Tom Eastep wrote: > Mike Purnell wrote: > >> My first encounter with shorewall months ago resulted in failure to get >> it working. I resorted to doing iptables rules directly. I'm back for >> more and beating my head against the same issue. I am following >> instructions here: <http://www.shorewall.net/two-interface.htm> >> >> I have a webserver/firewall sitting on a single, public IP. My issue is >> that when I start shorewall, I receive the error message "ERROR: Only >> one firewall zone may be defined" unless I delete (or comment out) my >> firewall zone in /etc/shorewall/zones like this: >> >> #fw firewall >> loc ipv4 >> net ipv4 >> >> These are the ONLY zones defined. >> > > You are following the Shorewall 4.0 instructions but are running > some earlier version with the shorewall.conf file not matching > the version of Shorewall. > > The shorewall.conf file you are using either has > IPSECFILE=ipsec, IPSECFILE=, or doesn't contain an IPSECFILE specification. > It should contain IPSECFILE=zone. It may also contain an explicit setting > for FW (e.g., FW=fw). That should also be removed. > > -Tom > The shorewall.conf file contained both IPSECFILE=zone and FW=fw The default .conf file contained both and I missed it.
I removed the latter and all is well. Thanks. --Mike > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
