if it's hotplug that does the zaurus usb stuff can you get to run a script on disconnect that will remove the interface from the shorewall config?
bascule On Friday 18 Oct 2002 5:26 am, Sebastien Routier wrote: > Hi, > > Using Mandrake 9.0 and Shorewall 1.3.8 > > First of all let me specify that since I had trouble seting up the > firewall and the Internet connection sharing using Mandrake Control > Center and the wizards I decided to do it all manually. Attached you > will find my configuration files which I beleive demonstrated the problem. > > My PC has two or three NIC: > - eth0 connected to my cable modem. > - eth1 connected to my hub. > - usb0 connected to my Zaurus, this interface is not permanent, it is > there when the Zaurus is turn on and plug in the PC through a USB port. > But as soon as you un-plug the Zaurus the interface disapear. > > It was all working fine until I decided to connect my PDA (SHARP Zaurus > SL-5500) on the network using usbdnet. Initially it worked fine but I > eventually removed my PDA from the docking station and turned off the > PC. Next time I booted the PC Shorewall failed with this error: > > -------------------- Shorewall restart ouput START --------------------- > [root@hydrogen shorewall]# service shorewall restart > Processing /etc/shorewall/shorewall.conf ... > Processing /etc/shorewall/params ... > Shorewall Not Currently Running > Starting Shorewall... > Loading Modules... > Initializing... > Determining Zones... > Zones: net loc zaurus > Validating interfaces file... > Validating hosts file... > Validating Policy file... > Determining Hosts in Zones... > Net Zone: eth0:0.0.0.0/0 > Local Zone: eth1:0.0.0.0/0 > Zaurus Zone: usb0:0.0.0.0/0 > Deleting user chains... > Creating input Chains... > Configuring Proxy ARP > Setting up NAT... > Adding Common Rules > Adding rules for DHCP > Enabling RFC1918 Filtering > Setting up Blacklisting... > Blacklisting enabled on eth0 > Setting up Kernel Route Filtering... > IP Forwarding Enabled > Processing /etc/shorewall/tunnels... > Processing /etc/shorewall/rules... > Rule "ACCEPT fw net tcp 53" added. > Rule "ACCEPT fw net udp 53" added. > Rule "ACCEPT loc fw tcp 53" added. > Rule "ACCEPT loc fw udp 53" added. > Rule "ACCEPT zaurus fw tcp 53" added. > Rule "ACCEPT zaurus fw udp 53" added. > Rule "ACCEPT loc fw tcp 22" added. > Rule "ACCEPT zaurus fw tcp 22" added. > Rule "ACCEPT net fw tcp 22,443,10000" added. > Rule "DROP net fw tcp 113,135" added. > Setting up ICMP Echo handling... > Processing /etc/shorewall/policy... > Policy ACCEPT for fw to net using chain fw2net > Policy DROP for net to fw using chain net2all > Policy ACCEPT for loc to fw using chain all2all > Policy ACCEPT for loc to net using chain loc2net > Policy ACCEPT for zaurus to fw using chain all2all > Policy ACCEPT for zaurus to net using chain zaurus2net > Masqueraded Subnets and Hosts: > To 0.0.0.0/0 from eth1 through eth0 > Device "usb0" does not exist. > /sbin/service: line 148: 23899 Terminated $debug > $servicedir/$service $options > -------------------- Shorewall restart ouput END --------------------- > > Shorewall complains about a inexistent usb0 device!?!? Well of course > since my Zarus was not connected ?!?! It failed leaving my system wide > open ?!? That is not good.... > > Does any body know of a way to configure an optional interface in > Shorewall, or would you have anyother idea to prevent Shorewall from > failing if an interface does not exists? > > Thanks. > /Sebast. -- "Prostetnic Vogon Jeltz smiled very slowly. This was done not so much for effect as because he was trying to remember the sequence of muscle movements. "
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
