RE: [Security Firewall] Cannot access firewall after adding masq entries

[Mitchell, Neill]

Yes this worked. Thanks Florin. Perhaps it could be added as an option on the Network Card setup. This would be very slick and will save a lot of people a lot of head scratching!   Best regards Neill.   -----Original Message----- From: Mitchell, Neill Sent: 27 January 2005 14:20 To: 'security-firewall@linux-mandrake.com' Subject: RE: [Security Firewall] Cannot access firewall after adding masq entries   Great. I'll try that Florin.   Many thanks.   -----Original Message----- From: Florin [mailto:[EMAIL PROTECTED] Sent: 27 January 2005 14:14 To: security-firewall@linux-mandrake.com Subject: Re: [Security Firewall] Cannot access firewall after adding masq entries   "Mitchell, Neill" <[EMAIL PROTECTED]> writes:   > Hmmm. You can't add rules to a disconnected interface either e.g. DMZ > without shorewall going bang. This is a real show stopper for me. If > you can't configure a firewall before installing it into the final > network then that's a real serious problem. > This didn't use to happen with MNF 1. I think the link state detection > is being a bit over zealous now. > > Cheers. >   this has been already discussed here several times. Have you tried the MII_NOT_SUPPORTED=yes options in the /etc/sysconfig/network-scripts/ifcfg-ethX files ?     > _____ > > From: Mitchell, Neill [mailto:[EMAIL PROTECTED] > Sent: 26 January 2005 15:53 > To: 'security-firewall@linux-mandrake.com' > Subject: RE: [Security Firewall] Cannot access firewall after adding > masq entries > > > Looks like I've have cracked it. As I suspected, if the interface is > not plugged in then shorewall fails as it thinks the interface is not > up. I plugged eth2 into a hub and it started working. Shorewall will > fail if ANY of the masq interfaces are disconnected. This is not an > ideal solution. You should be able to configure and test a firewall > before deploying it. This problem prevents this. > > Any ideas Florin/anybody? > > Cheers. > > _____ > > From: Doug White [mailto:[EMAIL PROTECTED] > Sent: 26 January 2005 15:44 > To: security-firewall@linux-mandrake.com > Subject: Re: [Security Firewall] Cannot access firewall after adding > masq entries > > > Mitchell: > > I haven't been able to get masq to work either but I know how to get > you back running: > > Go to the physical box: > Log in as a user or admin > su > edit /etc/shorewall/masq (vi /etc/shorewall/masq) > delete the two lines you added > save and exit > type: shorewall restart > it should run. > > > Now you should be able to get into the firewall. Go to the masq > section and delete the two entries there then apply. This will get > you back to square one. > > I have had no luck with the DHCP or the MASQ sections. Nothing seems > to work and I have spent about 10 hours on it. I still have to static > NAT everything and use a separate DHCP server. Perhaps Florin or > someone will write a tutorial on how to set up a dhcp network. > > Good Luck > > Mitchell, Neill wrote: > > > Hi there. > > Running MNF Beta 2 with latest naat rpms from florin's site. > Everything was running fine until I added two masquerade entries and > hit apply. I then lost the ability to web admin the firewall. I get a > timeout when connecting to it. The entries I added were: > > eth2:0.0.0.0/0 eth0 > eth2:0.0.0.0/0 eth1 > > eth0 is my LAN, eth1 is my DMZ and eth2 is the WAN. I've checked the > masq file and it contains the above entries. I have no custom rules. I > have compared all the shorewall files with my MNF 1 firewall ones and > I just can't see anything wrong. Nothing in the logs to indicate a > problem. I have not hacked any files manually. > > Any ideas? > > Many thanks > > _____ > > From: Administrador do Firewall [mailto:[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> ] > Sent: 26 January 2005 13:31 > To: security-firewall@linux-mandrake.com > <mailto:security-firewall@linux-mandrake.com> > Subject: Re: [Security Firewall] MNF2 beta is the last one? > > > I need to install a MNF2 now, so how dificult will be to update de > beta2 to beta3/final? > > Florin escreveu: > > Administrador do Firewall <mailto:[EMAIL PROTECTED]> <[EMAIL PROTECTED]> > writes: > > > > > > Is the MNF2 beta2 the last one? > > We will have a beta3 or the next one is the final one? > > > > > > a new beta3 iso image will be available very soon ... and THEN the > final > > one. > > > > my 2cts, > > > > > _____ > > > ____________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com <http://www.mandrakestore.com> > > Join the Club : http://www.mandrakeclub.com > <http://www.mandrakeclub.com> > > ____________________________________________________ > > > > > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco > delivered through the MessageLabs Virus Scanning Service. For further > infomation visit http://www.minuco.com <http://www.minuco.com> or > alternatively mail [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> . > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco > delivered through the MessageLabs Virus Scanning Service. For further > infomation visit http://www.minuco.com <http://www.minuco.com> or > alternatively mail [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> . > > Minuco corporate logo > <http://ce.insight.messagelabs.com/ce10/content/viewer/136318415/17854 > 6436/1 > 78546437/178546438.jpg> > > > <http://at.insight.messagelabs.com/at10/echo2/to/linux-mandrake.com/fr > om/min > uco.com/ignore?> > > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco > delivered through the MessageLabs Virus Scanning Service. For further > infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]. > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco > delivered through the MessageLabs Virus Scanning Service. For further > infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]. > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco > delivered through the MessageLabs Virus Scanning Service. For further > infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]. > > > > _____________________________________________________________________ > This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED].   -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/       _____________________________________________________________________ This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED].   _____________________________________________________________________ This message has been checked for all known viruses by Minuco delivered through the MessageLabs Virus Scanning Service. For further infomation visit http://www.minuco.com or alternatively mail [EMAIL PROTECTED]