loc all tcp 80<br>
<br>
does not enable http traffic from 'loc' to 'loc'.</li>
<li>Shorewall's use of the 'echo' command is now compatible with
bash clones such as ash and dash.</li>
<li>fw-&gt;fw policies now generate a startup error. fw-&gt;fw
rules generate a warning and are ignored</li>
</ul>
<p><b>11/14/2002 - Shorewall Documentation in PDF Format</b><b>
</b></p>
<p>Juraj Ontkanin has produced a PDF containing the Shorewall 1.3.10
documenation. the PDF may be downloaded from</p>
<p>    <a
href="ftp://slovakia.shorewall.net/mirror/shorewall/pdf/" target="_top">ftp://slovakia.shorewall.net/mirror/shorewall/pdf/</a><br>
    <a href="http://slovakia.shorewall.net/pub/shorewall/pdf/">http://slovakia.shorewall.net/pub/shorewall/pdf/</a><br>
</p>
<p><b>11/09/2002 - Shorewall is Back at SourceForge</b><b>
</b></p>
<p>The main Shorewall web site is now back at SourceForge at <a
href="http://shorewall.sf.net" target="_top">http://shorewall.sf.net</a>.<br>
</p>
<p><b>11/09/2002 - Shorewall 1.3.10</b><b>
</b></p>
</p>
<p><b>11/09/2002 - Shorewall 1.3.10</b><b>
</b></p>
<p>In this version:</p>
<ul>
<li>You may now <a href="IPSEC.htm#Dynamic">define the
contents of a zone dynamically</a> with the <a
href="starting_and_stopping_shorewall.htm">"shorewall add" and "shorewall
delete" commands</a>. These commands are expected to be used primarily
within <a href="http://www.xs4all.nl/%7Efreeswan/">FreeS/Wan</a>
updown scripts.</li>
<li>Shorewall can now do<a
href="MAC_Validation.html"> MAC verification</a> on ethernet segments.
You can specify the set of allowed MAC addresses on the segment and
you can optionally tie each MAC address to one or more IP addresses.</li>
<li>PPTP Servers and Clients running on the firewall
system may now be defined in the<a href="PPTP.htm"> /etc/shorewall/tunnels</a>
file.</li>
<li>A new 'ipsecnat' tunnel type is supported for use
when the <a href="IPSEC.htm">remote IPSEC endpoint is behind
a NAT gateway</a>.</li>
<li>The PATH used by Shorewall may now be specified in
<a href="Documentation.htm#Conf">/etc/shorewall/shorewall.conf.</a></li>
<li>The main firewall script is now /usr/lib/shorewall/firewall.
The script in /etc/init.d/shorewall is very small and uses /sbin/shorewall
to do the real work. This change makes custom distributions such as
for Debian and for Gentoo easier to manage since it is /etc/init.d/shorewall
that tends to have distribution-dependent code.</li>
<li>You may now <a href="IPSEC.htm#Dynamic">define
the contents of a zone dynamically</a> with the <a
href="starting_and_stopping_shorewall.htm">"shorewall add" and "shorewall
delete" commands</a>. These commands are expected to be used primarily
within <a href="http://www.xs4all.nl/%7Efreeswan/">FreeS/Wan</a>
updown scripts.</li>
<li>Shorewall can now do<a
href="MAC_Validation.html"> MAC verification</a> on ethernet segments.
You can specify the set of allowed MAC addresses on the segment and
you can optionally tie each MAC address to one or more IP addresses.</li>
<li>PPTP Servers and Clients running on the firewall
system may now be defined in the<a href="PPTP.htm"> /etc/shorewall/tunnels</a>
file.</li>
<li>A new 'ipsecnat' tunnel type is supported for
use when the <a href="IPSEC.htm">remote IPSEC endpoint is
behind a NAT gateway</a>.</li>
<li>The PATH used by Shorewall may now be specified
in <a href="Documentation.htm#Conf">/etc/shorewall/shorewall.conf.</a></li>
<li>The main firewall script is now /usr/lib/shorewall/firewall.
The script in /etc/init.d/shorewall is very small and uses /sbin/shorewall
to do the real work. This change makes custom distributions such as
for Debian and for Gentoo easier to manage since it is /etc/init.d/shorewall
that tends to have distribution-dependent code.</li>
</ul>
If you have installed the 1.3.10 Beta 1 RPM and are now upgrading
to version 1.3.10, you will need to use the '--force' option:<br>
<blockquote>
<pre>rpm -Uvh --force shorewall-1.3.10-1.noarch.rpm</pre>
</blockquote>
</ul>
If you have installed the 1.3.10 Beta 1 RPM and are now upgrading
to version 1.3.10, you will need to use the '--force' option:<br>
<blockquote>
<pre>rpm -Uvh --force shorewall-1.3.10-1.noarch.rpm</pre>
</blockquote>
<p><b>10/24/2002 - Shorewall is now in Gentoo Linux</b><a
href="http://www.gentoo.org"><br>
</a></p>
Alexandru Hartmann reports that his Shorewall package
is now a part of <a href="http://www.gentoo.org">the Gentoo
</a></p>
Alexandru Hartmann reports that his Shorewall package
is now a part of <a href="http://www.gentoo.org">the Gentoo
Linux distribution</a>. Thanks Alex!<br>
<p><b>10/23/2002 - Shorewall 1.3.10 Beta 1</b><b> </b></p>
In this version:<br>
In this version:<br>
<ul>
<li>You may now <a href="IPSEC.htm#Dynamic">define
the contents of a zone dynamically</a> with the <a
href="starting_and_stopping_shorewall.htm">"shorewall add" and "shorewall
delete" commands</a>. These commands are expected to be used primarily
within <a href="http://www.xs4all.nl/%7Efreeswan/">FreeS/Wan</a>
updown scripts.</li>
<li>Shorewall can now do<a
href="MAC_Validation.html"> MAC verification</a> on ethernet segments.
You can specify the set of allowed MAC addresses on the segment and
you can optionally tie each MAC address to one or more IP addresses.</li>
<li>PPTP Servers and Clients running on the
firewall system may now be defined in the<a href="PPTP.htm"> /etc/shorewall/tunnels</a>
file.</li>
<li>A new 'ipsecnat' tunnel type is supported
for use when the <a href="IPSEC.htm">remote IPSEC endpoint
is behind a NAT gateway</a>.</li>
<li>The PATH used by Shorewall may now be specified
in <a href="Documentation.htm#Conf">/etc/shorewall/shorewall.conf.</a></li>
<li>The main firewall script is now /usr/lib/shorewall/firewall.
The script in /etc/init.d/shorewall is very small and uses /sbin/shorewall
to do the real work. This change makes custom distributions such
as for Debian and for Gentoo easier to manage since it is /etc/init.d/shorewall
that tends to have distribution-dependent code.</li>
<li>You may now <a
href="IPSEC.htm#Dynamic">define the contents of a zone dynamically</a>
with the <a href="starting_and_stopping_shorewall.htm">"shorewall add" and
"shorewall delete" commands</a>. These commands are expected
to be used primarily within <a
href="http://www.xs4all.nl/%7Efreeswan/">FreeS/Wan</a> updown
scripts.</li>
<li>Shorewall can now do<a
href="MAC_Validation.html"> MAC verification</a> on ethernet segments.
