Shorewall Support Guide
|
Before Reporting a Problem or Asking a Question
There are a number
of sources of Shorewall information. Please try these before you
post.
- More than half of the questions
posted on the support list have answers directly accessible from
the Documentation
Index
- The
FAQ has solutions to more than 20 common
problems.
- The Troubleshooting Information contains
a number of tips to help you solve common problems.
- The Errata has links to download updated
components.
- The Site and
Mailing List Archives search facility can locate documents and
posts about similar problems:
Site and Mailing List Archive Search
Problem Reporting Guidelines
- Please remember we only know what is posted
in your message. Do not leave out any information that appears
to be correct, or was mentioned in a previous post. There have
been countless posts by people who were sure that some part of
their configuration was correct when it actually contained a small
error. We tend to be skeptics where detail is lacking.
- Please keep in mind that you're asking
for free technical support. Any help we
offer is an act of generosity, not an obligation. Try to make it
easy for us to help you. Follow good, courteous practices in writing
and formatting your e-mail. Provide details that we need if you expect
good answers. Exact quoting of error messages, log entries,
command output, and other output is better than a paraphrase or summary.
- Please
don't describe your environment and then ask us to send
you custom configuration files. We're here to answer
your questions but we can't do your job for you.
- When reporting a problem, ALWAYS
include this information:
- the exact version of Shorewall you are
running.
shorewall version
- the exact kernel version you are running
uname -a
- the complete, exact output of
ip addr show
- the complete, exact output of
ip route show
- If your kernel is modularized, the exact
output from
lsmod
- If you are having connection
problems of any kind then:
1. /sbin/shorewall/reset
2. Try the connection that is failing.
3. /sbin/shorewall status >
/tmp/status.txt
4. Post the /tmp/status.txt file as an attachment.
- the exact wording of any
ping
failure responses
- If you installed Shorewall using one of the QuickStart Guides,
please indicate which one.
- If you are running Shorewall under Mandrake using the Mandrake
installation of Shorewall, please say so.
- As a
general matter, please do not edit the diagnostic information
in an attempt to conceal your IP address, netmask, nameserver
addresses, domain name, etc. These aren't secrets, and concealing
them often misleads us (and 80% of the time, a hacker could derive them
anyway from information contained in the SMTP headers of your post).
- Do you see any "Shorewall" messages ("/sbin/shorewall show log") when
you exercise the function that is giving you problems? If so, include
the message(s) in your post along with a copy of your /etc/shorewall/interfaces
file.
- Please include any of the Shorewall configuration files
(especially the /etc/shorewall/hosts file if you have
modified that file) that you think are relevant. If
you include /etc/shorewall/rules, please include /etc/shorewall/policy
as well (rules are meaningless unless one also knows the policies).
- If an error occurs when you try to "shorewall start", include a trace
(See the Troubleshooting section for
instructions).
- The list server limits posts to 120kb so don't post
GIFs of your network layout, etc. to the Mailing
List -- your post will be rejected.
The author gratefully acknowleges that the above list was
heavily plagiarized from the excellent LEAF document by Ray
Olszewski found at http://leaf-project.org/pub/doc/docmanager/docid_1891.html.
When using the mailing list, please post in plain text
A growing number of MTAs serving list subscribers are
rejecting all HTML traffic. At least one MTA has gone so far as to
blacklist shorewall.net "for continuous abuse" because it has been
my policy to allow HTML in list posts!!
I think that blocking all HTML is a Draconian
way to control spam and that the ultimate losers here are not
the spammers but the list subscribers whose MTAs are bouncing
all shorewall.net mail. As one list subscriber wrote to me privately
"These e-mail admin's need to get a (expletive deleted) life
instead of trying to rid the planet of HTML based e-mail". Nevertheless,
to allow subscribers to receive list posts as must as possible, I
have now configured the list server at shorewall.net to strip all HTML
from outgoing posts.
Where to Send your Problem Report or to Ask for Help
If you run Shorewall under Bering -- please post your question or problem
to the LEAF
Users mailing list.
If you run Shorewall under MandrakeSoft
Multi Network Firewall (MNF) and you have not purchased an MNF
license from MandrakeSoft then you can post non MNF-specific Shorewall
questions to the Shorewall users mailing
list or the Shorewall Support
Forum. Do not expect to get free MNF support on the list or forum.
Otherwise, please post your question or problem to the Shorewall users mailing
list or to the Shorewall Support
Forum.
To Subscribe to the mailing list go to http://lists.shorewall.net/mailman/listinfo/shorewall-users
.
For information on other Shorewall mailing lists, go to http://lists.shorewall.net/mailing_list.htm
Last Updated 4/10/2003 - Tom Eastep
Copyright © 2001, 2002, 2003 Thomas M. Eastep.