Hi Tom, thanks for your reply. Yes i Meant 4.4.24. I got a bit confused with shorewall and shorewall-perl but i guess i now get it.
But I'm actually getting another error: I'm running Centos 5.7 with iptables 1.3.5 And while compiling on the management system with the command: Shorewall load firewallDNSname I receive the error: ERROR: Your iptables is not recent enough to support bridge ports : /opt/shwallexport/fw01/interface (line 233) So I tried the same setup with Centos 6 with iptables 1.4.7 And I receive the same error. I Configured like mentioned here: http://www.shorewall.net/bridge-Shorewall-perl.html. You've got any idea on that issue ? Best Regards Alex -----Ursprüngliche Nachricht----- Von: Tom Eastep [mailto:[email protected]] Gesendet: Dienstag, 15. November 2011 15:08 An: Shorewall Users Betreff: Re: [Shorewall-users] shorewall bridging firewall set up On Nov 14, 2011, at 10:40 PM, <[email protected]> <[email protected]> wrote: > > i'd like to set up shorewall as a bridging firewall. I've got a > shorerwall management server and 2 shorewall lite servers. Version > 4.24-1 Presumably, you mean 4.4.24-1? > The shorewalllite servers have 3 interfaces: > Eth2 dmz > Eth0 internet > Eth1 loc > > I created a bridge and added interface eth0+eth1. > > I'd like to filter/restrict the traffic through the bridge. > Now my question is: > > Do I need shorewall-perl for this? Where can I download > shorewall-perl? I alrdy searched through some download mirrors on > shorewall.net but didn't find shorewall-perl. >From http://www.shorewall.net/FAQ.htm (FAQ 14) I can't find the Shorewall 4.4 shorewall-common, shorewall-shell and shorewall-perl packages? Where are they? Answer:In Shorewall 4.4, the shorewall-shell package was discontinued. The shorewall-common and shorewall-perl packages were combined to form a single shorewall package. > > Can I filter through the bridge with shorewall + shorewall lite, too ? Yes. > > I already installed bridge-utils, etc. I only don't know how to configure > shorewall for bridiging firewall support. > Can I use this tutorial, even I don't use shorewall-perl? > http://www.shorewall.net/bridge-Shorewall-perl.html If you have Shorewall 4.4.24, then you have Shorewall-perl as mentioned above. > > If I start the command: "shorewall load firewall1" on my shorewall manage > server. It starts compiling, but give me 2 errors: > First in shorewall.conf: > Bridging=YES is not supported in shorewall 4.x.x I googled this error > and was linked to: > http://www.shorewall.net/bridge-Shorewall-perl.html Which is the correct HOWTO. > > That's why I ask you: do I need shorewall-perl for bridiging firewall support > and where can I dpownload it? > > As I commented the Bridging=yes out I received another error in "hosts" > ERROR: invalid IP Address (eth0) at line 132 > > That's the line: > net br0:eth0 > > I'd really appreciate any given support ! Simply follow the instructions at http://www.shorewall.net/bridge-Shorewall-perl.html. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