You can specify the set of allowed MAC addresses on the segment
and you can optionally tie each MAC address to one or more IP addresses.</li>
<li>PPTP Servers and Clients running on the
firewall system may now be defined in the<a href="PPTP.htm"> /etc/shorewall/tunnels</a>
file.</li>
<li>A new 'ipsecnat' tunnel type is supported
for use when the <a href="IPSEC.htm">remote IPSEC endpoint
is behind a NAT gateway</a>.</li>
<li>The PATH used by Shorewall may now be
specified in <a href="Documentation.htm#Conf">/etc/shorewall/shorewall.conf.</a></li>
<li>The main firewall script is now /usr/lib/shorewall/firewall.
The script in /etc/init.d/shorewall is very small and uses /sbin/shorewall
to do the real work. This change makes custom distributions such
as for Debian and for Gentoo easier to manage since it is /etc/init.d/shorewall
that tends to have distribution-dependent code.</li>
</ul>
You may download the Beta from:<br>
You may download the Beta from:<br>
<ul>
<li><a
<li><a
href="http://www.shorewall.net/pub/shorewall/Beta">http://www.shorewall.net/pub/shorewall/Beta</a></li>
<li><a
<li><a
href="ftp://ftp.shorewall.net/pub/shorewall/Beta" target="_top">ftp://ftp.shorewall.net/pub/shorewall/Beta</a><br>
</li>
</li>
</ul>
<p><b>10/10/2002 -  Debian 1.3.9b Packages Available </b><b>
</b><br>
</p>
<p><b>10/10/2002 -  Debian 1.3.9b Packages Available </b><b>
</b><br>
</p>
<p>Apt-get sources listed at <a
href="http://security.dsi.unimi.it/%7Elorenzo/debian.html">http://security.dsi.unimi.it/~lorenzo/debian.html.</a></p>
<p><b>10/9/2002 - Shorewall 1.3.9b </b><b><img border="0"
src="images/new10.gif" width="28" height="12" alt="(New)">
</b></p>
This release rolls up fixes to the installer
and to the firewall script.<br>
<b><br>
10/6/2002 - Shorewall.net now running on RH8.0
</b><b><img border="0" src="images/new10.gif" width="28"
</b></p>
This release rolls up fixes to the installer
and to the firewall script.<br>
<b><br>
10/6/2002 - Shorewall.net now running on RH8.0
</b><b><img border="0" src="images/new10.gif" width="28"
height="12" alt="(New)">
</b><br>
<br>
The firewall and server here at shorewall.net
are now running RedHat release 8.0.<br>
</b><br>
<br>
The firewall and server here at shorewall.net
are now running RedHat release 8.0.<br>
<p><b>9/30/2002 - Shorewall 1.3.9a</b><b>
</b></p>
Roles up the fix for broken tunnels.<br>
<p><b>9/30/2002 - Shorewall 1.3.9a</b><b>
</b></p>
Roles up the fix for broken tunnels.<br>
<p><b>9/30/2002 - TUNNELS Broken in 1.3.9!!!</b><b>
</b></p>
<img src="images/j0233056.gif"
alt="Brown Paper Bag" width="50" height="86" align="left">
There is an updated firewall script at
<a
<p><b>9/30/2002 - TUNNELS Broken in 1.3.9!!!</b><b>
</b></p>
<img
src="images/j0233056.gif" alt="Brown Paper Bag" width="50" height="86"
align="left">
There is an updated firewall script
at <a
href="ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall"
target="_top">ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall</a>
-- copy that file to /usr/lib/shorewall/firewall.<br>
target="_top">ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall</a>
-- copy that file to /usr/lib/shorewall/firewall.<br>
<p><b><br>
</b></p>
</b></p>
<p><b><br>
</b></p>
<p><b><br>
9/28/2002 - Shorewall 1.3.9 </b><b>
</b></p>
<p><b><br>
</b></p>
<p><b><br>
9/28/2002 - Shorewall 1.3.9 </b><b>
</b></p>
<p>In this version:<br>
</p>
</p>
<ul>
<li><a
href="configuration_file_basics.htm#dnsnames">DNS Names</a> are now
allowed in Shorewall config files (although I recommend against
using them).</li>
<li>The connection SOURCE
may now be qualified by both interface and IP address in
a <a href="Documentation.htm#Rules">Shorewall rule</a>.</li>
<li>Shorewall startup is
now disabled after initial installation until the file
/etc/shorewall/startup_disabled is removed. This avoids nasty
surprises at reboot for users who install Shorewall but don't
configure it.</li>
<li>The 'functions' and 'version'
files and the 'firewall' symbolic link have been moved
from /var/lib/shorewall to /usr/lib/shorewall to appease
the LFS police at Debian.<br>
</li>
<li><a
href="configuration_file_basics.htm#dnsnames">DNS Names</a> are now
allowed in Shorewall config files (although I recommend
against using them).</li>
<li>The connection SOURCE
may now be qualified by both interface and IP address
in a <a href="Documentation.htm#Rules">Shorewall rule</a>.</li>
<li>Shorewall startup
is now disabled after initial installation until the
file /etc/shorewall/startup_disabled is removed. This avoids
nasty surprises at reboot for users who install Shorewall
but don't configure it.</li>
<li>The 'functions' and
'version' files and the 'firewall' symbolic link have been
moved from /var/lib/shorewall to /usr/lib/shorewall to appease
the LFS police at Debian.<br>
</li>
</ul>
@ -414,7 +445,8 @@ the LFS police at Debian.<br>
<p><a href="News.htm">More News</a></p>
@ -422,65 +454,66 @@ the LFS police at Debian.<br>
<h2><a name="Donations"></a>Donations</h2>
</td>
<td
width="88" bgcolor="#4b017c" valign="top" align="center"> <a
href="http://sourceforge.net">M</a></td>
</tr>
</tbody>
</table>
</center>
</div>
<h2><a name="Donations"></a>Donations</h2>
</td>
<td
width="88" bgcolor="#4b017c" valign="top" align="center"> <a
href="http://sourceforge.net">M</a></td>
</tr>
</tbody>
</table>
</center>
</div>
<table border="0" cellpadding="5" cellspacing="0"
style="border-collapse: collapse;" width="100%" id="AutoNumber2"
bgcolor="#4b017c">
<tbody>
<tr>
<td
width="100%" style="margin-top: 1px;">
<tbody>
<tr>
<td
width="100%" style="margin-top: 1px;">
<p align="center"><a href="http://www.starlight.org"> <img
border="4" src="images/newlog.gif" width="57" height="100" align="left"
hspace="10">
  </a></p>
  </a></p>
<p align="center"><font size="4" color="#ffffff">Shorewall is free but
if you try it and find it useful, please consider making a donation
to <a href="http://www.starlight.org"><font
<p align="center"><font size="4" color="#ffffff">Shorewall is free
but if you try it and find it useful, please consider making a donation
to <a href="http://www.starlight.org"><font
color="#ffffff">Starlight Children's Foundation.</font></a> Thanks!</font></p>
</td>
</tr>
</td>
</tr>
</tbody>
</tbody>
</table>
<p><font size="2">Updated 11/24/2002 - <a href="support.htm">Tom Eastep</a></font>
<p><font size="2">Updated 12/3/2002 - <a href="support.htm">Tom Eastep</a></font>
<br>
</p>
<br>
<br>
<br>
</p>
</body>
</html>

