Jason Allen <[EMAIL PROTECTED]> writes: > Raylund Lai wrote: > > > mnf stores the rules on its own backend configuration files. On > > apply/restart/reboot the configuration files will be read and overwrite > > the shorewall rules file. I think if you notice that the header of the > > shorewall rule file already warn you about that. > > > > Cheers > > Raylund > > > I do know mnf stores the rules in /var/lib/naat in the configuration > files, but my problem is is that something seems corrupted. If I do a > "clear" from the gui, or command line shorewall clear it will not actually > clear the rules. As soon as I go back to the rules page, all the rules > are still there. Most of the time the firewall doesn't load correctly, > and all traffic is blocked, so I end up doing a 'service shorewall stop' > to allow traffic while I continue testing but it seems as I'm at the end > of my rope. Is any surefire way to clear the rules and start from scratch? > > Jason
The service restart command actually firew shorewall check and then shorewall restart. So, if there is a problem ... the check will (hopefuly) fail and then the restart is not done ... In this way you will not loose the connection to the firewall ... assuming that this can be very enoying if the firewall is far away. Now, if you use my latest packages you can go to the Services->Summary->shorewall->Details and will see the result of shorewall status AND shorewall check. By the end of the output you can check that the configuration is "Validated" or not ... simply go up ... and check out what the error is. The other solution is to login through ssh, become root and fire shorewall check ... and verify the output .. then fix the syntax problems ... > > > > ----- Original Message ----- From: "Jason Allen" <[EMAIL PROTECTED]> > > To: <[email protected]> > > Sent: Thursday, December 23, 2004 11:40 AM > > Subject: Re: [Security Firewall] MNF Configuration questions > > > > > >> Another rules question. > >> > >> The web interface is not reading my /etc/shorewall/rules file > >> correctly. Even if I make a change in that file, when I go to the rules > >> section it doesn't display properly. It shows me what it previously > >> had, and doesn't show any of the changes. How can I get it so the > >> interface shows me the actual rules from the rules file? > >> > >> Jason > >> > >> Jason Allen wrote: > >> > >>> Ok I have the box up and running, next question... rules. > >>> When you go to add custom rule, in the client and server there is a > >>> field for "interface,IP or Subnet" .... I'd like to add a rule that > >>> applies to multiple IP addresses in a row i.e. 120.x.x.20 - > >>> 120.x.x.25. What's the syntax for entering that into the box so MNF > >>> will read it and apply the rules correctly? > >>> > >>> Jason > >>> > >>> Florin wrote: > >>> > >>>> http://shorewall.net/shorewall_setup_guide.htm#Routed > >>>> > >>>> > >>>> > >>>>> Jason Allen <[EMAIL PROTECTED]> writes: > >>>>> > >>>> > >>>> > >>>> > >>>> > >>>>> OK guys MNF Setup questions. Hopefully someone can help. I have a > >>>>> machine w/ 2 nics and the newest MNF beta2 installed on it. My WAN > >>>>> interface eth0 is configured at let's say 120.x.x.25 (fake address > >>>>> used > >>>>> for an example) and my LAN interface eth1 is configured at 130.x.x.1. > >>>>> This has to be this way due to a "front-porch" setup of our > >>>>> network. Now > >>>>> we have a pretty big network behind the 130.x.x.x network, > >>>>> everything is > >>>>> all set, but the 130.x.x.1 has to be the gateway that machines on > >>>>> the LAN > >>>>> use. How can I route all traffic from 130.x.x.x (LAN) to 120.x.x.25 > >>>>> (WAN) > >>>>> and out while keeping the routability of the addresses behind the > >>>>> LAN? > >>>>> What I mean is we have routable addresses on the LAN, so say I start > >>>>> an > >>>>> ssh session to a machine out in the world. I don't want the machine > >>>>> to > >>>>> see a connection coming from a standard source address, I need it to > >>>>> see > >>>>> the actual IP of that machine (we have a network based billing > >>>>> system). > >>>>> How can I route traffic from eth0 (LAN) to eth1 (WAN) (and vice > >>>>> versa for > >>>>> connections coming from the outside world) successfully via MNF? A > >>>>> Static > >>>>> route? Something different? A Masqerade rule would be something for > >>>>> private addresses like 192.168.x.x but I don't think that would keep > >>>>> the > >>>>> routability in tact (am I correct on that?). Once that is done, I > >>>>> can get > >>>>> all the rules in place. > >>>>> > >>>>> Can someone help me make this happen? Does it have to be hard-coded > >>>>> in > >>>>> config files? It's kind of a short time scale as the higher-ups > >>>>> would > >>>>> like to get this working tomorrow morning, and I'm just not seeing > >>>>> how to > >>>>> make it happen. Thanks in advance, > >>>>> > >>>>> Jason my 2 cts, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
