[Shorewall-users] Newbie list question ? Or not ?

Tom Eastep teastep at shorewall.net
Thu Dec 4 15:54:09 PST 2003

On Thu, 2003-12-04 at 15:20, Bill.Light at kp.org wrote:

> As the latest "discourager" for you - I'm willing to reply, rather than 
> hide or un-subscribe...


> The original entry above was EXACTLY what I tried, and it did NOT work. 
> Something that I did, caused all traffic - including my local LAN to route 
> Internet browsing through work...not a desired result.

The entry in /etc/shorewall/masq only affects the source address used
for traffic forwarded from eth2->eth1; it doesn't determine which
traffic is routed that way. 

On your firewall system, I assume that the default route is via eth0? If
so, then any traffic from eth2 that is not routed elsewhere by entries
in your routing table will be routed to the default gateway on eth0.

If at the time that you were seeing this unexpected (and from your point
of view, incorrect) behavior, if you would have captured the information
requested at http://www.shorewall.net/support.htm and would have
forwarded it (to either list :-), we would have had a much better chance
of helping you.

> I did have a 
> working configuration, but with SuSE's impending "Discontinued SuSE Linux 
> Distributions (7.3)"  (which was announced today) when I hard disk died, I 
> used the current release (SuSE Professional 9.0), as well as the "current" 
> Shorewall (which was 1.4.7c at the time I built the box).
> I have not claimed it's the fault of shorewall, I have read and re-read 
> all six examples (you can count them if you think I didn't already look) 
> as well as the comment lines in the file /etc/shorewall/masq   itself. If 
> it had worked, I wouldn't have posted the question to begin with.  I'm not 
> so proud that I wouldn't post it to the newbies list - I chose this list, 
> exactly because it didn't work as it had for me before and the examples 
> were NOT working for me...

Ok -- this is all great information that was missing in your original
post. Remember, Bill, that all we know about your problem is what you
write in your posts. Now I realize that your post was actually trying to
determine which list was appropriate -- in the future, please just post
away; as someone else has pointed out, with this two-list setup we're
currently abusing ourselves with, we must be gentle in our rebukes
regarding posts to the wrong list.

> Which is why I say "I can go try various options"   I was NOT attempting 
> to discount your answer or trying to be lazy, my wife goes crazy with 
> Shorewall Documentation sitting next to the bed, because that has become 
> my night time reading.

I use similar reading material as a substitute for sleeping pills :-)

> To aggravate matters, everytime I try to do this 
> one little suggestion or a tidbit I pick up - if it blows me out I can't 
> get to it until 9 or 10 that night.


> I wouldn't expect you to run every version and distro of Linux out there, 
> and, by your posts, you have shown yourself to be Red Hat - I happened to 
> have chosen SuSE.  But there appear to be enough differences that it 
> sometimes interferes with what may seem trivial to you.

Nevertheless, the more information that you capture *at the time of the
failure* and provide to us, the more we can help you. I can fire up SuSE
under VMWare if need be to check for distribution differences but I've
generally found that once I get the installation correct on a particular
distribution, Shorewall works the same on all of them.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list