156
STABLE/documentation/shoreline.htm
View File

@ -1,114 +1,116 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title>About the Shorewall Author</title>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta name="Microsoft Theme" content="none">
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" width="100%" id="AutoNumber1"
bgcolor="#400169" height="90">
<tbody>
<tr>
<td width="100%">
<tbody>
<tr>
<td width="100%">
<h1 align="center"><font color="#ffffff">Tom Eastep</font></h1>
</td>
</tr>
</tbody>
</td>
</tr>
</tbody>
</table>
<p align="center"> <img border="3" src="images/TomNTarry.png"
alt="Tom on the PCT - 1991" width="316" height="392">
</p>
</p>
<p align="center">Tarry &amp; Tom -- August 2002<br>
<br>
</p>
<br>
</p>
<ul>
<li>Born 1945 in <a href="http://www.experiencewashington.com">Washington
State</a> .</li>
<li>BA Mathematics from <a href="http://www.wsu.edu">Washington
State University</a> 1967</li>
<li>MA Mathematics from <a href="http://www.washington.edu">University
<li>Born 1945 in <a
href="http://www.experiencewashington.com">Washington State</a> .</li>
<li>BA Mathematics from <a href="http://www.wsu.edu">Washington
State University</a> 1967</li>
<li>MA Mathematics from <a href="http://www.washington.edu">University
of Washington</a> 1969</li>
<li>Burroughs Corporation (now <a href="http://www.unisys.com">Unisys</a>
) 1969 - 1980</li>
<li><a href="http://www.tandem.com">Tandem Computers, Incorporated</a>
<li>Burroughs Corporation (now <a
href="http://www.unisys.com">Unisys</a> ) 1969 - 1980</li>
<li><a href="http://www.tandem.com">Tandem Computers, Incorporated</a>
(now part of the <a href="http://www.hp.com">The New HP</a>) 1980 - present</li>
<li>Married 1969 - no children.</li>
</ul>
<p>I am currently a member of the design team for the next-generation
operating system from the NonStop Enterprise Division of HP. </p>
<p>I became interested in Internet Security when I established a home office
in 1999 and had DSL service installed in our home. I investigated
ipchains and developed the scripts which are now collectively known as <a
href="http://seawall.sourceforge.net"> Seattle Firewall</a>. Expanding
on what I learned from Seattle Firewall, I then designed and wrote
Shorewall. </p>
<p>I telework from our home in <a href="http://www.cityofshoreline.com">Shoreline,
Washington</a> where I live with my wife Tarry. </p>
<p>Our current home network consists of: </p>
<li>Married 1969 - no children.</li>
<ul>
<li>1.2Gz Athlon, Windows XP Pro, 320MB RAM, 40GB &amp; 8GB IDE
HDs and LNE100TX (Tulip) NIC - My personal Windows system. Also has
RedHat 8.0 installed.</li>
<li>Celeron 1.4Gz, RH8.0, 384MB RAM, 60GB HD, LNE100TX(Tulip) NIC
- My personal Linux System which runs Samba configured as a WINS server.
This system also has <a href="http://www.vmware.com/">VMware</a> installed
and can run both <a href="http://www.debian.org">Debian Woody</a>
and <a href="http://www.suse.com">SuSE 8.1</a> in virtual machines.</li>
<li>K6-2/350, RH8.0, 384MB RAM, 8GB IDE HD, EEPRO100 NIC  - Mail
(Postfix &amp; Courier-IMAP), HTTP (Apache), FTP (Pure_ftpd), DNS server
(Bind).</li>
<li>PII/233, RH8.0, 256MB MB RAM, 2GB SCSI HD - 3 LNE100TX 
(Tulip) and 1 TLAN NICs  - Firewall running Shorewall 1.3.9a  and a DHCP
server.  Also runs PoPToP for road warrior access.</li>
<li>Duron 750, Win ME, 192MB RAM, 20GB HD, RTL8139 NIC - My wife's
personal system.</li>
<li>PII/400 Laptop, Win2k SP2, 224MB RAM, 12GB HD, onboard EEPRO100
and EEPRO100 in expansion base and LinkSys WAC11 - My main work system.</li>
</ul>
<p>I am currently a member of the design team for the next-generation
operating system from the NonStop Enterprise Division of HP. </p>
<p>I became interested in Internet Security when I established a home office
in 1999 and had DSL service installed in our home. I investigated
ipchains and developed the scripts which are now collectively known as
<a href="http://seawall.sourceforge.net"> Seattle Firewall</a>. Expanding
on what I learned from Seattle Firewall, I then designed and wrote
Shorewall. </p>
<p>I telework from our home in <a href="http://www.cityofshoreline.com">Shoreline,
Washington</a> where I live with my wife Tarry. </p>
<p>Our current home network consists of: </p>
<ul>
<li>1.2Gz Athlon, Windows XP Pro, 320MB RAM, 40GB &amp; 8GB IDE
HDs and LNE100TX (Tulip) NIC - My personal Windows system. Also has
RedHat 8.0 installed.</li>
<li>Celeron 1.4Gz, RH8.0, 384MB RAM, 60GB HD, LNE100TX(Tulip)
NIC - My personal Linux System which runs Samba configured as a WINS
server. This system also has <a href="http://www.vmware.com/">VMware</a>
installed and can run both <a href="http://www.debian.org">Debian
Woody</a> and <a href="http://www.suse.com">SuSE 8.1</a> in virtual
machines.</li>
<li>K6-2/350, RH8.0, 384MB RAM, 8GB IDE HD, EEPRO100 NIC  - Mail
(Postfix &amp; Courier-IMAP), HTTP (Apache), FTP (Pure_ftpd), DNS server
(Bind).</li>
<li>PII/233, RH8.0, 256MB MB RAM, 2GB SCSI HD - 3 LNE100TX 
(Tulip) and 1 TLAN NICs  - Firewall running Shorewall 1.3.11  and a DHCP
server.  Also runs PoPToP for road warrior access.</li>
<li>Duron 750, Win ME, 192MB RAM, 20GB HD, RTL8139 NIC - My wife's
personal system.</li>
<li>PII/400 Laptop, WinXP SP1, 224MB RAM, 12GB HD, onboard EEPRO100
and EEPRO100 in expansion base and LinkSys WAC11 - My main work system.</li>
</ul>
<p>For more about our network see <a href="myfiles.htm">my Shorewall Configuration</a>.</p>
<p>All of our other systems are made by <a
href="http://www.compaq.com">Compaq</a> (part of the new <a
href="http://www.hp.com/">HP</a>).. All of our Tulip NICs are <a
href="http://www.netgear.com">Netgear</a> FA310TXs.</p>
<p><a href="http://www.redhat.com"><img border="0"
src="images/poweredby.png" width="88" height="31">
</a><a href="http://www.compaq.com"><img border="0"
</a><a href="http://www.compaq.com"><img border="0"
src="images/poweredbycompaqlog0.gif" hspace="3" width="83" height="25">
</a><a href="http://www.pureftpd.org"><img border="0"
</a><a href="http://www.pureftpd.org"><img border="0"
src="images/pure.jpg" width="88" height="31">
</a><font size="4"><a href="http://www.apache.org"><img border="0"
</a><font size="4"><a href="http://www.apache.org"><img border="0"
src="images/apache_pb1.gif" hspace="2" width="170" height="20">
</a> </font></p>
<p><font size="2">Last updated 10/28/2002 - </font><font size="2"> <a
href="support.htm">Tom Eastep</a></font> </p>
<font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
© <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font><br>
</a> </font></p>
<p><font size="2">Last updated 11/24/2002 - </font><font size="2">
<a href="support.htm">Tom Eastep</a></font> </p>
<font face="Trebuchet MS"><a href="copyright.htm"><font
size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font><br>
<br>
<br>
<br>
<br>

