[Shorewall-users] Bug? with Maclist option

Venkatesh. K venkatesh at cbayscribe.com
Fri Oct 31 18:33:04 PST 2003


I found out the source of problem. In fact I had gone through mailing list
archives and trouble shooting info available on site.

Generally, I write my own network init script to replace the generic network
script of RedHat. My network init script uses "iproute2" toolset instead of
ifconfig.

<snip>
ip addr add 192.168.0.1/32 brd 192.168.0.255 dev eth0
ip route add 192.168.0.0/24 scope link proto kernel src 192.168.0.1 dev eth0
<snip>

<shorewall cmd>iptables -A eth2_mac -s 192.168.1.253 -d -j RETURN<error>

Shorewall might be having trouble parsing the network information with the
above setup. The correct command should be "iptables -A eth2_mac -s
192.168.1.253 -d 255.255.255.255 -j RETURN"

Shorewall does't have any problems as long as maclist option is not used.

Venkatesh K

----- Original Message ----- 
From: "Tom Eastep" <teastep at shorewall.net>
To: "Shorewall Users Mailing List" <shorewall-users at lists.shorewall.net>
Sent: Friday, October 31, 2003 9:50 AM
Subject: Re: [Shorewall-users] Bug? with Maclist option


> On Fri, 31 Oct 2003, Venkatesh. K wrote:
>
> > Hi,
> >
> > I am having problem with setting up "maclist" with following versions.
> > I am using RedHat Stock Kernel 2.4.20-20.7 and iptables 1.2.8.
> >
> > shorewall-1.4.6c
> > shorewall-1.4.7b
> > shorewall-1.4.7c
> > shorewall-1.4.8-0RC1
> >
> > Shorewall stop with following error.
> >
> > <snip>
> > Setting up MAC Verification on eth2...
> > Bad argument `RETURN'
> > Try `iptables -h' or 'iptables --help' for more information.
> > Processing /etc/shorewall/stop ...
> > Processing /etc/shorewall/stopped ...
> > <snip>
> >
> > Here is the configuration files
> >
> > /etc/shorewall/zones
> > #ZONE   DISPLAY         COMMENTS
> > net     Net             Internet
> > loc     Local           Local networks
> > dmz     DMZ             Demilitarized zone
> > p2p     p2p             Point to Point Link
> > vpn     vpn             PPTP VPN Clients
> > #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
> >
> > /etc/shorewall/interfaces
> > #ZONE           INTERFACE       BROADCAST       OPTIONS
> > net             eth0            detect
> > loc             eth2            10.255.255.255  maclist
> > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> >
>
> On the Shorewall home page, you will see three Frames.
>
> In the left-hand Frame is an Index.
>
> In that Index is an entry entitled "Things to try if it doesn't work"
>
> If you click on that link, you will see a heading "If the firewall fails
> to start"
>
> Please follow the instructions that you find there.
>
> And also please tell me what I can do do make that information easier to
> find because I am completely out of ideas....
>
> -Tom
> --
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep at shorewall.net
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>



More information about the Shorewall-users mailing list