Hello everyone, I'm using shorewall successfully on many servers withount any problems and I'm really happy with this great piece of software.
But now I ran into a problem with shorewall 3.0.4 on Ubuntu 6.06 running on a vServer. The provider uses virtual interfaces like eth0:vs01 for the customers. The interface eth0 cannot be touched. I've read the instructions for aliased interfaces but somehow I don't get it. I want some basic fw rules like opening port 22 for ssh. Here is my configuration: /etc/shorewall/interfaces net eth0 /etc/shorewall/zones fw firewall net ipv4 /etc/shorewall/policy net all DROP error all all REJECT error $FW net ACCEPT error /etc/shorewall/rules ACCEPT net:123.123.123.123 $FW 22 123.123.123.123 is the ip of the virtual interface eth0:vs01 Trying to start shorewall gives the following error: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/shorewall.conf... Starting Shorewall... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Not available Packet Mangling: Not available Multi-port Match: Not available Connection Tracking Match: Not available Packet Type Match: Not available Policy Match: Not available Physdev Match: Not available IP range Match: Not available Recent Match: Not available Owner Match: Not available Ipset Match: Not available CONNMARK Target: Not available Connmark Match: Not available Raw Table: Not available CLASSIFY Target: Not available Determining Zones... IPv4 Zones: net Firewall Zone: fw Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... net Zone: eth0:0.0.0.0/0 Pre-processing Actions... Pre-processing /usr/share/shorewall/action.Drop... ..Expanding Macro /usr/share/shorewall/macro.Auth... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.SMB... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... ..End Macro Pre-processing /usr/share/shorewall/action.Reject... Pre-processing /usr/share/shorewall/action.Limit... /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/all/proxy_arp: Operation not permitted /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/default/proxy_arp: Operation not permitted /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/eth0/proxy_arp: Operation not permitted /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/lo/proxy_arp: Operation not permitted Deleting user chains... iptables: Operation not permitted ERROR: Command "/sbin/iptables -P INPUT DROP" Failed /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/all/proxy_arp: Operation not permitted /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/default/proxy_arp: Operation not permitted /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/eth0/proxy_arp: Operation not permitted /usr/share/shorewall/firewall: line 3009: /proc/sys/net/ipv4/conf/lo/proxy_arp: Operation not permitted iptables: Operation not permitted iptables: Operation not permitted iptables: Operation not permitted iptables: Operation not permitted iptables: Operation not permitted iptables: Operation not permitted iptables: Operation not permitted So how can I use this virtual interface with shorewall? Thanks in advance. Best Regards Matthias ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