326
STABLE/documentation/shorewall_quickstart_guide.htm
View File

@ -1,227 +1,231 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title>Shorewall QuickStart Guide</title>
<meta name="Microsoft Theme" content="none">
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" width="100%" id="AutoNumber1"
bgcolor="#400169" height="90">
<tbody>
<tr>
<td width="100%">
<tbody>
<tr>
<td width="100%">
<h1 align="center"><font color="#ffffff">Shorewall QuickStart Guides<br>
Version 3.1</font></h1>
</td>
</tr>
</tbody>
Version 3.1</font></h1>
</td>
</tr>
</tbody>
</table>
<p align="center">With thanks to Richard who reminded me once again that we
must all first walk before we can run.</p>
<p align="center">With thanks to Richard who reminded me once again that
we must all first walk before we can run.</p>
<h2>The Guides</h2>
<p>These guides provide step-by-step instructions for configuring Shorewall
in common firewall setups.</p>
<p>These guides provide step-by-step instructions for configuring Shorewall
in common firewall setups.</p>
<p>The following guides are for <b>users who have a single public IP address</b>:</p>
<ul>
<li><a href="standalone.htm">Standalone</a> Linux System</li>
<li><a href="two-interface.htm">Two-interface</a> Linux System
<li><a href="standalone.htm">Standalone</a> Linux System</li>
<li><a href="two-interface.htm">Two-interface</a> Linux System
acting as a firewall/router for a small local network</li>
<li><a href="three-interface.htm">Three-interface</a> Linux System
<li><a href="three-interface.htm">Three-interface</a> Linux System
acting as a firewall/router for a small local network and a DMZ.</li>
</ul>
<p>The above guides are designed to get your first firewall up and running
quickly in the three most common Shorewall configurations.</p>
<p>The <a href="shorewall_setup_guide.htm">Shorewall Setup Guide</a> outlines
the steps necessary to set up a firewall where <b>there are multiple public
IP addresses involved or if you want to learn more about Shorewall than
is explained in the single-address guides above.</b></p>
<p>The above guides are designed to get your first firewall up and running
quickly in the three most common Shorewall configurations.</p>
<p>The <a href="shorewall_setup_guide.htm">Shorewall Setup Guide</a> outlines
the steps necessary to set up a firewall where <b>there are multiple
public IP addresses involved or if you want to learn more about Shorewall
than is explained in the single-address guides above.</b></p>
<ul>
<li><a href="shorewall_setup_guide.htm#Introduction">1.0 Introduction</a></li>
<li><a href="shorewall_setup_guide.htm#Concepts">2.0 Shorewall
<li><a href="shorewall_setup_guide.htm#Introduction">1.0 Introduction</a></li>
<li><a href="shorewall_setup_guide.htm#Concepts">2.0 Shorewall
Concepts</a></li>
<li><a href="shorewall_setup_guide.htm#Interfaces">3.0 Network
<li><a href="shorewall_setup_guide.htm#Interfaces">3.0 Network
Interfaces</a></li>
<li><a href="shorewall_setup_guide.htm#Addressing">4.0 Addressing,
Subnets and Routing</a>
<li><a href="shorewall_setup_guide.htm#Addressing">4.0 Addressing,
Subnets and Routing</a>
<ul>
<li><a href="shorewall_setup_guide.htm#Addresses">4.1 IP Addresses</a></li>
<li><br>
</li>
<li><a href="shorewall_setup_guide.htm#Subnets">4.2 Subnets</a></li>
<li><a href="shorewall_setup_guide.htm#Routing">4.3 Routing</a></li>
<li><a href="shorewall_setup_guide.htm#ARP">4.4 Address Resolution
<li><a href="shorewall_setup_guide.htm#Addresses">4.1 IP Addresses</a></li>
<li><br>
</li>
<li><a href="shorewall_setup_guide.htm#Subnets">4.2 Subnets</a></li>
<li><a href="shorewall_setup_guide.htm#Routing">4.3 Routing</a></li>
<li><a href="shorewall_setup_guide.htm#ARP">4.4 Address Resolution
Protocol</a></li>
</ul>
<ul>
<li><a href="shorewall_setup_guide.htm#RFC1918">4.5 RFC 1918</a></li>
<li><a href="shorewall_setup_guide.htm#RFC1918">4.5 RFC 1918</a></li>
</ul>
</li>
<li><a href="shorewall_setup_guide.htm#Options">5.0 Setting up
your Network</a>
</li>
<li><a href="shorewall_setup_guide.htm#Options">5.0 Setting up
your Network</a>
<ul>
<li><a href="shorewall_setup_guide.htm#Routed">5.1 Routed</a></li>
<li><a href="shorewall_setup_guide.htm#Routed">5.1 Routed</a></li>
</ul>
<ul>
<li><a href="shorewall_setup_guide.htm#NonRouted">5.2 Non-routed</a>
<ul>
<li><a href="shorewall_setup_guide.htm#SNAT">5.2.1 SNAT</a></li>
<li><a href="shorewall_setup_guide.htm#DNAT">5.2.2 DNAT</a></li>
<li><a href="shorewall_setup_guide.htm#ProxyARP">5.2.3 Proxy
ARP</a></li>
<li><a href="shorewall_setup_guide.htm#NAT">5.2.4 Static NAT</a></li>
<li><a href="shorewall_setup_guide.htm#NonRouted">5.2 Non-routed</a>
<ul>
<li><a href="shorewall_setup_guide.htm#SNAT">5.2.1 SNAT</a></li>
<li><a href="shorewall_setup_guide.htm#DNAT">5.2.2 DNAT</a></li>
<li><a href="shorewall_setup_guide.htm#ProxyARP">5.2.3 Proxy
ARP</a></li>
<li><a href="shorewall_setup_guide.htm#NAT">5.2.4 Static NAT</a></li>
</ul>
</li>
<li><a href="shorewall_setup_guide.htm#Rules">5.3 Rules</a></li>
<li><a href="shorewall_setup_guide.htm#OddsAndEnds">5.4 Odds
</li>
<li><a href="shorewall_setup_guide.htm#Rules">5.3 Rules</a></li>
<li><a href="shorewall_setup_guide.htm#OddsAndEnds">5.4 Odds
and Ends</a></li>
</ul>
</li>
<li><a href="shorewall_setup_guide.htm#DNS">6.0 DNS</a></li>
<li><a href="shorewall_setup_guide.htm#StartingAndStopping">7.0
Starting and Stopping the Firewall</a></li>
</li>
<li><a href="shorewall_setup_guide.htm#DNS">6.0 DNS</a></li>
<li><a href="shorewall_setup_guide.htm#StartingAndStopping">7.0
Starting and Stopping the Firewall</a></li>
</ul>
<h2><a name="Documentation"></a>Documentation Index</h2>
<p>The following documentation covers a variety of topics and <b>supplements
the <a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> described
above</b>. Please review the appropriate guide before trying to use this
<p>The following documentation covers a variety of topics and <b>supplements
the <a href="shorewall_quickstart_guide.htm">QuickStart Guides</a> described
above</b>. Please review the appropriate guide before trying to use this
documentation directly.</p>
<ul>
<li><a href="blacklisting_support.htm">Blacklisting</a>
<li><a href="blacklisting_support.htm">Blacklisting</a>
<ul>
<li>Static Blacklisting using /etc/shorewall/blacklist</li>
<li>Dynamic Blacklisting using /sbin/shorewall</li>
<li>Static Blacklisting using /etc/shorewall/blacklist</li>
<li>Dynamic Blacklisting using /sbin/shorewall</li>
</ul>
</li>
<li><a href="configuration_file_basics.htm">Common configuration
file features</a>
</li>
