My apologies,
I should have clarified. Shorewall starts w/out any issue. When doing a
shorewall dump, I get the error message: /var/log/shorewall.log does not
exist.
*
Shorewall Verbose start*
============================
dumbledore:~# shorewall -vv check
Checking...
Processing /etc/shorewall/params ...
Loading Modules...
Shorewall has detected the following capabilities:
Address Type Match: Available
CLASSIFY Target: Available
CONNMARK Target: Available
Capability Version: 4.0.15
Comments: Available
Connection Tracking Match: Available
Connmark Match: Available
Extended CONNMARK Target: Available
Extended Connmark Match: Available
Extended Mark Target: Available
Extended Multi-port Match: Available
Extended Reject: Available
Hashlimit Match: Available
IP Range Match: Available
IPP2P Match: Not Available
Ipset Match: Not Available
MARK Target: Available
Mangle FORWARD Chain: Available
Multi-port Match: Available
NAT: Available
NFQUEUE Target: Available
New Connection Tracking Match syntax: Available
Owner Match: Available
Packet Mangling: Available
Packet Type Match: Available
Packet length Match: Available
Physdev Match: Available
Physdev-is-bridged support: Available
Policy Match: Available
Raw Table: Available
Recent Match: Available
Repeat match: Available
TCPMSS Match: Available
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Interface "world br0 - bridge,dhcp" Validated
Interface "wan br0:eth1 - " Validated
Interface "dmz br0:tap0 - " Validated
Interface "ptd1 tap1 detect dhcp,routeback,upnp" Validated
Interface "ptd2 tap2 detect dhcp,routeback,upnp" Validated
Interface "loc eth0 detect dhcp,routeback" Validated
Determining Hosts in Zones...
fw (firewall)
loc (ipv4)
eth0:0.0.0.0/0
ptd1 (ipv4)
tap1:0.0.0.0/0
ptd2 (ipv4)
tap2:0.0.0.0/0
wan (bport4)
eth1:0.0.0.0/0
dmz (bport4)
tap0:0.0.0.0/0
world (ipv4)
br0:0.0.0.0/0
Preprocessing Action Files...
Pre-processing /usr/share/shorewall/action.Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro /usr/share/shorewall/macro.Auth
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro /usr/share/shorewall/macro.AllowICMPs
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro /usr/share/shorewall/macro.SMB
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro /usr/share/shorewall/macro.DropUPnP
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro /usr/share/shorewall/macro.DropDNSrep
Pre-processing /usr/share/shorewall/action.Reject...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro /usr/share/shorewall/macro.Auth
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro /usr/share/shorewall/macro.SMB
Checking /etc/shorewall/policy...
Policy for wan to dmz is ACCEPT using chain wan2dmz
Policy for dmz to wan is ACCEPT using chain dmz2wan
Policy for loc to ptd1 is ACCEPT using chain loc2ptd1
Policy for loc to ptd2 is ACCEPT using chain loc2ptd2
Policy for loc to fw is ACCEPT using chain loc2fw
Policy for loc to fw is REJECT using chain loc2all
Policy for loc to ptd1 is REJECT using chain loc2all
Policy for loc to ptd2 is REJECT using chain loc2all
Policy for loc to wan is REJECT using chain loc2all
Policy for loc to dmz is REJECT using chain loc2all
Policy for loc to world is REJECT using chain loc2all
Policy for fw to ptd1 is ACCEPT using chain fw2ptd1
Policy for fw to ptd2 is ACCEPT using chain fw2ptd2
Policy for fw to loc is ACCEPT using chain fw2loc
Policy for fw to loc is REJECT using chain fw2all
Policy for fw to ptd1 is REJECT using chain fw2all
Policy for fw to ptd2 is REJECT using chain fw2all
Policy for fw to wan is REJECT using chain fw2all
Policy for fw to dmz is REJECT using chain fw2all
Policy for fw to world is REJECT using chain fw2all
Policy for ptd1 to fw is DROP using chain ptd12fw
Policy for ptd1 to loc is DROP using chain ptd12loc
Policy for ptd1 to fw is DROP using chain ptd12all
Policy for ptd1 to loc is DROP using chain ptd12all
Policy for ptd1 to ptd2 is DROP using chain ptd12all
Policy for ptd1 to wan is DROP using chain ptd12all
