Hi Tom, On Saturday 24 May 2008 22:39, Tom Eastep wrote: > Tom Eastep wrote: > > Tom Eastep wrote: > >> Christian Schneider wrote: > >>> Could you remove that check for norfc1918 options on interfaces > >>> with rfc1918 addresses, Tom, please? > >> > >> Remove it yourself! All of the HOWTOs make a point of that issue > >> and if you just remove the 'norfc1918' option as the HOWTOs direct > >> in cases like this, then you won't have this issue. > > > > As an aside, Shorewall-perl 4.2 drops the 'norfc1918' option. > > Not quite true -- I looked at the 4.2.0-Beta1 code again and it > deprecates the 'norfc1918' option and it only gives a warning if the > option is specified on an interface with an RFC-1918 address. > > The bottom line is that the 'norfc1918' option was probably a bad > idea to begin with, it is going away, and I recommend against using > it.
Well, I had a look into the two interfaces HOWTO (for versions 3 and 4) and the only sentence mentioning norfc1918 is: "Before starting Shorewall, you should look at the IP address of your external interface and if it is one of the above ranges, you should remove the 'norfc1918' option from the external interface's entry in /etc/shorewall/interfaces." There is no warning that startup will fail and absolutely no filtering will be done even if the interface has an rfc1918 ip only temporarely. For me it sounds like "remove the option or all traffic will be filtered". The main problem is: If you start shorewall when you are dialed in, it will start correctly and you will think that your configuration is ok. But when you boot the next time startup may fail silently! Anyway, thanks for your comment. I removed the norfc1918 option, of course, to avoid this problem. Cheers, Christian ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