<li><a href="configuration_file_basics.htm">Common configuration
file features</a>
<ul>
<li>Comments in configuration files</li>
<li>Line Continuation</li>
<li>Port Numbers/Service Names</li>
<li>Port Ranges</li>
<li>Using Shell Variables</li>
<li>Using DNS Names<br>
</li>
<li>Complementing an IP address or Subnet</li>
<li>Shorewall Configurations (making a test configuration)</li>
<li>Using MAC Addresses in Shorewall</li>
<li>Comments in configuration files</li>
<li>Line Continuation</li>
<li>Port Numbers/Service Names</li>
<li>Port Ranges</li>
<li>Using Shell Variables</li>
<li>Using DNS Names<br>
</li>
<li>Complementing an IP address or Subnet</li>
<li>Shorewall Configurations (making a test configuration)</li>
<li>Using MAC Addresses in Shorewall</li>
</ul>
</li>
<li><a href="Documentation.htm">Configuration File Reference Manual</a>
</li>
<li><a href="Documentation.htm">Configuration File Reference Manual</a>
<ul>
<li> <a href="Documentation.htm#Variables">params</a></li>
<li><font color="#000099"><a href="Documentation.htm#Zones">zones</a></font></li>
<li><font color="#000099"><a
<li> <a href="Documentation.htm#Variables">params</a></li>
<li><font color="#000099"><a href="Documentation.htm#Zones">zones</a></font></li>
<li><font color="#000099"><a
href="Documentation.htm#Interfaces">interfaces</a></font></li>
<li><font color="#000099"><a href="Documentation.htm#Hosts">hosts</a></font></li>
<li><font color="#000099"><a href="Documentation.htm#Policy">policy</a></font></li>
<li><font color="#000099"><a href="Documentation.htm#Rules">rules</a></font></li>
<li><a href="Documentation.htm#Common">common</a></li>
<li><font color="#000099"><a href="Documentation.htm#Masq">masq</a></font></li>
<li><font color="#000099"><a
<li><font color="#000099"><a href="Documentation.htm#Hosts">hosts</a></font></li>
<li><font color="#000099"><a
href="Documentation.htm#Policy">policy</a></font></li>
<li><font color="#000099"><a href="Documentation.htm#Rules">rules</a></font></li>
<li><a href="Documentation.htm#Common">common</a></li>
<li><font color="#000099"><a href="Documentation.htm#Masq">masq</a></font></li>
<li><font color="#000099"><a
href="Documentation.htm#ProxyArp">proxyarp</a></font></li>
<li><font color="#000099"><a href="Documentation.htm#NAT">nat</a></font></li>
<li><font color="#000099"><a
<li><font color="#000099"><a href="Documentation.htm#NAT">nat</a></font></li>
<li><font color="#000099"><a
href="Documentation.htm#Tunnels">tunnels</a></font></li>
<li><a href="traffic_shaping.htm#tcrules">tcrules</a></li>
<li><font color="#000099"><a href="Documentation.htm#Conf">shorewall.conf</a></font></li>
<li><a href="Documentation.htm#modules">modules</a></li>
<li><a href="Documentation.htm#TOS">tos</a> </li>
<li><a href="Documentation.htm#Blacklist">blacklist</a></li>
<li><a href="Documentation.htm#rfc1918">rfc1918</a></li>
<li><a href="Documentation.htm#Routestopped">routestopped</a></li>
<li><a href="traffic_shaping.htm#tcrules">tcrules</a></li>
<li><font color="#000099"><a href="Documentation.htm#Conf">shorewall.conf</a></font></li>
<li><a href="Documentation.htm#modules">modules</a></li>
<li><a href="Documentation.htm#TOS">tos</a> </li>
<li><a href="Documentation.htm#Blacklist">blacklist</a></li>
<li><a href="Documentation.htm#rfc1918">rfc1918</a></li>
<li><a href="Documentation.htm#Routestopped">routestopped</a></li>
</ul>
</li>
<li><a href="dhcp.htm">DHCP</a></li>
<li><font color="#000099"><a
href="shorewall_extension_scripts.htm">Extension Scripts</a></font>
(How to extend Shorewall without modifying Shorewall code)</li>
<li><a href="fallback.htm">Fallback/Uninstall</a></li>
<li><a href="shorewall_firewall_structure.htm">Firewall Structure</a></li>
<li><font color="#000099"><a href="kernel.htm">Kernel Configuration</a></font></li>
<li><a href="myfiles.htm">My Configuration Files</a> (How I personally
use Shorewall)</li>
<li><a href="ports.htm">Port Information</a>
</li>
<li><a href="dhcp.htm">DHCP</a></li>
<li><font color="#000099"><a
href="shorewall_extension_scripts.htm">Extension Scripts</a></font> (How
to extend Shorewall without modifying Shorewall code)</li>
<li><a href="fallback.htm">Fallback/Uninstall</a></li>
<li><a href="shorewall_firewall_structure.htm">Firewall Structure</a></li>
<li><font color="#000099"><a href="kernel.htm">Kernel Configuration</a></font></li>
<li><a href="myfiles.htm">My Configuration Files</a> (How I personally
use Shorewall)</li>
<li><a href="ports.htm">Port Information</a>
<ul>
<li>Which applications use which ports</li>
<li>Ports used by Trojans</li>
<li>Which applications use which ports</li>
<li>Ports used by Trojans</li>
</ul>
</li>
<li><a href="ProxyARP.htm">Proxy ARP</a></li>
<li><a href="samba.htm">Samba</a></li>
<li><font color="#000099"><a
</li>
<li><a href="ProxyARP.htm">Proxy ARP</a></li>
<li><a href="samba.htm">Samba</a></li>
<li><font color="#000099"><a
href="starting_and_stopping_shorewall.htm">Starting/stopping the Firewall</a></font></li>
<ul>
<li>Description of all /sbin/shorewall commands</li>
<li>How to safely test a Shorewall configuration change<br>
</li>
<li>Description of all /sbin/shorewall commands</li>
<li>How to safely test a Shorewall configuration change<br>
</li>
</ul>
<li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li>
<li><a href="traffic_shaping.htm">Traffic Shaping/Control</a></li>
<li>VPN
<li><font color="#000099"><a href="NAT.htm">Static NAT</a></font></li>
<li><a href="traffic_shaping.htm">Traffic Shaping/Control</a></li>
<li>VPN
<ul>
<li><a href="IPSEC.htm">IPSEC</a></li>
<li><a href="IPIP.htm">GRE and IPIP</a></li>
<li><a href="PPTP.htm">PPTP</a></li>
<li><a href="VPN.htm">IPSEC/PPTP</a> from a system behind your
<li><a href="IPSEC.htm">IPSEC</a></li>
<li><a href="IPIP.htm">GRE and IPIP</a></li>
<li><a href="PPTP.htm">PPTP</a></li>
<li><a href="VPN.htm">IPSEC/PPTP</a> from a system behind your
firewall to a remote network.</li>
</ul>
</li>
<li><a href="whitelisting_under_shorewall.htm">White List Creation</a></li>
</li>
<li><a href="whitelisting_under_shorewall.htm">White List Creation</a></li>
</ul>
<p>If you use one of these guides and have a suggestion for improvement <a
href="mailto:webmaster@shorewall.net">please let me know</a>.</p>
<p><font size="2">Last modified 11/19/2002 - <a
href="file:///J:/Shorewall/Shorewall-docs/support.htm">Tom Eastep</a></font></p>
<p><font size="2">Last modified 11/19/2002 - <a href="support.htm">Tom Eastep</a></font></p>
<p><a href="copyright.htm"><font size="2">Copyright 2002 Thomas M. Eastep</font></a><br>
</p>
</p>
<br>
</body>
</html>

