On 07/06/2012 08:52 AM, Matthias Sitte wrote: > Hi there, > > I'm quite puzzled with the proper configuration of Shorewall. I'm > running Debian Squeeze in an OpenVZ container (virtual server with > 3rd party company).
That's interesting -- most people trying to run Shorewall in an OpenVZ container under Squeeze find that outgoing connections from the firewall don't work at all because Netfilter connection tracking is totally broken. Possibly there has finally been a fix for that. > Of course, Shorewall should automatically start when rebooting. > Making the appropriate changes to shorewall.conf and > /etc/default/shorewall it should all be fine -- but it ain't > somehow. > > Again, reboot, and I can still ping the system. Bring Shorewall down > and up again -- no response on a ping. How are you bringing Shorewall down at up again? Using /etc/init.d/shorewall or /sbin/shorewall? > Why?? > > Looking at the /var/log/shorewall-init.log I've noticed that it looks > somehow "messed up" as if two instances of Shorewall were started > simultaneously while booting. They seem to interfere and leave an > empty iptables (see shorewall-init.log.1.gz). Have you confirmed that it is empty? It looks to me as if Shorewall's stdout file and STARTUP_LOG files are both pointing to /var/log/shorewall-init.log. That is causing the duplication of messages that you are seeing. Given that the two seem to have different verbosity (and STARTUP_LOG has timestamps), the buffers of the two files get filled at a different rate so they get flushed to disk at different points. > However, after stopping/starting Shorewall, the iptables are filled > correctly and the firewall works (see shorewall-init.log.2.gz). > > So, does anyone have an idea what goes wrong here? I'd be happy if > you could help me out with this one or point me to some websites > where problem is solved. I don't think we know exactly what the problem is at this point. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
