[Shorewall-newbies] Shorewall bridging

Sakthivel Subramanian sakthi at altair.com
Wed Mar 10 09:26:01 PST 2004


Tom,

I am not that lucky yet. I have the bridge up and running, there is no
problem sending traffic through it. But I just cannot start shorewall yet.
Following is the error message

*************
Processing /etc/shorewall/ecn...
Activating Rules...
iptables: No chain/target/match by that name
Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
Terminated
****************

# iptables -V
iptables v1.2.9

# uname -a
Linux NE-GATE2 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386
GNU/Linux

/etc/shorewall/interfaces
#ZONE    INTERFACE      BROADCAST       OPTIONS
-        br0            detect

/etc/shorewall/zones
#ZONE   DISPLAY         COMMENTS
net     Net             Internet
loc     Local           Local networks

/etc/shorewall/hosts
#ZONE           HOST(S)                         OPTIONS
net             br0:eth0
loc             br0:eth1

############ debug - trace #############
+ chain2=net2all
+ eval 'complex=$net_is_complex'
++ complex=
+ '[' -n '' ']'
+ echo 'fw net fw2net'
+ echo 'net fw net2all'
+ need_broadcast=
+ interface=br0
+ subnet=eth0
++ match_dest_hosts eth0
++ '[' -n Yes ']'
++ physdev_echo '--physdev-out eth0'
++ '[' -f /tmp/shorewall-12731/physdev ']'
++ echo -m physdev --physdev-out eth0
+ run_iptables -A OUTPUT -o br0 -m physdev --physdev-out eth0 -j fw2net
+ '[' -n Yes ']'
+ '[' -f /tmp/shorewall-12731/physdev ']'
+ rm -f /tmp/shorewall-12731/physdev
+ iptables -A OUTPUT -o br0 -m physdev --physdev-out eth0 -j fw2net
iptables: No chain/target/match by that name
+ '[' -z '' ']'
+ stop_firewall
+ set +x
#########################################

I am not sure what is the issue. If you would like the entire trace file I
can send it to you.

Although the bridge by itself is working, I can only ping the LAN machines
from the bridge machine, I can't seem to ping to the outside world. So I
can't seem to get squid working also.

Thanks

Sakthi

-----Original Message-----
From: Tom Eastep [mailto:teastep at shorewall.net] 
Sent: Tuesday, March 09, 2004 4:27 PM
To: List for New Shorewall Users; sakthi at altair.com
Subject: Re: [Shorewall-newbies] Shorewall bridging


On Tuesday 09 March 2004 12:59 pm, Tom Eastep wrote:
> On Tuesday 09 March 2004 12:49 pm, Sakthivel Subramanian wrote:
> > Tom,
> >
> > Currently I have a firewall machine with shorewall running on a 3 
> > interface configuration, the firewall machine also acts a proxy 
> > server (SQUID). I am thinking of replacing it with a bridged 
> > firewall with shorewall. If I switch to a bridged firewall and 
> > assign an IP to the bridge interface can I still use the firewall 
> > machine as a web proxy ?
>
> I don't know. One of the reasons that I am making the experimental 
> bridging code available is so people can try it and find out what does 
> and doesn't work.
>

This question made me curious so I installed Squid on my bridge/firewall and

tried it. Works fine, even in transparent mode.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net





More information about the Shorewall-newbies mailing list