shorewall_code/STABLE/documentation/support.htm
teastep 07d90b6fe4 Shorewall-1.4.6
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@672 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-21 22:06:18 +00:00

327 lines
17 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title>Shorewall Support Guide</title>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse;" width="100%" id="AutoNumber1"
bgcolor="#3366ff" height="90">
<tbody>
<tr>
<td width="100%">
<h1 align="center"><font color="#ffffff">Shorewall Support Guide<img
src="images/obrasinf.gif" alt="" width="90" height="90" align="middle">
</font></h1>
</td>
</tr>
</tbody>
</table>
<h2>Before Reporting a Problem or Asking a Question<br>
</h2>
There are a number of sources of Shorewall information. Please
try these before you post.
<ul>
<li>Shorewall versions
earlier that 1.3.0 are no longer supported.<br>
</li>
<li>More than half of the questions posted on the support
list have answers directly accessible from the <a
href="http://www.shorewall.net/shorewall_quickstart_guide.htm#Documentation">Documentation
Index</a><br>
</li>
<li>
The <a href="http://www.shorewall.net/FAQ.htm">FAQ</a>
has solutions to more than 20 common problems.
</li>
<li>
The <a href="http://www.shorewall.net/troubleshoot.htm">Troubleshooting</a>
Information contains a number of tips to
help you solve common problems. </li>
<li>
The <a href="http://www.shorewall.net/errata.htm"> Errata</a>
has links to download updated components. </li>
<li>
The Site and Mailing List Archives search facility can
locate documents and posts about similar problems:
</li>
</ul>
<h2>Site and Mailing List Archive Search</h2>
<blockquote>
<form method="post"
action="http://lists.shorewall.net/cgi-bin/htsearch"> <font size="-1"> Match:
<select name="method">
<option value="and">All </option>
<option value="or">Any </option>
<option value="boolean">Boolean </option>
</select>
Format:
<select name="format">
<option value="builtin-long">Long </option>
<option value="builtin-short">Short </option>
</select>
Sort by:
<select name="sort">
<option value="score">Score </option>
<option value="time">Time </option>
<option value="title">Title </option>
<option value="revscore">Reverse Score </option>
<option value="revtime">Reverse Time </option>
<option value="revtitle">Reverse Title </option>
</select>
</font><input type="hidden" name="config"
value="htdig"><input type="hidden" name="restrict" value=""><font
size="-1"> Include Mailing List Archives:
<select size="1" name="exclude">
<option value="">Yes</option>
<option value="[http://lists.shorewall.net/pipermail/.*]">No</option>
</select>
</font><br>
Search: <input type="text" size="30"
name="words" value=""> <input type="submit" value="Search"><br>
</form>
</blockquote>
<h2>Problem Reporting Guidelines<br>
</h2>
<ul>
<li>Please remember we only
know what is posted in your message. Do not leave out any
information that appears to be correct, or was mentioned
in a previous post. There have been countless posts by people
who were sure that some part of their configuration was correct
when it actually contained a small error. We tend to be skeptics
where detail is lacking.<br>
<br>
</li>
<li>Please keep in mind that
you're asking for <strong>free</strong> technical
support. Any help we offer is an act of generosity, not an obligation.
Try to make it easy for us to help you. Follow good, courteous
practices in writing and formatting your e-mail. Provide details
that we need if you expect good answers. <em>Exact quoting </em>
of error messages, log entries, command output, and other output is
better than a paraphrase or summary.<br>
<br>
</li>
<li>
Please don't describe your environment and then
ask us to send you custom configuration files.
We're here to answer your questions but we can't
do your job for you.<br>
<br>
</li>
<li>When reporting a problem,
<strong>ALWAYS</strong> include this information:</li>
</ul>
<ul>
<ul>
<li>the exact version of Shorewall
you are running.<br>
<br>
<b><font
color="#009900">shorewall version</font><br>
</b> <br>
</li>
</ul>
<ul>
</ul>
<ul>
<li>the complete, exact output
of<br>
<br>
<font color="#009900"><b>ip
addr show<br>
<br>
</b></font></li>
</ul>
<ul>
<li>the complete, exact output
of<br>
<br>
<font color="#009900"><b>ip
route show<br>
</b></font></li>
</ul>
<ul>
</ul>
</ul>
<ul>
<ul>
<li><big><font color="#ff0000"><u><i><big><b>THIS IS
IMPORTANT!</b></big></i></u></font><big><big><big> </big>If your problem is
that some type of connection to/from or through your firewall isn't working
then please perform the following four steps:</big></big></big><br>
<br>
1. <b><font color="#009900">/sbin/shorewall reset</font></b><br>
<br>
2. Try making the connection that is failing.<br>
<br>
3.<b><font color="#009900"> /sbin/shorewall
status &gt; /tmp/status.txt</font></b><br>
<br>
4. Post the /tmp/status.txt file as an attachment
(you may compress it if you like).<br>
<br>
</li>
<li>the exact wording of any <code
style="color: green; font-weight: bold;">ping</code> failure responses<br>
<br>
</li>
<li>If you installed Shorewall using one of the QuickStart
Guides, please indicate which one. <br>
<br>
</li>
<li><b>If you are running Shorewall under Mandrake using
the Mandrake installation of Shorewall, please say so.<br>
<br>
</b></li>
</ul>
<li>As a general matter, please <strong>do not edit the
diagnostic information</strong> in an attempt to conceal
your IP address, netmask, nameserver addresses, domain name,
etc. These aren't secrets, and concealing them often misleads us
(and 80% of the time, a hacker could derive them anyway from
information contained in the SMTP headers of your post).<br>
<br>
<strong></strong></li>
<li>Do you see any "Shorewall" messages
("<b><font color="#009900">/sbin/shorewall show log</font></b>")
when you exercise the function that is giving you problems?