Policy for ptd1 to dmz is DROP using chain ptd12all
Policy for ptd1 to world is DROP using chain ptd12all
Policy for ptd2 to fw is DROP using chain ptd22fw
Policy for ptd2 to loc is DROP using chain ptd22loc
Policy for ptd2 to fw is DROP using chain ptd22all
Policy for ptd2 to loc is DROP using chain ptd22all
Policy for ptd2 to ptd1 is DROP using chain ptd22all
Policy for ptd2 to wan is DROP using chain ptd22all
Policy for ptd2 to dmz is DROP using chain ptd22all
Policy for ptd2 to world is DROP using chain ptd22all
Policy for fw to loc is REJECT using chain all2all
Policy for fw to ptd1 is REJECT using chain all2all
Policy for fw to ptd2 is REJECT using chain all2all
Policy for fw to wan is REJECT using chain all2all
Policy for fw to dmz is REJECT using chain all2all
Policy for fw to world is REJECT using chain all2all
Policy for loc to fw is REJECT using chain all2all
Policy for loc to ptd1 is REJECT using chain all2all
Policy for loc to ptd2 is REJECT using chain all2all
Policy for loc to wan is REJECT using chain all2all
Policy for loc to dmz is REJECT using chain all2all
Policy for loc to world is REJECT using chain all2all
Policy for ptd1 to fw is REJECT using chain all2all
Policy for ptd1 to loc is REJECT using chain all2all
Policy for ptd1 to ptd2 is REJECT using chain all2all
Policy for ptd1 to wan is REJECT using chain all2all
Policy for ptd1 to dmz is REJECT using chain all2all
Policy for ptd1 to world is REJECT using chain all2all
Policy for ptd2 to fw is REJECT using chain all2all
Policy for ptd2 to loc is REJECT using chain all2all
Policy for ptd2 to ptd1 is REJECT using chain all2all
Policy for ptd2 to wan is REJECT using chain all2all
Policy for ptd2 to dmz is REJECT using chain all2all
Policy for ptd2 to world is REJECT using chain all2all
Policy for wan to fw is REJECT using chain all2all
Policy for wan to loc is REJECT using chain all2all
Policy for wan to ptd1 is REJECT using chain all2all
Policy for wan to ptd2 is REJECT using chain all2all
Policy for wan to dmz is REJECT using chain all2all
Policy for wan to world is REJECT using chain all2all
Policy for dmz to fw is REJECT using chain all2all
Policy for dmz to loc is REJECT using chain all2all
Policy for dmz to ptd1 is REJECT using chain all2all
Policy for dmz to ptd2 is REJECT using chain all2all
Policy for dmz to wan is REJECT using chain all2all
Policy for dmz to world is REJECT using chain all2all
Policy for world to fw is REJECT using chain all2all
Policy for world to loc is REJECT using chain all2all
Policy for world to ptd1 is REJECT using chain all2all
Policy for world to ptd2 is REJECT using chain all2all
Policy for world to wan is REJECT using chain all2all
Policy for world to dmz is REJECT using chain all2all
Checking /etc/shorewall/routestopped for critical hosts...
Checking /etc/shorewall/routestopped...
Adding rules for DHCP
$doing UPnP
Checking Kernel Route Filtering...
Checking /etc/shorewall/providers ...
Provider "ptd1 1 1 main tap1 detect track,balance,optional eth0" Checked
Provider "ptd2 2 2 main tap2 detect track,balance,optional eth0" Checked
Checking /etc/shorewall/route_rules...
Routing rule "192.168.1.2 - ptd2 1000" Checked
Routing rule "192.168.1.0/24 - ptd1 1000" Checked
Checking /etc/shorewall/masq...
Masq record "tap1 192.168.1.0/24 24.102.132.193" Checked
Masq record "tap1 24.102.139.228 24.102.132.193" Checked
Masq record "tap2 192.168.1.0/24 24.102.139.228" Checked
Masq record "tap2 24.102.132.193 24.102.139.228" Checked
Checking MAC Filtration -- Phase 1...
Checking MAC Verification for -- Phase 1...
Checking /etc/shorewall/rules...
..Expanding Macro /usr/share/shorewall/macro.Ping...
Rule "PARAM - - icmp 8" Checked
..End Macro /usr/share/shorewall/macro.Ping
Rule "Ping/ACCEPT ptd1 fw" Checked
..Expanding Macro /usr/share/shorewall/macro.SSH...
Rule "PARAM - - tcp 22" Checked
..End Macro /usr/share/shorewall/macro.SSH
Rule "SSH/ACCEPT ptd1:216.107.0.0/24,216.164.165.144/28,76.79.33.246 fw"
Checked
..Expanding Macro /usr/share/shorewall/macro.HTTP...
