[Shorewall-users] 'routestopped'

Tom Eastep teastep at shorewall.net
Tue Dec 16 14:45:45 PST 2003


On Tuesday 16 December 2003 02:13 pm, Ted Gervais wrote:
> I am wondering if I can get any tips on keeping my small network working
> when I run 'shorewall stop'.   I have amended the 'routestopped' file as
> the docs say which is like it always was:
>
> ###########################################################################
>### #INTERFACE      HOST(S)
> eth1            -
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
>
> I am running version 1.4.8 and have amended the interfaces file as per the
> instructions:
>
> #ZONE    INTERFACE      BROADCAST       OPTIONS
> net     eth0            detect
> dhcp,routefilter,norfc1918,blacklist
> loc     eth1            detect
> peers   tunl+
>
>
> Still I have no access to the Internet when 'shorewall' is stopped. In
> fact, even with previous versions I could never get things to work when
> shorewall was down.
>
> Any thoughts, anyone please..

To access the internet from your local network, you also need to allow traffic 
through eth0 and you probably need masquerading as well (I'll assume so).

To give yourself internet access when Shorewall is stopped, you will have to:

a) Add eth0 to the routestopped file.
b) In /etc/shorewall/stopped, manually configure a masquerading netfilter 
configuration by running 'iptables' directly.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list