Tom Eastep wrote:
> Tom Eastep wrote:
>
>> Vernon A. Fort wrote:
>>
>>> Tom Eastep wrote:
>>>
>>>> Vernon A. Fort wrote:
>>>>
>>>>
>>>>> shorewall 3.4.8 on gentoo (kernel 2.6.26-r3). I'm not sure when this
>>>>> started but when i change rule or add a new rule, then shorewall restart
>>>>> (or stop then start). The OLD rules are still present under iptables -L
>>>>> -nv. I stop shorewall and the iptables -L -nv shows no rules. Start
>>>>> and it still shows the old rule sets. Also, i started noticing a
>>>>> shorewall.{hash} directory showing up under the /tmp directory. I've
>>>>> never seen this.
>>>>>
>>>>> Where in the heck to i start looking......?
>>>>>
>>>>>
>>>> I suspect that 'shorewall start' is failing and your saved configuration
>>>> is being installed. What do the final messages of '/sbin/shorewall
>>>> restart' look like?
>>>>
>>>> -Tom
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>> It looked (looks) perfectly normal - no errors.
>>>
>> So you believe that you are a reliable judge of what is 'normal' with
>> Shorewall?
>>
>> I rather doubt it...
>>
>
> In other words, I didn't ask for a qualitative assessment of the output
> -- I really wanted to see a copy of the output itself.
>
> -Tom
>
> ------------------------------------------------------------------------
>
Understood - 'normal' meant normal from my perspective and I am NOT a
reliable judge. I could not send the output of shorewall restart (or
stop/start for that matter) because I did not preserve it. I did,
however, preserve the ORIGINAL .restart, .start and .stop files in the
/var/lib/shorewall from when i first noticed the problem. I'll shoot
them to you if you want to see them.
Shorewall is working for now but not doing everything I want it to do.
Most of the firewalls I maintain are very simple two interface setups
and shorewall always works flawlessly. This one has two internal
networks and two Internet interfaces (Mulit-IPS) so its way more
complex. I'm trying to get the Multi-ISP, QoS, SMTP routing via the
sprint 1.5 link and everything else routing out the cable modem. I've
had trouble getting the latter two working together correctly - time to
hit the books!
Vernon
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
