Florin wrote:
Florin,"Mitchell, Neill" <[EMAIL PROTECTED]> writes:
Hmmm. You can't add rules to a disconnected interface either e.g. DMZ without shorewall going bang. This is a real show stopper for me. If you can't configure a firewall before installing it into the final network then that's a real serious problem. This didn't use to happen with MNF 1. I think the link state detection is being a bit over zealous now.
Cheers.
this has been already discussed here several times. Have you tried the MII_NOT_SUPPORTED=yes options in the /etc/sysconfig/network-scripts/ifcfg-ethX files ?
_____
From: Mitchell, Neill [mailto:[EMAIL PROTECTED] Sent: 26 January 2005 15:53
To: '[email protected]'
Subject: RE: [Security Firewall] Cannot access firewall after adding masq
entries
Looks like I've have cracked it. As I suspected, if the interface is not plugged in then shorewall fails as it thinks the interface is not up. I plugged eth2 into a hub and it started working. Shorewall will fail if ANY of the masq interfaces are disconnected. This is not an ideal solution. You should be able to configure and test a firewall before deploying it. This problem prevents this.
Any ideas Florin/anybody?
Cheers.
_____
From: Doug White [mailto:[EMAIL PROTECTED] Sent: 26 January 2005 15:44
To: [email protected]
Subject: Re: [Security Firewall] Cannot access firewall after adding masq
entries
Mitchell:
I haven't been able to get masq to work either but I know how to get you back running:
Go to the physical box: Log in as a user or admin su edit /etc/shorewall/masq (vi /etc/shorewall/masq) delete the two lines you added save and exit type: shorewall restart it should run.
Now you should be able to get into the firewall. Go to the masq section and
delete the two entries there then apply. This will get you back to square
one.
I have had no luck with the DHCP or the MASQ sections. Nothing seems to work and I have spent about 10 hours on it. I still have to static NAT everything and use a separate DHCP server. Perhaps Florin or someone will write a tutorial on how to set up a dhcp network.
Good Luck
Mitchell, Neill wrote:
Hi there.
Running MNF Beta 2 with latest naat rpms from florin's site. Everything was running fine until I added two masquerade entries and hit apply. I then lost the ability to web admin the firewall. I get a timeout when connecting to it. The entries I added were:
eth2:0.0.0.0/0 eth0 eth2:0.0.0.0/0 eth1
eth0 is my LAN, eth1 is my DMZ and eth2 is the WAN. I've checked the masq file and it contains the above entries. I have no custom rules. I have compared all the shorewall files with my MNF 1 firewall ones and I just can't see anything wrong. Nothing in the logs to indicate a problem. I have not hacked any files manually.
Any ideas?
Many thanks
_____
From: Administrador do Firewall [mailto:[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ] Sent: 26 January 2005 13:31
To: [email protected]
<mailto:[email protected]> Subject: Re: [Security Firewall] MNF2 beta is the last one?
I need to install a MNF2 now, so how dificult will be to update de beta2 to beta3/final?
Florin escreveu:
Administrador do Firewall <mailto:[EMAIL PROTECTED]> <[EMAIL PROTECTED]> writes:
Is the MNF2 beta2 the last one?
We will have a beta3 or the next one is the final one?
a new beta3 iso image will be available very soon ... and THEN the final
one.
my 2cts,
_____
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com <http://www.mandrakestore.com>
Join the Club : http://www.mandrakeclub.com <http://www.mandrakeclub.com>
____________________________________________________
_____________________________________________________________________
This message has been checked for all known viruses by Minuco delivered
through the MessageLabs Virus Scanning Service. For further infomation visit
http://www.minuco.com <http://www.minuco.com> or alternatively mail
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> .
_____________________________________________________________________
This message has been checked for all known viruses by Minuco delivered
through the MessageLabs Virus Scanning Service. For further infomation visit
http://www.minuco.com <http://www.minuco.com> or alternatively mail
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> .
Minuco corporate logo
<http://ce.insight.messagelabs.com/ce10/content/viewer/136318415/178546436/1
78546437/178546438.jpg>
<http://at.insight.messagelabs.com/at10/echo2/to/linux-mandrake.com/from/min
uco.com/ignore?>
_____________________________________________________________________ This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]
_____________________________________________________________________ This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]
_____________________________________________________________________ This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]
_____________________________________________________________________
This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]
------------------------------------------------------------------------
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
The header of these files says not to make changes, as they are updated automatically. I assume then that putting in the above mii line could be removed at a later date if the files are ever updated by mnf2. Is there a template file that this line can be added to so it's never inadverently removed. Also, are you considering putting in a checkbox for setting the mii supported status for each card?
Dj.
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