206
STABLE/documentation/support.htm
View File

@ -1,85 +1,85 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Support</title>
<meta name="Microsoft Theme" content="none">
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" width="100%" id="AutoNumber1"
bgcolor="#400169" height="90">
<tbody>
<tr>
<td width="100%">
<tbody>
<tr>
<td width="100%">
<h1 align="center"><font color="#ffffff">Shorewall Support</font></h1>
</td>
</tr>
</tbody>
</td>
</tr>
</tbody>
</table>
<h3 align="left"> <span style="font-weight: 400;"><i> "<font size="3">It is
easier to post a problem than to use your own brain" </font>-- </i> <font
<h3 align="left"> <span style="font-weight: 400;"><i> "<font size="3">It
is easier to post a problem than to use your own brain" </font>-- </i> <font
size="2">Wietse Venema (creator of <a href="http://www.postfix.org">Postfix</a>)</font></span></h3>
<p align="left"> <i>"Any sane computer will tell you how it works -- you just
have to ask it the right questions" </i>-- <font size="2">Tom Eastep</font></p>
<p align="left"> <i>"Any sane computer will tell you how it works -- you
just have to ask it the right questions" </i>-- <font size="2">Tom Eastep</font></p>
<blockquote> </blockquote>
<p><span style="font-weight: 400;"><i>"It irks me when people believe that
free software comes at no cost. The cost is incredibly high."</i>
- <font size="2"> Wietse Venem<br>
</font></span></p>
<p><span style="font-weight: 400;"><i>"It irks me when people believe that
free software comes at no cost. The cost is incredibly high."</i>
- <font size="2"> Wietse Venem<br>
</font></span></p>
<h3 align="left">Before Reporting a Problem</h3>
<b><i>"Reading the documentation fully is a prerequisite to getting help
for your particular situation. I know it's harsh but you will have to get
so far on your own before you can get reasonable help from a list full of
busy people. A mailing list is not a tool to speed up your day by being spoon
fed</i></b><i><b>".</b> </i>-- Simon White<br>
<b><i>"Reading the documentation fully is a prerequisite to getting help
for your particular situation. I know it's harsh but you will have to get
so far on your own before you can get reasonable help from a list full of
busy people. A mailing list is not a tool to speed up your day by being
spoon fed</i></b><i><b>".</b> </i>-- Simon White<br>
<p>There are also a number of sources for problem solution information.</p>
<ul>
<li>The <a href="FAQ.htm">FAQ</a> has solutions to common problems.</li>
<li>The <a href="troubleshoot.htm">Troubleshooting</a> Information
<li>The <a href="FAQ.htm">FAQ</a> has solutions to common problems.</li>
<li>The <a href="troubleshoot.htm">Troubleshooting</a> Information
contains a number of tips to help you solve common problems.</li>
<li>The <a href="errata.htm"> Errata</a> has links to download
<li>The <a href="errata.htm"> Errata</a> has links to download
updated components.</li>
<li>The Mailing List Archives search facility can locate posts
<li>The Mailing List Archives search facility can locate posts
about similar problems:</li>
</ul>
<h4>Mailing List Archive Search</h4>
<form method="post" action="http://www.shorewall.net/cgi-bin/htsearch">
<p> <font size="-1"> Match:
<h4>Mailing List Archive Search</h4>
<form method="post" action="http://www.shorewall.net/cgi-bin/htsearch">
<p> <font size="-1"> Match:
<select name="method">
<option value="and">All </option>
<option value="or">Any </option>
<option value="boolean">Boolean </option>
</select>
Format:
Format:
<select name="format">
<option value="builtin-long">Long </option>
<option value="builtin-short">Short </option>
</select>
Sort by:
Sort by:
<select name="sort">
<option value="score">Score </option>
<option value="time">Time </option>
@ -88,76 +88,82 @@ about similar problems:</li>
<option value="revtime">Reverse Time </option>
<option value="revtitle">Reverse Title </option>
</select>
</font> <input type="hidden" name="config" value="htdig"> <input
</font> <input type="hidden" name="config" value="htdig"> <input
type="hidden" name="restrict"
value="[http://www.shorewall.net/pipermail/.*]"> <input type="hidden"
name="exclude" value=""> <br>
Search: <input type="text" size="30" name="words" value=""> <input
Search: <input type="text" size="30" name="words" value=""> <input
type="submit" value="Search"> </p>
</form>
</form>
<h3 align="left">Problem Reporting Guideline</h3>
<ul>
<li>When reporting a problem, give as much information as you can.
Reports that say "I tried XYZ and it didn't work" are not at all helpful.</li>
<li>Please don't describe your environment and then ask us to send
you custom configuration files. We're here to answer your questions
but we can't do your job for you.</li>
<li>Do you see any "Shorewall" messages in /var/log/messages
<li>When reporting a problem, give as much information as you
can. Reports that say "I tried XYZ and it didn't work" are not at all
helpful.</li>
<li>Please don't describe your environment and then ask us to
send you custom configuration files. We're here to answer your
questions but we can't do your job for you.</li>
<li>Do you see any "Shorewall" messages in /var/log/messages
when you exercise the function that is giving you problems?</li>
<li>Have you looked at the packet flow with a tool like tcpdump
to try to understand what is going on?</li>
<li>Have you tried using the diagnostic capabilities of the
application that isn't working? For example, if "ssh" isn't able
to connect, using the "-v" option gives you a lot of valuable diagnostic
information.</li>
<li>Please include any of the Shorewall configuration files (especially
the /etc/shorewall/hosts file if you have modified that file) that you
think are relevant. If an error occurs when you try to "shorewall start",
include a trace (See the <a href="troubleshoot.htm">Troubleshooting</a>
section for instructions).</li>
<li>The list server limits posts to 120kb so don't post GIFs of
your network layout, etc to the Mailing List -- your post will
be rejected.</li>
<li>Have you looked at the packet flow with a tool like tcpdump
to try to understand what is going on?</li>
<li>Have you tried using the diagnostic capabilities of the
application that isn't working? For example, if "ssh" isn't able
to connect, using the "-v" option gives you a lot of valuable diagnostic
information.</li>
<li>Please include any of the Shorewall configuration files (especially
the /etc/shorewall/hosts file if you have modified that file) that
you think are relevant. If an error occurs when you try to "shorewall
start", include a trace (See the <a href="troubleshoot.htm">Troubleshooting</a>
section for instructions).</li>
<li>The list server limits posts to 120kb so don't post GIFs of
your network layout, etc to the Mailing List -- your post will
be rejected.</li>
</ul>
<h3>Where to Send your Problem Report or to Ask for Help</h3>
<b>If you run Shorewall on Mandrake 9.0 </b>-- send your problem
reports and questions to MandrakeSoft. I ordered a Mandrake 9.0 boxed set
on October 3, 2002; MandrakeSoft issued a charge against my credit card
on October 4, 2002 (they are really effecient at that part of the order
process) and I haven't heard a word from them since (although their news
letters boast that 9.0 boxed sets have been shipping for the last two weeks).
If they can't fill my 9.0 order within <u>6 weeks after they have billed
my credit card</u> then I refuse to spend my free time supporting of their
product for them.<br>
<h4>If you run Shorewall under Bering -- <span style="font-weight: 400;">please
post your question or problem to the <a
<b>If you run Shorewall on Mandrake 9.0 </b>-- send your problem
reports and questions to MandrakeSoft. I ordered a Mandrake 9.0 boxed set
on October 3, 2002; MandrakeSoft issued a charge against my credit card on
October 4, 2002 (they are very effecient at that part of the order process)
and I haven't heard a word from them since (although their news letters
boast that 9.0 boxed sets have been shipping for the last two weeks). If
they can't fill my 9.0 order within <u>6 weeks after they have billed my
credit card</u> then I refuse to spend my free time supporting their product
for them.<br>
<br>
<b>Mandrake Update - 11/26/2002 - </b>Mandrake have informed me that "Your
order is part of a batch of which was not correctly sent to our shipping
handler, and so unfortunately was not processed". They further assure me
that these mishandled orders will begin shipping on 12/2/2002.<br>
<h4>If you run Shorewall under Bering -- <span style="font-weight: 400;">please
post your question or problem to the <a
href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing list</a>.</span></h4>
<p>Otherwise, please post your question or problem to the <a
href="mailto:shorewall-users@shorewall.net">Shorewall users mailing list</a>;
there are lots of folks there who are willing to help you. Your question/problem
description and their responses will be placed in the mailing list archives
to help people who have a similar question or problem in the future.</p>
<p>I don't look at problems sent to me directly but I try to spend some amount
of time each day responding to problems posted on the mailing list.</p>
href="mailto:shorewall-users@shorewall.net">Shorewall users mailing list</a>;
there are lots of folks there who are willing to help you. Your question/problem
description and their responses will be placed in the mailing list archives
to help people who have a similar question or problem in the future.</p>
<p>I don't look at problems sent to me directly but I try to spend some amount
of time each day responding to problems posted on the mailing list.</p>
<p align="center"><a href="mailto:teastep@shorewall.net">-Tom</a></p>
<p>To Subscribe to the mailing list go to <a
href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a>
href="http://www.shorewall.net/mailman/listinfo/shorewall-users">http://www.shorewall.net/mailman/listinfo/shorewall-users</a>
.</p>
<p align="left"><font size="2">Last Updated 11/19//2002 - Tom Eastep</font></p>
<p align="left"><font size="2">Last Updated 12/2/2002 - Tom Eastep</font></p>
<p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font
size="2">Copyright</font> © <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font><br>
</p>
</p>
<br>
</body>
</html>

