>> [EMAIL PROTECTED] wrote:
>>
>>> > Validating interfaces file...
>>>> ERROR: The routeback option may not be specified on a multi-zone
>>>> interface
>>>>
>>> > Does someone made a similar setup and can give a few tips ?
>>
>> You can setup routeback yourself, 'echo 1 >
>> /proc/sys/net/ipv4/conf/<interface>/rp_filter' is the way to do it I
>> think. You can also control most of the other settings in the
>> shorewall interfaces file.
>>
>> It's also referenced in /etc/sysctl.conf but I don't actually know
>> exactly when/how that file is used.
>>
>> http://www.linuxdocs.org/HOWTOs/Adv-Routing-HOWTO-12.html has some
>> info on the control files.
>>
I checked but in sysctl.conf and this is what i've found
sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 1
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456
It seems that rp_filter is all ready set and i checked it in the proc file
also :
cat /proc/sys/net/ipv4/conf/eth1/rp_filter
1
[EMAIL PROTECTED] etc]#
Any hints on what could be wrong ?
My shorewall files are configured like so:
interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 82.76.51.255
- eth1 192.168.0.255,192.168.1.255,192.168.2.255
loc_v venet0 192.168.100.255 routeback
hosts:
#ZONE HOST(S) OPTIONS
loc eth1:192.168.0.0/24
wox eth1:192.168.1.0/24
prg eth1:192.168.2.0/24
zones:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
loc_v ipv4
wox ipv4
prg ipv4
masq:
#INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC
eth0 eth1
eth0 venet0
eth0 eth1:1
eth0 eth1:2
policy:
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
fw net ACCEPT
loc_v net ACCEPT
loc fw ACCEPT
loc_v fw ACCEPT
loc loc_v ACCEPT
loc_v loc ACCEPT
fw loc ACCEPT
fw loc_v ACCEPT
#alte retele (alias-uri)
wox net ACCEPT
wox loc_v ACCEPT
wox loc ACCEPT
wox fw ACCEPT
prg loc_v ACCEPT
prg loc ACCEPT
prg net ACCEPT
prg fw ACCEPT
loc wox ACCEPT
loc_v wox ACCEPT
loc prg ACCEPT
loc_v prg ACCEPT
fw wox ACCEPT
fw prg ACCEPT
#sfarsit alte retele
net all REJECT
all all REJECT
rules:
#ACTION SOURCE DEST PROTO DEST SOURCE
ORIGINAL RATE USER/
# PORT(S) PORT(S)
DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
# redirectionam toate request-urile primite pe portul 80 catre proxy
DNAT loc loc_v:192.168.100.7:3128 tcp www -
# acceptam conexiuni ssh din internet numai de la ip-ul meu
ACCEPT net:86.124.248.188 fw tcp 22
# permitem accesul la mail
ACCEPT loc net:85.9.58.105 tcp 25
ACCEPT loc net:85.9.58.105 tcp 110
ACCEPT loc net:85.9.58.105 tcp 143
ACCEPT loc:192.168.0.38 net tcp 443
ACCEPT loc net:212.146.105.119 tcp 21
ACCEPT wox loc:192.168.0.5
ACCEPT loc:192.168.0.5 wox
ACCEPT loc:192.168.0.24 net tcp 5001
#REJECT
fw
net
tcp
80
-
Thank you for your patience !
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
