ich habe ein problem mit MDK-10 und shorewall,
meine konstellation ist folgende:
eth0 loc <--- IP 192.168.x.1
eth1 net <---IP 10.0.x.10
(shorewall version 2.0.1)
wenn ich jetzt den rechner starte bekomme ich die meldung:
hier meine configs...Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Restarting Shorewall...
Loading Modules...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Available
Determining Zones...
Zones: net loc
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: ppp+:0.0.0.0/0 eth1:0.0.0.0/0
Local Zone: eth0:0.0.0.0/0
Processing /etc/shorewall/init ...
Deleting user chains...
Setting up Accounting...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Host 192.168.x.0 NAT 10.0.x.10 on ppp0
Setting up NETMAP...
Adding Common Rules
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.DropSMB...
Pre-processing /usr/share/shorewall/action.RejectSMB...
Pre-processing /usr/share/shorewall/action.DropUPnP...
Pre-processing /usr/share/shorewall/action.RejectAuth...
Pre-processing /usr/share/shorewall/action.DropPing...
Pre-processing /usr/share/shorewall/action.DropDNSrep...
Pre-processing /usr/share/shorewall/action.AllowPing...
Pre-processing /usr/share/shorewall/action.AllowFTP...
Pre-processing /usr/share/shorewall/action.AllowDNS...
Pre-processing /usr/share/shorewall/action.AllowSSH...
Pre-processing /usr/share/shorewall/action.AllowWeb...
Pre-processing /usr/share/shorewall/action.AllowSMB...
Pre-processing /usr/share/shorewall/action.AllowAuth...
Pre-processing /usr/share/shorewall/action.AllowSMTP...
Pre-processing /usr/share/shorewall/action.AllowPOP3...
Pre-processing /usr/share/shorewall/action.AllowIMAP...
Pre-processing /usr/share/shorewall/action.AllowTelnet...
Pre-processing /usr/share/shorewall/action.AllowVNC...
Pre-processing /usr/share/shorewall/action.AllowVNCL...
Pre-processing /usr/share/shorewall/action.AllowNTP...
Pre-processing /usr/share/shorewall/action.AllowRdate...
Pre-processing /usr/share/shorewall/action.AllowNNTP...
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
Pre-processing /usr/share/shorewall/action.AllowSNMP...
Pre-processing /usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Processing /etc/shorewall/rules...
Rule "ACCEPT loc net TCP 20:22,25,53,80,110,1863,3128,5190,6891:6900,6699,10000,7950" added.
Rule "ACCEPT loc net UDP 20:22,25,53,80,110,1863,3128,5190,6257,6891:6900,10000" added.
Rule "ACCEPT net loc TCP 21,22,25,53,80,110,1863,3128,5190,6891:6900,6699,10000,7950" added.
Rule "ACCEPT net loc UDP 21,22,25,53,80,110,1863,3128,5190,6257,6891:6900,10000" added.
Rule "ACCEPT fw loc UDP 137:139" added.
Rule "ACCEPT fw loc TCP 137,139" added.
Rule "ACCEPT fw loc UDP 1024: 137" added.
Rule "ACCEPT loc fw UDP 137:139" added.
Rule "ACCEPT loc fw TCP 137,139" added.
Rule "ACCEPT loc fw UDP 1024: 137" added.
Rule "ACCEPT loc fw TCP 21,22,25,53,80,110,3128,10000" added.
Processing Actions...
Processing /usr/share/shorewall/action.Drop...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "DropSMB" added.
Rule "DropUPnP" added.
Rule "dropNonSyn" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.Reject...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "RejectSMB" added.
Rule "DropUPnP" added.
Rule "dropNonSyn" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.RejectAuth...
Rule "REJECT - - tcp 113" added.
Processing /usr/share/shorewall/action.DropSMB...
Rule "DROP - - udp 135" added.
Rule "DROP - - udp 137:139" added.
Rule "DROP - - udp 445" added.
Rule "DROP - - tcp 135" added.
Rule "DROP - - tcp 139" added.
Rule "DROP - - tcp 445" added.
Processing /usr/share/shorewall/action.DropUPnP...
Rule "DROP - - udp 1900" added.
Processing /usr/share/shorewall/action.DropDNSrep...
Rule "DROP - - udp - 53" added.
Processing /usr/share/shorewall/action.RejectSMB...
Rule "REJECT - - udp 135" added.
Rule "REJECT - - udp 137:139" added.
Rule "REJECT - - udp 445" added.
Rule "REJECT - - tcp 135" added.
Rule "REJECT - - tcp 139" added.
Rule "REJECT - - tcp 445" added.
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy REJECT for fw to loc using chain all2all
Policy DROP for net to loc using chain net2all
Policy DROP for loc to fw using chain loc2fw
Policy DROP for loc to net using chain loc2net
Masqueraded Networks and Hosts:
To 0.0.0.0/0 from 192.168.48.0/24 through ppp+
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16" added.
Rule "all all tcp ftp-data - 8" added.
Rule "all all tcp - ftp-data 8" added.
Processing /etc/shorewall/ecn...
Activating Rules...
Adding IP Addresses...
Device "ppp0" does not exist.
Cannot find device "ppp0"
Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
Terminated
interfaces:
Code: Select all
#ZONE INTERFACE BROADCAST OPTIONS
#
net ppp+ -
net eth1 -
loc eth0 -
Code: Select all
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local networks
Code: Select all
#INTERFACE SUBNET ADDRESS
ppp+ 192.168.x.0/24
Code: Select all
#EXTERNAL INTERFACE INTERNAL ALL LOCAL
# INTERFACES
10.0.x.10 ppp0 192.168.x.0 yes no
Code: Select all
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
loc net DROP
loc $FW DROP
$FW net ACCEPT
net all DROP info
#
# THE FOLLOWING POLICY MUST BE LAST
#
all all REJECT info
Code: Select all
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGRATE=
LOGBURST=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=
FW=fw
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
TC_ENABLED=No
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=no
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=
DISABLE_IPV6=No
BRIDGING=No
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPOSITION=DROP
ich denke das es an der ip liegt die übergeben werden soll , ich kann mir aber auch irren
wenn jemand helfen könnte wäre ich sehr dankbar
gruss, x-tux