Re: [Partial Solution] Re: Can't run shorewall with kernel 2.6.20.2
On Thu, 15 Mar 2007 08:51:07 -0400 "Roberto C. Sanchez" <[EMAIL PROTECTED]> wrote: > On Tue, Mar 13, 2007 at 10:28:04AM +0200, Micha Feigin wrote: > > On Mon, 12 Mar 2007 18:59:29 -0400 > > "Roberto C. Sanchez" <[EMAIL PROTECTED]> wrote: > > > > > On Mon, Mar 12, 2007 at 09:00:06AM +0200, Micha Feigin wrote: > > > > > > > > That helped a bit. It appears that shorewall requires Ipv4 connection > > > > tracking enabled. Now shorewall comes up and seems to work except that > > > > dns requests from the firewall fail when it is enabled. (I can ping out > > > > by address but not by name) > > > > > > > > > > What are the contents of /etc/shorewall/policy? > > > > > > > $FW all ACCEPT - > > net $FW DROPinfo > > all all DROPinfo > > > > I then add specific incoming ports in /etc/shorewall/rules > > > And when you say "DNS requests from the firewall" you mean for actual > applications running on the firewall box itself? Not something else > behind the firewall? > The firewall is running on a laptop connecting to a local gateway. The was a problem pinging from the laptop to the gateway when the firewall was up. I tried several reboots which didn't solve the problem, but seems to began working now without me noticing, so I think I will accept the situation and not try to fix what's not broken Thanks for the help > Regards, > > -Roberto > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [Partial Solution] Re: Can't run shorewall with kernel 2.6.20.2
On Tue, Mar 13, 2007 at 10:28:04AM +0200, Micha Feigin wrote: > On Mon, 12 Mar 2007 18:59:29 -0400 > "Roberto C. Sanchez" <[EMAIL PROTECTED]> wrote: > > > On Mon, Mar 12, 2007 at 09:00:06AM +0200, Micha Feigin wrote: > > > > > > That helped a bit. It appears that shorewall requires Ipv4 connection > > > tracking enabled. Now shorewall comes up and seems to work except that dns > > > requests from the firewall fail when it is enabled. (I can ping out by > > > address but not by name) > > > > > > > What are the contents of /etc/shorewall/policy? > > > > $FW all ACCEPT - > net $FW DROPinfo > all all DROPinfo > > I then add specific incoming ports in /etc/shorewall/rules > And when you say "DNS requests from the firewall" you mean for actual applications running on the firewall box itself? Not something else behind the firewall? Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: [Partial Solution] Re: Can't run shorewall with kernel 2.6.20.2
On Mon, 12 Mar 2007 18:59:29 -0400 "Roberto C. Sanchez" <[EMAIL PROTECTED]> wrote: > On Mon, Mar 12, 2007 at 09:00:06AM +0200, Micha Feigin wrote: > > > > That helped a bit. It appears that shorewall requires Ipv4 connection > > tracking enabled. Now shorewall comes up and seems to work except that dns > > requests from the firewall fail when it is enabled. (I can ping out by > > address but not by name) > > > > What are the contents of /etc/shorewall/policy? > $FW all ACCEPT - net $FW DROPinfo all all DROPinfo I then add specific incoming ports in /etc/shorewall/rules > Regards, > > -Roberto -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [Partial Solution] Re: Can't run shorewall with kernel 2.6.20.2
On Mon, Mar 12, 2007 at 09:00:06AM +0200, Micha Feigin wrote: > > That helped a bit. It appears that shorewall requires Ipv4 connection tracking > enabled. Now shorewall comes up and seems to work except that dns requests > from > the firewall fail when it is enabled. (I can ping out by address but not by > name) > What are the contents of /etc/shorewall/policy? Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
[Partial Solution] Re: Can't run shorewall with kernel 2.6.20.2
On Sat, 10 Mar 2007 18:05:00 -0500 "Roberto C. Sanchez" <[EMAIL PROTECTED]> wrote: > On Sun, Mar 11, 2007 at 12:21:09AM +0200, Micha Feigin wrote: > > > > > > distribution of Debian > > > > Debian unstable > > > > > version of shorewall > > > > 3.2.9-1 > > > > > version of iptables > > > > 1.3.6.0debian1-5 > > > > > method by which kernel was built > > > > Vanilla kernel + software suspend + dsdt fixes (debian doesn't have 2.6.20.2 > > yet) > > > I would start by checking the recent messages on the shorewall-users > list. I seem to recall Tom Eastep mentioning some issues with 2.6.20 in > relation to another user's mail. If it is not in the archives, then try > following the directions here: http://shorewall.net/support.htm > That helped a bit. It appears that shorewall requires Ipv4 connection tracking enabled. Now shorewall comes up and seems to work except that dns requests from the firewall fail when it is enabled. (I can ping out by address but not by name) > Regards, > > -Roberto > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]