From: lee <l...@yun.yagibdah.d.> Date: Sat, 30 Oct 2010 17:09:36 +0200 > Shorewall usually doesn't start when you refer to zones that aren't > defined.
The real configuration of Shorewall didn't have the error. The error was in NetworksPage. Months ago when I changed the name of the zone I failed to revise NetworksPage properly. > According to [[http://carnot.yi.org/NetworksPage.html]], eth0 is > the net zone, and there are four > interfaces for the loc zone. You're masquerading eth0, which is the > net zone, and none of the of local zones: ... I've revised the /etc/shorewall/masq section of NetworksPage according to the real life. Reference manual page shorewall-masq(5) INTERFACE - {[+]interfacelist[:[digit]][:[address[,address]...[exclusion]]|COMMENT} Outgoing interfacelist. ... ... SOURCE (Formerly called SUBNET) - {interface[:exclusion]|address[,address][exclusion]} Set of hosts that you wish to masquerade. /etc/shorewall/masq, "eth0 172.24.0.0/16" means that subnets 172.24.0.0/16 are hidden behind eth0; not that eth0 is behind 172.24.0.0. > ... not gona work. Masquerading has worked for years. Cantor & Heaviside are my workstations. If either loses connectivity I notice! NetworksPage also has a new section for /etc/udev/rules.d/70-persistent-net.rules. Interfaces are named according to the adapter serial number which is easily read by a human. Also, all interfaces LocN are covered by one line in /etc/shorewall/interfaces. > Keep things simple. Absolutely. Preceeding paragraph is an example. I'll tackle remaining errors as time is available. Thanks for the commentary, ... Peter E. -- Telephone 1 360 450 2132. 7785886232 is gone. Shop pages http://carnot.yi.org/ accessible as long as the old drives survive; installation of NetBSD on new drives pending. Personal pages, http://members.shaw.ca/peasthope/ . -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/171056671.51650.389...@heaviside.invalid