If so, include the message(s) in your post along with a copy of
your /etc/shorewall/interfaces file.<br>
<br>
</li>
<li>Please include any of the Shorewall configuration
files (especially the /etc/shorewall/hosts file
if you have modified that file) that you think are
relevant. If you include /etc/shorewall/rules, please include
/etc/shorewall/policy as well (rules are meaningless unless
one also knows the policies).<br>
<br>
</li>
<li>If an error occurs when you try
to "<font color="#009900"><b>shorewall start</b></font>", include
a trace (See the <a
href="http://www.shorewall.net/troubleshoot.htm">Troubleshooting</a>
section for instructions).<br>
<br>
</li>
<li><b>The list server limits posts to 120kb
so don't post GIFs of your network
layout, etc. to the Mailing List -- your post will be
rejected.</b></li>
</ul>
<blockquote> The author gratefully acknowleges that the above list was
heavily plagiarized from the excellent LEAF document by <i>Ray</i>
<em>Olszewski</em> found at <a
href="http://leaf-project.org/pub/doc/docmanager/docid_1891.html">http://leaf-project.org/pub/doc/docmanager/docid_1891.html</a>.<br>
</blockquote>
<h2>When using the mailing list, please post in plain text</h2>
<blockquote> A growing number of MTAs serving list subscribers are
rejecting all HTML traffic. At least one MTA has gone so far as to
blacklist shorewall.net "for continuous abuse" because it has been
my policy to allow HTML in list posts!!<br>
<br>
I think that blocking all
HTML is a Draconian way to control spam and that the ultimate
losers here are not the spammers but the list subscribers
whose MTAs are bouncing all shorewall.net mail. As one list
subscriber wrote to me privately "These e-mail admin's need
to get a <i>(expletive deleted)</i> life instead of trying to
rid the planet of HTML based e-mail". Nevertheless, to allow
subscribers to receive list posts as must as possible, I have now
configured the list server at shorewall.net to strip all HTML from
outgoing posts.<br>
<br>
<big><font color="#cc0000"><b>If you run your own outgoing mail server
and it doesn't have a valid DNS PTR record, your email won't reach the
lists unless/until the postmaster notices that your posts are being rejected.
To avoid this problem, you should configure your MTA to forward posts to
shorewall.net through an MTA that <u>does</u> have a valid PTR record (such
as the one at your ISP). </b></font></big><br>
</blockquote>
<h2>Where to Send your Problem Report or to Ask for Help</h2>
<blockquote>
<h4>If you run Shorewall under Bering -- <span
style="font-weight: 400;">please post your question or problem
to the <a
href="mailto:leaf-user@lists.sourceforge.net">LEAF Users mailing
list</a>.</span></h4>
<b>If you run Shorewall under
MandrakeSoft Multi Network Firewall (MNF) and you have
not purchased an MNF license from MandrakeSoft then you can
post non MNF-specific Shorewall questions to the </b><a
href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing
list</a>. <b>Do not expect to get free MNF support on the list</b>
<p>Otherwise, please post your question or problem to the <a
href="mailto:shorewall-users@lists.shorewall.net">Shorewall users mailing
list</a> .</p>
<p> To Subscribe to the mailing list go to <a
href="http://lists.shorewall.net/mailman/listinfo/shorewall-users">http://lists.shorewall.net/mailman/listinfo/shorewall-users</a>
.<br>
</p>
</blockquote>
<p>For information on other Shorewall mailing lists, go to <a
href="http://lists.shorewall.net">http://lists.shorewall.net</a><br>
</p>
<p align="left"><font size="2">Last Updated 7/9/2003 - Tom Eastep</font></p>
<p align="left"><font face="Trebuchet MS"><a href="copyright.htm"> <font
size="2">Copyright</font> <20> <font size="2">2001, 2002, 2003 Thomas M. Eastep.</font></a></font><br>
</p>
<br>
</body>
</html>