Hi there, I'm quite puzzled with the proper configuration of Shorewall. I'm running Debian Squeeze in an OpenVZ container (virtual server with 3rd party company).
After installing and configuring Shorewall, I've tested the config by pinging the server -- it didn't respond as anticipated. Changing Ping(DROP) to Ping(ACCEPT) and reloading the config I had full response on my ping, so the firewall seems to work correctly, and I changed back to Ping(DROP). Of course, Shorewall should automatically start when rebooting. Making the appropriate changes to shorewall.conf and /etc/default/shorewall it should all be fine -- but it ain't somehow. First thing I've noticed are messages like "FATAL: Could not load /lib/modules/2.6.32-028stab092.1/modules.dep: No such file or directory". Solved by removing the module-init-tools package (see Shorewall documentation on OpenVZ). Again, reboot, and I can still ping the system. Bring Shorewall down and up again -- no response on a ping. Why?? Looking at the /var/log/shorewall-init.log I've noticed that it looks somehow "messed up" as if two instances of Shorewall were started simultaneously while booting. They seem to interfere and leave an empty iptables (see shorewall-init.log.1.gz). However, after stopping/starting Shorewall, the iptables are filled correctly and the firewall works (see shorewall-init.log.2.gz). So, does anyone have an idea what goes wrong here? I'd be happy if you could help me out with this one or point me to some websites where problem is solved. Cheers, Matthias
shorewall-init.log.1.gz
Description: GNU Zip compressed data
shorewall-init.log.2.gz
Description: GNU Zip compressed data
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