299
STABLE/documentation/troubleshoot.htm
View File

@ -1,205 +1,212 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title>Shorewall Troubleshooting</title>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" bordercolor="#111111" width="100%"
id="AutoNumber1" bgcolor="#400169" height="90">
<tbody>
<tr>
<td width="100%">
<h1 align="center"><font color="#ffffff">Shorewall Troubleshooting</font></h1>
</td>
</tr>
</tbody>
<tbody>
<tr>
<td width="100%">
<h1 align="center"><font color="#ffffff">Shorewall Troubleshooting<img
src="images/obrasinf.gif" alt="Beating head on table" width="90"
height="90" align="middle">
</font></h1>
</td>
</tr>
</tbody>
</table>
<h3 align="left">Check the Errata</h3>
<p align="left">Check the <a href="errata.htm">Shorewall Errata</a> to be
sure that there isn't an update that you are missing for your version
sure that there isn't an update that you are missing for your version
of the firewall.</p>
<h3 align="left">Check the FAQs</h3>
<p align="left">Check the <a href="FAQ.htm">FAQs</a> for solutions to common
problems.</p>
problems.</p>
<h3 align="left">If the firewall fails to start</h3>
If you receive an error message when starting or restarting the firewall
and you can't determine the cause, then do the following:
If you receive an error message when starting or restarting the
firewall and you can't determine the cause, then do the following:
<ul>
<li>shorewall debug start 2&gt; /tmp/trace</li>
<li>Look at the /tmp/trace file and see if that helps you determine
what the problem is.</li>
<li>If you still can't determine what's wrong then see the <a
<li>shorewall debug start 2&gt; /tmp/trace</li>
<li>Look at the /tmp/trace file and see if that helps you determine
what the problem is.</li>
<li>If you still can't determine what's wrong then see the <a
href="support.htm">support page</a>.</li>
</ul>
<h3>Your network environment</h3>
<p>Many times when people have problems with Shorewall, the problem is
actually an ill-conceived network setup. Here are several popular snafus:
</p>
</p>
<ul>
<li>Port Forwarding where client and server are in the same
subnet. See <a href="FAQ.htm">FAQ 2.</a></li>
<li>Changing the IP address of a local system to be in the external
subnet, thinking that Shorewall will suddenly believe that the system
is in the 'net' zone.</li>
<li>Multiple interfaces connected to the same HUB or Switch. Given
the way that the Linux kernel respond to ARP "who-has" requests, this
type of setup does NOT work the way that you expect it to.</li>
<li>Port Forwarding where client and server are in the
same subnet. See <a href="FAQ.htm">FAQ 2.</a></li>
<li>Changing the IP address of a local system to be in the external
subnet, thinking that Shorewall will suddenly believe that the system
is in the 'net' zone.</li>
<li>Multiple interfaces connected to the same HUB or Switch. Given
the way that the Linux kernel respond to ARP "who-has" requests, this
type of setup does NOT work the way that you expect it to.</li>
</ul>
<h3 align="left">If you are having connection problems:</h3>
<p align="left">If the appropriate policy for the connection that you are
trying to make is ACCEPT, please DO NOT ADD ADDITIONAL ACCEPT RULES TRYING
TO MAKE IT WORK. Such additional rules will NEVER make it work, they add
clutter to your rule set and they represent a big security hole in the event
that you forget to remove them later.</p>
trying to make is ACCEPT, please DO NOT ADD ADDITIONAL ACCEPT RULES TRYING
TO MAKE IT WORK. Such additional rules will NEVER make it work, they add
clutter to your rule set and they represent a big security hole in the event
that you forget to remove them later.</p>
<p align="left">I also recommend against setting all of your policies to
ACCEPT in an effort to make something work. That robs you of one of
your best diagnostic tools - the "Shorewall" messages that Netfilter
will generate when you try to connect in a way that isn't permitted
by your rule set.</p>
<p align="left">Check your log. If you don't see Shorewall messages, then
your problem is probably NOT a Shorewall problem. If you DO see packet messages,
it may be an indication that you are missing one or more rules -- see <a
href="FAQ.htm#faq17">FAQ 17</a>.</p>
your best diagnostic tools - the "Shorewall" messages that Netfilter
will generate when you try to connect in a way that isn't permitted
by your rule set.</p>
<p align="left">Check your log ("/sbin/shorewall show log"). If you don't
see Shorewall messages, then your problem is probably NOT a Shorewall problem.
If you DO see packet messages, it may be an indication that you are missing
one or more rules -- see <a href="FAQ.htm#faq17">FAQ 17</a>.</p>
<p align="left">While you are troubleshooting, it is a good idea to clear
two variables in /etc/shorewall/shorewall.conf:</p>
two variables in /etc/shorewall/shorewall.conf:</p>
<p align="left">LOGRATE=""<br>
LOGBURST=""</p>
LOGBURST=""</p>
<p align="left">This way, you will see all of the log messages being
generated (be sure to restart shorewall after clearing these variables).</p>
<p align="left">Example:</p>
<font face="Century Gothic, Arial, Helvetica">
<font face="Century Gothic, Arial, Helvetica">
<p align="left"><font face="Courier">Jun 27 15:37:56 gateway kernel:
Shorewall:all2all:REJECT:IN=eth2 OUT=eth1 SRC=192.168.2.2 DST=192.168.1.3
LEN=67 TOS=0x00 PREC=0x00 TTL=63 ID=5805 DF PROTO=UDP SPT=1803 DPT=53 LEN=47</font></p>
</font>
LEN=67 TOS=0x00 PREC=0x00 TTL=63 ID=5805 DF PROTO=UDP SPT=1803 DPT=53
LEN=47</font></p>
</font>
<p align="left">Let's look at the important parts of this message:</p>
<ul>
<li>all2all:REJECT - This packet was REJECTed out of the all2all chain
-- the packet was rejected under the "all"-&gt;"all" REJECT policy (see
<a href="FAQ.htm#faq17">FAQ 17).</a></li>
<li>IN=eth2 - the packet entered the firewall via eth2</li>
<li>OUT=eth1 - if accepted, the packet would be sent on eth1</li>
<li>SRC=192.168.2.2 - the packet was sent by 192.168.2.2</li>
<li>DST=192.168.1.3 - the packet is destined for 192.168.1.3</li>
<li>PROTO=UDP - UDP Protocol</li>
<li>DPT=53 - DNS</li>
<li>all2all:REJECT - This packet was REJECTed out of the all2all
chain -- the packet was rejected under the "all"-&gt;"all" REJECT policy
(see <a href="FAQ.htm#faq17">FAQ 17).</a></li>
<li>IN=eth2 - the packet entered the firewall via eth2</li>
<li>OUT=eth1 - if accepted, the packet would be sent on eth1</li>
<li>SRC=192.168.2.2 - the packet was sent by 192.168.2.2</li>
<li>DST=192.168.1.3 - the packet is destined for 192.168.1.3</li>
<li>PROTO=UDP - UDP Protocol</li>
<li>DPT=53 - DNS</li>
</ul>
<p align="left">In this case, 192.168.2.2 was in the "dmz" zone and 192.168.1.3
is in the "loc" zone. I was missing the rule:</p>
<p align="left">ACCEPT    dmz    loc    udp    53<br>
</p>
<p align="left">See <a href="FAQ.htm#faq17">FAQ 17</a> for additional information
about how to interpret the chain name appearing in a Shorewall log message.<br>
</p>
<h3 align="left">Other Gotchas</h3>
<ul>
<li>Seeing rejected/dropped packets logged out of the INPUT or FORWARD
chains? This means that:
<ol>
<li>your zone definitions are screwed up and the host that is sending
the packets or the destination host isn't in any zone (using an
<a href="Documentation.htm#Hosts">/etc/shorewall/hosts</a> file are
you?); or</li>
<li>the source and destination hosts are both connected to the same
interface and that interface doesn't have the 'multi' option specified
in <a href="Documentation.htm#Interfaces">/etc/shorewall/interfaces</a>.</li>
is in the "loc" zone. I was missing the rule:</p>
<p align="left">ACCEPT    dmz    loc    udp    53<br>
</p>
<p align="left">See <a href="FAQ.htm#faq17">FAQ 17</a> for additional information
about how to interpret the chain name appearing in a Shorewall log message.<br>
</p>
<h3 align="left">Other Gotchas</h3>
<ul>
<li>Seeing rejected/dropped packets logged out of the INPUT or FORWARD
chains? This means that:
<ol>
<li>your zone definitions are screwed up and the host that is
sending the packets or the destination host isn't in any zone (using
an <a href="Documentation.htm#Hosts">/etc/shorewall/hosts</a> file
are you?); or</li>
<li>the source and destination hosts are both connected to the
same interface and that interface doesn't have the 'multi' option
specified in <a href="Documentation.htm#Interfaces">/etc/shorewall/interfaces</a>.</li>
</ol>
</li>
<li>Remember that Shorewall doesn't automatically allow ICMP type
8 ("ping") requests to be sent between zones. If you want pings to be
allowed between zones, you need a rule of the form:<br>
<br>
    ACCEPT    &lt;source zone&gt;    &lt;destination zone&gt;   
icmp    echo-request<br>
<br>
The ramifications of this can be subtle. For example, if you have
the following in /etc/shorewall/nat:<br>
<br>
    10.1.1.2    eth0    130.252.100.18<br>
<br>
and you ping 130.252.100.18, unless you have allowed icmp type 8
between the zone containing the system you are pinging from and the
</li>
<li>Remember that Shorewall doesn't automatically allow ICMP
type 8 ("ping") requests to be sent between zones. If you want pings
to be allowed between zones, you need a rule of the form:<br>
<br>
    ACCEPT    &lt;source zone&gt;    &lt;destination zone&gt;   
icmp    echo-request<br>
<br>
The ramifications of this can be subtle. For example, if you have
the following in /etc/shorewall/nat:<br>
<br>
    10.1.1.2    eth0    130.252.100.18<br>
<br>
and you ping 130.252.100.18, unless you have allowed icmp type
8 between the zone containing the system you are pinging from and the
zone containing 10.1.1.2, the ping requests will be dropped. This is
true even if you have NOT specified 'noping' for eth0 in /etc/shorewall/interfaces.</li>
<li>If you specify "routefilter" for an interface, that interface
must be up prior to starting the firewall.</li>
<li>Is your routing correct? For example, internal systems usually
need to be configured with their default gateway set to the IP address
of their nearest firewall interface. One often overlooked aspect of routing
is that in order for two hosts to communicate, the routing between them
must be set up <u>in both directions.</u> So when setting up routing
between <b>A</b> and<b> B</b>, be sure to verify that the route from
<b>B</b> back to <b>A</b> is defined.</li>
<li>Some versions of LRP (EigerStein2Beta for example) have a
shell with broken variable expansion. <a
<li>If you specify "routefilter" for an interface, that interface
must be up prior to starting the firewall.</li>
<li>Is your routing correct? For example, internal systems usually
need to be configured with their default gateway set to the IP address
of their nearest firewall interface. One often overlooked aspect of
routing is that in order for two hosts to communicate, the routing between
them must be set up <u>in both directions.</u> So when setting up routing
between <b>A</b> and<b> B</b>, be sure to verify that the route from
<b>B</b> back to <b>A</b> is defined.</li>
<li>Some versions of LRP (EigerStein2Beta for example) have a
shell with broken variable expansion. <a
href="ftp://ftp.shorewall.net/pub/shorewall/ash.gz"> You can get a corrected
shell from the Shorewall Errata download site.</a> </li>
<li>Do you have your kernel properly configured? <a
shell from the Shorewall Errata download site.</a> </li>
<li>Do you have your kernel properly configured? <a
href="kernel.htm">Click here to see my kernel configuration.</a> </li>
<li>Some features require the "ip" program. That program is generally
included in the "iproute" package which should be included with your
distribution (though many distributions don't install iproute by
default). You may also download the latest source tarball from <a
<li>Some features require the "ip" program. That program is
generally included in the "iproute" package which should be included
with your distribution (though many distributions don't install iproute
by default). You may also download the latest source tarball from <a
href="ftp://ftp.inr.ac.ru/ip-routing" target="_blank"> ftp://ftp.inr.ac.ru/ip-routing</a>
.</li>
<li>If you have <u>any</u> entry for a zone in /etc/shorewall/hosts
then the zone must be entirely defined in /etc/shorewall/hosts unless
.</li>
<li>If you have <u>any</u> entry for a zone in /etc/shorewall/hosts
then the zone must be entirely defined in /etc/shorewall/hosts unless
you have specified MERGE_HOSTS=Yes (Shorewall version 1.3.5 and later).
For example, if a zone has two interfaces but only one interface has an
entry in /etc/shorewall/hosts then hosts attached to the other interface
will <u>not</u> be considered part of the zone.</li>
<li>Problems with NAT? Be sure that you let Shorewall add all
external addresses to be use with NAT unless you have set <a
For example, if a zone has two interfaces but only one interface has an
entry in /etc/shorewall/hosts then hosts attached to the other interface
will <u>not</u> be considered part of the zone.</li>
<li>Problems with NAT? Be sure that you let Shorewall add all
external addresses to be use with NAT unless you have set <a
href="Documentation.htm#Aliases"> ADD_IP_ALIASES</a> =No in /etc/shorewall/shorewall.conf.</li>
</ul>
<h3>Still Having Problems?</h3>
<p>See the<a href="support.htm"> support page.</a></p>
<font face="Century Gothic, Arial, Helvetica">
<font face="Century Gothic, Arial, Helvetica">
<blockquote> </blockquote>
</font>
<p><font size="2">Last updated 11/21/2002 - Tom Eastep</font> </p>
</font>
<p><font size="2">Last updated 11/24/2002 - Tom Eastep</font> </p>
<p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
© <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font><br>
</p>
© <font size="2">2001, 2002 Thomas M. Eastep.</font></a></font><br>
</p>
<br>
<br>
</body>
</html>

