Hi Tom,

Yess my Question was confused so i checked that warnings and i get confused
with the files resolv.conf & nsswitch.conf how can i know if that are
correct.

i verify the next warnings


   -

   If your Name Server(s) is(are) down then your firewall won't start.
   -

   If your startup scripts try to start your firewall before starting your
   DNS server then your firewall won't start.
   -

   Factors totally outside your control (your ISP's router is down for
   example), can prevent your firewall from starting.
   -

   You must bring up your network interfaces prior to starting your
   firewall.

and that are correct but i cant start shorewall because of that:
aporta@proxy:~$ sudo shorewall check
Checking...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Adding rules for DHCP
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking /etc/shorewall/masq...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall/rules...
   ERROR: Unknown Host (mail.shorewall.net) : /etc/shorewall/rules (line 33)

I checked in the /etc/shorewall/rules and i veryfy that i can use only local
host and the FW take it (ACCEPT:$LOG     loc:FELIPE-MSI.local.
      net                     tcp     3200 # SAP) but if i search for WAN
host it didnt take (REJECT:$LOG     loc        net:mail.shorewall.net
   tcp     80), my rules is in the adjunt file.!!!!! Do you speak spanish???

regards,
felipe

2011/8/26 Tom Eastep <teas...@shorewall.net>

>
> Do you know how to set up DNS name configuration in the next files:
>>
>
>
>    -
>
>     /etc/resolv.conf is wrong then your firewall won't start.
>    -
>
>    If your /etc/nsswitch.conf is wrong then your firewall won't start.
>    -
>
>    If your Name Server(s) is(are) down then your firewall won't start.
>    -
>
>    If your startup scripts try to start your firewall before starting your
>    DNS server then your firewall won't start.
>    -
>
>    Factors totally outside your control (your ISP's router is down for
>    example), can prevent your firewall from starting.
>    -
>
>    You must bring up your network interfaces prior to starting your
>    firewall.
>
> Each DNS name must be fully qualified and include a minimum of two periods
> (although one may be trailing). This restriction is imposed by Shorewall to
> insure backward compatibility with existing configuration files.
>
>
> Those are just warnings about what may go wrong when you use DNS names.
>
> -Tom
>
>
> ------------------------------------------------------------------------------
> EMC VNX: the world's simplest storage, starting under $10K
> The only unified storage solution that offers unified management
> Up to 160% more powerful than alternatives and 25% more efficient.
> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
####################################################################################################################################################################
#ACTION         SOURCE          DEST            PROTO   DEST    SOURCE          
ORIGINAL        RATE            USER/   MARK    CONNLIMIT       TIME         
HEADERS
#                                                       PORT    PORT(S)         
DEST            LIMIT           GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW

#       Trafico originado en la red LOC con destino el Firewall: loc2fw

ACCEPT:$LOG     loc                     fw                      icmp    8       
                 # Ping
ACCEPT:$LOG     loc:$LOC_IP_SYSADMIN    fw                      tcp     3389    
                 # ESCRITORIO REMOTO
ACCEPT:$LOG     loc:$LOC_IP_SYSADMIN    fw                      tcp     5900    
                  # ESCRITORIO REMOTO
ACCEPT:$LOG     loc                     fw                      tcp     3128    
                # Squid Proxy HTTP

#       Trafico originado en la red LOC con destino Internet: loc2net

ACCEPT:$LOG     loc                     net                     icmp    8       
                # Ping
ACCEPT:$LOG     loc                     net                     tcp     443     
                # HTTPS SKYPE
ACCEPT:$LOG     loc                     net                     tcp     3389    
                # ESCRITORIO REMOTO
ACCEPT:$LOG     loc                     net                     tcp     3299    
                # SAP
ACCEPT:$LOG     loc:FELIPE-MSI.local.                     net                   
  tcp     3200                  # SAP
ACCEPT:$LOG     loc                     net                     tcp     80      
                # HTTP WEB
ACCEPT:$LOG     loc                     net                     udp     53      
                # HTTP WEB
#REJECT:$LOG     loc                    net:google.com          udp     53      
                # youtube
REJECT:$LOG     loc                     net:mail.shorewall.net          tcp     
80                      
REJECT:$LOG     loc      net:209.85.0.0-209.85.254.254          tcp     80      
                # youtube
REJECT:$LOG     loc      net:209.85.0.0-209.85.254.254          udp     53      
                # youtube

#       Trafico originado en el firewall con destino local: fw2loc



#       Trafico originado en el Firewall con destino Internet: fw2net

ACCEPT:$LOG          fw                      net                     tcp     21 
                     # FTP
ACCEPT:$LOG          fw                      net                     tcp     80 
                     # HTTP

#       Trafico originado en el Internet con destino Firewall: net2fw

ACCEPT:$LOG     net                                fw                   tcp     
3389                    # ESCRITORIO REMOTO microsoft
ACCEPT:$LOG     net                                fw                   tcp     
5900                    # ESCRITORIO REMOTO VLC

#       Reglas DNAT originadas desde el Internet hacia red Local

ACCEPT:$LOG     net                                loc                   tcp    
 3389                    # ESCRITORIO REMOTO microsoft
ACCEPT:$LOG     net                                loc                   tcp    
 5900                    # ESCRITORIO REMOTO VLC
ACCEPT:$LOG     net                                loc                   icmp   
  8
#DNAT:$LOG              net                                loc:$LOC_IP_SYSADMIN 
 icmp     8     -    192.168.12.10
ACCEPT:$LOG     net                                loc                   tcp    
3299
#DNAT:$LOG      net                                loc:$LOC_IP_SYSADMIN  tcp    
3299    -    192.168.12.10
ACCEPT:$LOG     net                                loc                   tcp    
3200
#DNAT:$LOG              net                                loc:$LOC_IP_SYSADMIN 
 tcp    3200    -    192.168.12.10

# Proxy Transparente
#REDIRECT:$LOG        loc                     3128                    tcp     80
#REDIRECT:$LOG        loc                     3128                    tcp     
80      -       !192.168.3.20

------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to