Maybe you should try giving away more info first ?

OS, shorewall version etc.

I have used shorewall in very complex setups ( 2 or more providers with loadbalancing, failover + 5 or more internal network + up to 10 OpenVPN tunnels + bridged KVM's on both internal, external interfaces AND their own virtual network ) and i have had no trouble in making things just work.


----- "felis nigripes" <f.nigripes@gmail.com> wrote:
Thanks Tom, Roberto,

apparently i'm way too stupid to get a simple cookbook config to run in a reasonable time.
I spend a lot of time looking for ways to get the config's notation right - commented examples in the config files would probably help me better than a lot of documentation and might be a nice idea for noobs like me -
f.i. in shorewall.conf:

# lograte example: 15/minute, if you use this option also fill in the logburst number
LOGRATE=

Anyway, thank you for the software, pity i can't get it to do what i need it to do

cheers


2010/3/19 felis nigripes <f.nigripes@gmail.com>
Hi Roberto,

thank you for your speedy reply!
'k will follow your advice, but still wonder about what i'm doing wrong.
I have a server in a local network, with a gateway. The local network needs more access, f.i. ssh, the Net only web. Simple i agree, i bet it's easy in shorewall too, just have to find out how :)

kind regards

2010/3/19 Roberto C. Sánchez <roberto@connexer.com>
On Fri, Mar 19, 2010 at 08:25:58PM +0100, felis nigripes wrote:
>
>    SSH/ACCEPT          loc            $FW
>
>    with 'loc' in hosts specified as [1]192.168.0.150/32
>
>    If i specify a debug loglevel i see no change. How can i debug shorewall?
>    What am i missing?
>
shorewall-hosts(5) says this:

"This file is used to define zones in terms of subnets and/or individual
IP addresses. Most simple setups don´t need to (should not) place
anything in this file."

I am guessing that your setup is simple, so you should remove that entry
from the hosts file, restart Shorewall and try again.

Regards,

-Roberto

--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuj0bIACgkQ5SXWIKfIlGQzpQCdFXR7zt5JYLaBk3YAjyEHK+Ue
nR8AnRnjbk53u9VOOv72Na91I2IxhmUm
=fJNT
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users




------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



--


Nikolai K. Bochev
System Administrator

Website : GrandstarCO | http://www.grandstarco.com