2
STABLE/fallback.sh
View File

@ -28,7 +28,7 @@
# shown below. Simply run this script to revert to your prior version of
# Shoreline Firewall.
VERSION=1.3.11
VERSION=1.3.11a
usage() # $1 = exit status
{

2
STABLE/install.sh
View File

@ -54,7 +54,7 @@
# /etc/rc.d/rc.local file is modified to start the firewall.
#
VERSION=1.3.11
VERSION=1.3.11a
usage() # $1 = exit status
{

4
STABLE/shorewall.spec
View File

@ -1,5 +1,5 @@
%define name shorewall
%define version 1.3.11
%define version 1.3.11a
%define release 1
%define prefix /usr
@ -101,6 +101,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
%changelog
* Tue Dec 03 2002 Tom Eastep <tom@shorewall.net>
- Changes version to 1.3.11a
* Sun Nov 24 2002 Tom Eastep <tom@shorewall.net>
- Changes version to 1.3.11
* Sat Nov 09 2002 Tom Eastep <tom@shorewall.net>

2
STABLE/uninstall.sh
View File

@ -26,7 +26,7 @@
# You may only use this script to uninstall the version
# shown below. Simply run this script to remove Seattle Firewall
VERSION=1.3.11
VERSION=1.3.11a
usage() # $1 = exit status
{