Rule "PARAM - - tcp 80" Checked
..End Macro /usr/share/shorewall/macro.HTTP
Rule "HTTP/ACCEPT ptd1:216.107.0.0/24,216.164.165.144/28,76.79.33.246 fw"
Checked
Rule "ACCEPT ptd1:216.155.55.0/24 fw" Checked
Rule "DNAT ptd2 loc:192.168.1.2:8080 tcp 80 - 24.102.139.228" Checked
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Checking ...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Processing /usr/share/shorewall/action.Drop for chain Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Checking MAC Filtration -- Phase 2...
Checking MAC Verification for -- Phase 2...
Applying Policies...
Policy ACCEPT from fw to loc using chain fw2loc
Policy ACCEPT from fw to ptd1 using chain fw2ptd1
Policy ACCEPT from fw to ptd2 using chain fw2ptd2
Policy REJECT from fw to world using chain fw2world
Policy ACCEPT from loc to fw using chain loc2fw
Policy ACCEPT from loc to ptd1 using chain loc2ptd1
Policy ACCEPT from loc to ptd2 using chain loc2ptd2
Policy REJECT from loc to world using chain loc2world
Policy DROP from ptd1 to fw using chain ptd12fw
Policy DROP from ptd1 to loc using chain ptd12loc
Policy DROP from ptd1 to ptd2 using chain ptd12ptd2
Policy DROP from ptd1 to world using chain ptd12world
Policy DROP from ptd2 to fw using chain ptd22fw
Policy DROP from ptd2 to loc using chain ptd22loc
Policy DROP from ptd2 to ptd1 using chain ptd22ptd1
Policy DROP from ptd2 to world using chain ptd22world
Policy ACCEPT from wan to dmz using chain wan2dmz
Policy ACCEPT from dmz to wan using chain dmz2wan
Policy REJECT from world to fw using chain world2fw
Policy REJECT from world to loc using chain world2loc
Policy REJECT from world to ptd1 using chain world2ptd1
Policy REJECT from world to ptd2 using chain world2ptd2
Checking /etc/shorewall/tcdevices...
Tcdevice "tap0 1550kbit 5600kbit" Checked.
Checking /etc/shorewall/tcclasses...
Tcclass "tap0 1 25*full/100 full 1 tos=0x68/0xfc,tos=0xb8/0xfc" Checked.
Tcclass "tap0 2 15*full/100 full 2 " Checked.
Tcclass "tap0 3 20*full/100 full 3 tos-minimize-delay " Checked.
Tcclass "tap0 4 30*full/100 full 4 " Checked.
Tcclass "tap0 5 10*full/100 75*full/10 5 default " Checked.
Checking /etc/shorewall/tcrules...
TC Rule "1:T 0.0.0.0/0 0.0.0.0/0 icmp echo-request" Checked
TC Rule "1:T 0.0.0.0/0 0.0.0.0/0 icmp echo-reply" Checked
TC Rule "1:T 192.168.1.5 0.0.0.0/0 " Checked
TC Rule "1:T 0.0.0.0/0 192.168.1.5 " Checked
TC Rule "2:T 0.0.0.0/0 0.0.0.0/0 udp 53" Checked
TC Rule "2:T 0.0.0.0/0 0.0.0.0/0 tcp 53" Checked
TC Rule "3:T 0.0.0.0/0 0.0.0.0/0 tcp 22" Checked
TC Rule "3:T 0.0.0.0/0 0.0.0.0/0 tcp 5900" Checked
TC Rule "4:T 0.0.0.0/0 0.0.0.0/0 tcp 80,443,8080,8088" Checked
TC Rule "5:T 0.0.0.0/0 0.0.0.0/0 tcp 6974" Checked
TC Rule "5:T 0.0.0.0/0 0.0.0.0/0 udp 6974" Checked
TC Rule "5:T 0.0.0.0/0 192.168.1.2" Checked
TC Rule "5:T 192.168.1.2 0.0.0.0/0" Checked
On Thu, Aug 27, 2009 at 12:40 PM, Tom Eastep <[email protected]> wrote:
> Donald wrote:
>
> > This may be one of those, you're doing it wrong, and there is a far
> > easier way to do it than the way you are doing it. Please let me know.
> >
> > *Problem*
> > **- Seems like rules to the firewall work fine. However, the DNAT rule
> > will not work over its dead body. When I had the 3 NIC setup, that DNAT
> > rule worked fine.
>
> Please refer to http://www.shorewall.net/support.htm#Guidelines for the
> information we need to solve this type of problem.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
