Here are some of the results of the testing I have done on MNF2. These are all tested against Florin's latest packages dated Jan 04 2005.
You should not be able to specify a port number when selecting 'all' for a Protocol under Firewall --> Rules --> Add Rule. Shorewall will not start, it says "Error: Port number not allowed with protocol "all"; rule: "ACCEPT lan vpn all 0:65535 - -"" When you add a host to the Firewall --> Zones Interfaces --> Hosts Configuration section there are a bunch of options available to select, ie routeback, maclist, ... When you edit a host in the same section you are only able to select routestopped as an option, which is not even an option when adding a new Host. When you add a host to the Firewall --> Zones Interfaces --> Hosts Configuration section it says that you can select '+' for the interface to not associate a particular interface to a zone, but shorewall doesn't like this at all, it says "Error: Unknown interface (+) in record "vpn +:0.0.0.0/0 "" You can only select a log level of "info" for rules now, is this intentional? When watching the firewall boot I noticed that the nework interfaces are brought up and then shorewall is started, should this order be reversed? Or is this a limitation of shorewall? Why is samba-server a requirment for the mnf-en virtual package? Do we *need* samba server to run the firewall? With a fresh default install of MNF2 I get these errors in my syslog, "postfix/postdrop[6094]: warning: unable to look up public/pickup: No such file or directory". When you add an ipsec tunnel in the Firewall --> Tunnels/Netmap section, it creates rules that require the source port to be 500. On some clients this is not always the case, for example the SmartNet brand IPSEC clients do not connect with a source port of 500. Could we remove the spt=500 part of the rule? Not bugs, but ideas: Is there anyway to have the web interface display the Warnings and Errors from the shorewall check we do after you hit Apply? For example when adding a rule that has 'all' for the Protolcol, shorewall warns you that this is really a Policy and should be in the policy file instead, handy info to be displayed in the web interface. It would also be very nice to have it display the Error so you know what you did wrong without having to go to Services --> Summary --> shorewall --> Details. Would it be possible to have a summary screen when you edit something that says, he is your previous configuration line, and here is what you are changing that configuration to. This way when you make changes you can see clearly what changes are being made. Thank you again for all your hard work on this. -- Bret Baptist Systems and Technical Support Specialist [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 x17 Web Development-Web Marketing-ISP Services ------------------------------------------ Today is the tomorrow you worried about yesterday.
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
