[Shorewall-users] Bug? with Maclist option
venkatesh at cbayscribe.com
Fri Oct 31 18:33:04 PST 2003
I found out the source of problem. In fact I had gone through mailing list
archives and trouble shooting info available on site.
Generally, I write my own network init script to replace the generic network
script of RedHat. My network init script uses "iproute2" toolset instead of
ip addr add 192.168.0.1/32 brd 192.168.0.255 dev eth0
ip route add 192.168.0.0/24 scope link proto kernel src 192.168.0.1 dev eth0
<shorewall cmd>iptables -A eth2_mac -s 192.168.1.253 -d -j RETURN<error>
Shorewall might be having trouble parsing the network information with the
above setup. The correct command should be "iptables -A eth2_mac -s
192.168.1.253 -d 255.255.255.255 -j RETURN"
Shorewall does't have any problems as long as maclist option is not used.
----- Original Message -----
From: "Tom Eastep" <teastep at shorewall.net>
To: "Shorewall Users Mailing List" <shorewall-users at lists.shorewall.net>
Sent: Friday, October 31, 2003 9:50 AM
Subject: Re: [Shorewall-users] Bug? with Maclist option
> On Fri, 31 Oct 2003, Venkatesh. K wrote:
> > Hi,
> > I am having problem with setting up "maclist" with following versions.
> > I am using RedHat Stock Kernel 2.4.20-20.7 and iptables 1.2.8.
> > shorewall-1.4.6c
> > shorewall-1.4.7b
> > shorewall-1.4.7c
> > shorewall-1.4.8-0RC1
> > Shorewall stop with following error.
> > <snip>
> > Setting up MAC Verification on eth2...
> > Bad argument `RETURN'
> > Try `iptables -h' or 'iptables --help' for more information.
> > Processing /etc/shorewall/stop ...
> > Processing /etc/shorewall/stopped ...
> > <snip>
> > Here is the configuration files
> > /etc/shorewall/zones
> > #ZONE DISPLAY COMMENTS
> > net Net Internet
> > loc Local Local networks
> > dmz DMZ Demilitarized zone
> > p2p p2p Point to Point Link
> > vpn vpn PPTP VPN Clients
> > #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
> > /etc/shorewall/interfaces
> > #ZONE INTERFACE BROADCAST OPTIONS
> > net eth0 detect
> > loc eth2 10.255.255.255 maclist
> > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> On the Shorewall home page, you will see three Frames.
> In the left-hand Frame is an Index.
> In that Index is an entry entitled "Things to try if it doesn't work"
> If you click on that link, you will see a heading "If the firewall fails
> to start"
> Please follow the instructions that you find there.
> And also please tell me what I can do do make that information easier to
> find because I am completely out of ideas....
> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep at shorewall.net
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
More information about the Shorewall-users