"Mitchell, Neill" <[EMAIL PROTECTED]> writes: > Hmmm. You can't add rules to a disconnected interface either e.g. DMZ > without shorewall going bang. This is a real show stopper for me. If you > can't configure a firewall before installing it into the final network then > that's a real serious problem. > This didn't use to happen with MNF 1. I think the link state detection is > being a bit over zealous now. > > Cheers. >
this has been already discussed here several times. Have you tried the MII_NOT_SUPPORTED=yes options in the /etc/sysconfig/network-scripts/ifcfg-ethX files ? > _____ > > From: Mitchell, Neill [mailto:[EMAIL PROTECTED] > Sent: 26 January 2005 15:53 > To: '[email protected]' > Subject: RE: [Security Firewall] Cannot access firewall after adding masq > entries > > > Looks like I've have cracked it. As I suspected, if the interface is not > plugged in then shorewall fails as it thinks the interface is not up. I > plugged eth2 into a hub and it started working. Shorewall will fail if ANY > of the masq interfaces are disconnected. This is not an ideal solution. You > should be able to configure and test a firewall before deploying it. This > problem prevents this. > > Any ideas Florin/anybody? > > Cheers. > > _____ > > From: Doug White [mailto:[EMAIL PROTECTED] > Sent: 26 January 2005 15:44 > To: [email protected] > Subject: Re: [Security Firewall] Cannot access firewall after adding masq > entries > > > Mitchell: > > I haven't been able to get masq to work either but I know how to get you > back running: > > Go to the physical box: > Log in as a user or admin > su > edit /etc/shorewall/masq (vi /etc/shorewall/masq) > delete the two lines you added > save and exit > type: shorewall restart > it should run. > > > Now you should be able to get into the firewall. Go to the masq section and > delete the two entries there then apply. This will get you back to square > one. > > I have had no luck with the DHCP or the MASQ sections. Nothing seems to > work and I have spent about 10 hours on it. I still have to static NAT > everything and use a separate DHCP server. Perhaps Florin or someone will > write a tutorial on how to set up a dhcp network. > > Good Luck > > Mitchell, Neill wrote: > > > Hi there. > > Running MNF Beta 2 with latest naat rpms from florin's site. Everything was > running fine until I added two masquerade entries and hit apply. I then lost > the ability to web admin the firewall. I get a timeout when connecting to > it. The entries I added were: > > eth2:0.0.0.0/0 eth0 > eth2:0.0.0.0/0 eth1 > > eth0 is my LAN, eth1 is my DMZ and eth2 is the WAN. I've checked the masq > file and it contains the above entries. I have no custom rules. I have > compared all the shorewall files with my MNF 1 firewall ones and I just > can't see anything wrong. Nothing in the logs to indicate a problem. I have > not hacked any files manually. > > Any ideas? > > Many thanks > > _____ > > From: Administrador do Firewall [mailto:[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> ] > Sent: 26 January 2005 13:31 > To: [email protected] > <mailto:[email protected]> > Subject: Re: [Security Firewall] MNF2 beta is the last one? > > > I need to install a MNF2 now, so how dificult will be to update de beta2 to > beta3/final? > > Florin escreveu: > > Administrador do Firewall <mailto:[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > writes: > > > > > > Is the MNF2 beta2 the last one? > > We will have a beta3 or the next one is the final one? > > > > > > a new beta3 iso image will be available very soon ... and THEN the final > > one. > > > > my 2cts, > > > > > _____ > > > ____________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com <http://www.mandrakestore.com> > > Join the Club : http://www.mandrakeclub.com <http://www.mandrakeclub.com> > > ____________________________________________________ > > > > > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco delivered > through the MessageLabs Virus Scanning Service. For further infomation visit > http://www.minuco.com <http://www.minuco.com> or alternatively mail > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> . > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco delivered > through the MessageLabs Virus Scanning Service. For further infomation visit > http://www.minuco.com <http://www.minuco.com> or alternatively mail > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> . > > Minuco corporate logo > <http://ce.insight.messagelabs.com/ce10/content/viewer/136318415/178546436/1 > 78546437/178546438.jpg> > > > <http://at.insight.messagelabs.com/at10/echo2/to/linux-mandrake.com/from/min > uco.com/ignore?> > > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco delivered > through the MessageLabs Virus Scanning Service. For further infomation visit > http://www.minuco.com or alternatively mail [EMAIL PROTECTED] > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco delivered > through the MessageLabs Virus Scanning Service. For further infomation visit > http://www.minuco.com or alternatively mail [EMAIL PROTECTED] > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco delivered > through the MessageLabs Virus Scanning Service. For further infomation visit > http://www.minuco.com or alternatively mail [EMAIL PROTECTED] > > > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco delivered > through the MessageLabs Virus Scanning Service. For further infomation visit > http://www.minuco.com or alternatively mail [EMAIL PROTECTED] -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
