Tom Eastep 2003-12-18 2001-2003 Thomas M. Eastep Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". 1.1 2003-12-19 TE Corrected URL for Newbies List

There are a number of sources of Shorewall information. Please try these before you post. Shorewall versions earlier that 1.3.0 are no longer supported. More than half of the questions posted on the support list have answers directly accessible from the Documentation Index The FAQ has solutions to more than 30 common problems. The Troubleshooting Information contains a number of tips to help you solve common problems. The Errata has links to download updated components. The Site and Mailing List Archives search facility can locate documents and posts about similar problems:

In this section, commands that are to be entered to a root shell on your firewall system are underlined or are shown in a box with a colored background. Please remember we only know what is posted in your message. Do not leave out any information that appears to be correct, or was mentioned in a previous post. There have been countless posts by people who were sure that some part of their configuration was correct when it actually contained a small error. We tend to be skeptics where detail is lacking. Please keep in mind that you're asking for free technical support. Any help we offer is an act of generosity, not an obligation. Try to make it easy for us to help you. Follow good, courteous practices in writing and formatting your e-mail. Provide details that we need if you expect good answers. Exact quoting of error messages, log entries, command output, and other output is better than a paraphrase or summary. Please don't describe your problem as "Computer A can't see Computer B". Of course it can't -- it hasn't any eyes! If ping from A to B fails, say so (and see below for information about reporting 'ping' problems). If Computer B doesn't show up in "Network Neighborhood" then say so. Please give details about what doesn't work. Reports that say "I followed the directions and it didn't work" will elicit sympathy but probably little in the way of help. Again -- if ping from A to B fails, say so (and see below for information about reporting 'ping' problems). If Computer B doesn't show up in "Network Neighborhood" then say so. If access by IP address works but by DNS names it doesn't then say so. Please don't describe your environment and then ask us to send you custom configuration files. We're here to answer your questions but we can't do your job for you. When reporting a problem, ALWAYS include this information: the exact version of Shorewall you are running. shorewall version the complete, exact output of ip addr show the complete, exact output of ip route show THIS IS IMPORTANT! If your problem is that some type of connection to/from or through your firewall isn't working then please perform the following four steps: If shorewall isn't running then /sbin/shorewall/start. Otherwise /sbin/shorewall reset. Try making the connection that is failing. /sbin/shorewall status > /tmp/status.txt Post the /tmp/status.txt file as an attachment (you may compress it if you like). the exact wording of any ping failure responses If you installed Shorewall using one of the QuickStart Guides, please indicate which one. As a general matter, please do not edit the diagnostic information in an attempt to conceal your IP address, netmask, nameserver addresses, domain name, etc. These aren't secrets, and concealing them often misleads us (and 80% of the time, a hacker could derive them anyway from information contained in the SMTP headers of your post). Do you see any "Shorewall" messages ("/sbin/shorewall show log") when you exercise the function that is giving you problems? If so, include the message(s) in your post along with a copy of your /etc/shorewall/interfaces file. Please include any of the Shorewall configuration files (especially the /etc/shorewall/hosts file if you have modified that file) that you think are relevant. If you include /etc/shorewall/rules, please include /etc/shorewall/policy as well (rules are meaningless unless one also knows the policies). If an error occurs when you try to "shorewall start", include a trace (See the Troubleshooting section for instructions). The list server limits posts to 120kb so don't post GIFs of your network layout, etc. to the Mailing List -- your post will be rejected. The author gratefully acknowleges that the above list was heavily plagiarized from the excellent LEAF document by Ray Olszewski found at http://leaf-project.org/pub/doc/docmanager/docid_1891.html.

A growing number of MTAs serving list subscribers are rejecting all HTML traffic. At least one MTA has gone so far as to blacklist shorewall.net "for continuous abuse" because it has been my policy to allow HTML in list posts!! I think that blocking all HTML is a Draconian way to control spam and that the ultimate losers here are not the spammers but the list subscribers whose MTAs are bouncing all shorewall.net mail. As one list subscriber wrote to me privately "These e-mail admin's need to get a (expletive deleted) life instead of trying to rid the planet of HTML based e-mail". Nevertheless, to allow subscribers to receive list posts as must as possible, I have now configured the list server at shorewall.net to convert all HTML to plain text. These converted posts are difficult to read so all of us will appreciate it if you just post in plain text to begin with.

If you run Shorewall under Bering -- please post your question or problem to the LEAF Users mailing list. If you are new to Shorewall and have a question or need help with a problem, please post to the Shorewall Newbies mailing list. If you run Shorewall under MandrakeSoft Multi Network Firewall (MNF) and you have not purchased an MNF license from MandrakeSoft then you can post non MNF-specific Shorewall questions to the Shorewall users mailing list. Do not expect to get free MNF support on the list. Otherwise, please post your question or problem to the Shorewall users mailing list. IMPORTANT: If you are not subscribed to the list, please say so -- otherwise, you will not be included in any replies.

To Subscribe to the mailing list go to https://lists.shorewall.net/mailman/listinfo/shorewall-newbies.

To Subscribe to the mailing list go to https://lists.shorewall.net/mailman/listinfo/shorewall-users.

For information on other Shorewall mailing lists, go to http://lists.shorewall.net .