Bret Baptist <[EMAIL PROTECTED]> writes: > > > When watching the firewall boot I noticed that the nework interfaces are > > > brought up and then shorewall is started, should this order be reversed? > > > Or is this a limitation of shorewall? > > > > yes, we have noticed that if the interface is not up then shorewall fails > > ... > > > > When the interface is brought up initialy does it have the full IP address > and > routes? Are there any firewalls rules in place at all?
nope ... because this might stop you from connecting to the internet ... but you have /etc/init.d/iptables and you can configure /etc/sysconfig/iptables if you feel paranoid about this (I did it on my firewalls :o) ) > > > Why is samba-server a requirment for the mnf-en virtual package? Do we > > > *need* samba server to run the firewall? > > > > no, we don't really need that ... except if one enables the WINS part for > > pptp. > > > > So this requirement will be dropped from the mnf-en virtual package than? nope ... that package simply make sure to have anything installed: anything you might need for the web interface setup ... > > > With a fresh default install of MNF2 I get these errors in my syslog, > > > "postfix/postdrop[6094]: warning: unable to look up public/pickup: No > > > such file or directory". > > > > I'll check that next week when I'll test new installs .. > > > > OK, let me know when we have a new iso to install from and I will do testing > for you. cool ... you will have one at the begining of the next week ... > > > When you add an ipsec tunnel in the Firewall --> Tunnels/Netmap section, > > > it creates rules that require the source port to be 500. On some clients > > > this is not always the case, for example the SmartNet brand IPSEC clients > > > do not connect with a source port of 500. Could we remove the spt=500 > > > part of the rule? > > > > this comes from the shorewall internals ... simply use generic:udp:444 > > instead, for example, if you want ... > > > > I am not sure what you are trying to say here. Would it be possible to > change > the shorewall internals in this case? This is a pretty silly requirement > that doesn't take into account setting up an IPSEC tunnel with many Windows > clents out there. it's not the case if you create tunnels as I said, using the generic statement: see http://shorewall.net/Documentation.htm#Tunnels for more details > I must say that with the current state of MNF2 everything appears to work > better than MNF ever did. yes, I think so aswell ... many parts can still be improved but ... hey, one also needs some patience :o) have a nice day, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
