Using Mandrake 9.0 and Shorewall 1.3.8
First of all let me specify that since I had trouble seting up the firewall and the Internet connection sharing using Mandrake Control Center and the wizards I decided to do it all manually. Attached you will find my configuration files which I beleive demonstrated the problem.
My PC has two or three NIC:
- eth0 connected to my cable modem.
- eth1 connected to my hub.
- usb0 connected to my Zaurus, this interface is not permanent, it is there when the Zaurus is turn on and plug in the PC through a USB port. But as soon as you un-plug the Zaurus the interface disapear.
It was all working fine until I decided to connect my PDA (SHARP Zaurus SL-5500) on the network using usbdnet. Initially it worked fine but I eventually removed my PDA from the docking station and turned off the PC. Next time I booted the PC Shorewall failed with this error:
-------------------- Shorewall restart ouput START ---------------------
[root@hydrogen shorewall]# service shorewall restart
Processing /etc/shorewall/shorewall.conf ...
Processing /etc/shorewall/params ...
Shorewall Not Currently Running
Starting Shorewall...
Loading Modules...
Initializing...
Determining Zones...
Zones: net loc zaurus
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: eth0:0.0.0.0/0
Local Zone: eth1:0.0.0.0/0
Zaurus Zone: usb0:0.0.0.0/0
Deleting user chains...
Creating input Chains...
Configuring Proxy ARP
Setting up NAT...
Adding Common Rules
Adding rules for DHCP
Enabling RFC1918 Filtering
Setting up Blacklisting...
Blacklisting enabled on eth0
Setting up Kernel Route Filtering...
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/rules...
Rule "ACCEPT fw net tcp 53" added.
Rule "ACCEPT fw net udp 53" added.
Rule "ACCEPT loc fw tcp 53" added.
Rule "ACCEPT loc fw udp 53" added.
Rule "ACCEPT zaurus fw tcp 53" added.
Rule "ACCEPT zaurus fw udp 53" added.
Rule "ACCEPT loc fw tcp 22" added.
Rule "ACCEPT zaurus fw tcp 22" added.
Rule "ACCEPT net fw tcp 22,443,10000" added.
Rule "DROP net fw tcp 113,135" added.
Setting up ICMP Echo handling...
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy DROP for net to fw using chain net2all
Policy ACCEPT for loc to fw using chain all2all
Policy ACCEPT for loc to net using chain loc2net
Policy ACCEPT for zaurus to fw using chain all2all
Policy ACCEPT for zaurus to net using chain zaurus2net
Masqueraded Subnets and Hosts:
To 0.0.0.0/0 from eth1 through eth0
Device "usb0" does not exist.
/sbin/service: line 148: 23899 Terminated $debug $servicedir/$service $options
-------------------- Shorewall restart ouput END ---------------------
Shorewall complains about a inexistent usb0 device!?!? Well of course since my Zarus was not connected ?!?! It failed leaving my system wide open ?!? That is not good....
Does any body know of a way to configure an optional interface in Shorewall, or would you have anyother idea to prevent Shorewall from failing if an interface does not exists?
Thanks.
/Sebast.
shorewall-conf_broken.tgz
Description: Binary data
msg60047/pgp00000.pgp
Description: PGP signature
