Hi,
My apologies for the late answer.
Le lundi 9 avril 2007 00:49, vous avez écrit :
> >>> Since I upgraded my server from sarge to etch, I noticed that
> >>> NAT (masquerade) rules are lost after a reboot.
> >>> The workaround is to append this lines to /etc/rc.local :
> >>> /etc/init.d/shorewall stop
> >>> /etc/init.d/shorewall start
> >>> to have Internet on the LAN normally, without worrying to know
> >>> if the server were rebooted or not.
In fact I have now 2 new servers under Debian. One presents exactly
the same problem, and the second also but it have another problem :
randomly (in any case, I could not determine the cause of the
problem) the masquerade fall. I have to do
/etc/init.d/shorewall stop
/etc/init.d/shorewall start
to recover Internet on the lan.
> >> please temporarily comment the two lines you add to your
> >> /etc/rc.local, reboot your machine, and send me the content of
> >> the log file /var/log/shorewall-init.log.
> >
> > Ok : it's attached.
>
> Mmm, the file is almost empty:
>
> Compiling...
> Shorewall configuration compiled to /var/lib/shorewall/.restart
> Restarting Shorewall....
> done.
>
> That is not normal.
>
> Could you please send me your configuration files and the file
> /etc/network/interfaces?
First machine (etch) :
/etc/network/interfaces :
auto eth0
iface eth0 inet dhcp
auto eth2
iface eth2 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
/etc/shorewall/zones
fw firewall
local ipv4
inet ipv4
/etc/shorewall/interfaces
inet eth0 detect routefilter,dhcp,tcpflags
local eth2 detect tcpflags
/etc/shorewall/policy
fw all ACCEPT
local all ACCEPT
inet all DROP info
all all REJECT info
/etc/shorewall/masq
eth0 eth2
And some rules in /etc/shorewall/rules ; I can send you this file if
you want.
Second machine, testing :
/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth1
iface eth1 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.254
auto eth2
iface eth2 inet static
address 192.168.0.254
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
/etc/shorewall/zones
fw firewall
local ipv4
wifi ipv4
/etc/shorewall/interfaces
wifi eth1 detect routefilter,tcpflags
local eth2 detect tcpflags
/etc/shorewall/policy
fw all ACCEPT
local all ACCEPT
wifi all DROP
all all REJECT info
/etc/shorewall/masq
eth1 eth2
/etc/shorewall/rules
ACCEPT wifi fw icmp 8
ACCEPT wifi:192.168.2.254 all tcp
ACCEPT wifi:192.168.2.254 all udp
ACCEPT wifi fw tcp 21
ACCEPT wifi fw tcp 80
ACCEPT wifi fw tcp 22
ACCEPT wifi fw tcp 2000
ACCEPT wifi fw tcp 8000
And last machine (etch), where the masquerade fall randomly.
/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
auto eth2
iface eth2 inet static
address 172.17.42.233
netmask 255.255.0.0
network 172.17.0.0
broadcast 172.17.255.255
#gateway 172.17.0.1
auto eth1
iface eth1 inet static
address 192.168.2.254
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
/etc/shorewall/zones
fw firewall
inet ipv4
wifi ipv4
local ipv4
/etc/shorewall/interfaces
inet eth0 detect routefilter,tcpflags
wifi eth1 detect tcpflags
local eth2 detect tcpflags
/etc/shorewall/policy
fw all ACCEPT
wifi all ACCEPT
local all ACCEPT
inet all DROP
all all REJECT info
/etc/shorewall/masq
eth0 eth1
Regards,
Aurélien.
--
Mail et newgroups : pourquoi et comment citer un message, infos à
propos du langage SMS, sur les pièces jointes, ...
http://www.aurelp.fr.eu.org/blog/index.php?2007/01/09/35-communiquer-mail
