Shoreline Firewall (Shorewall)

On 01/05/2013 02:40 PM, f q wrote:
> Also, I think you want USE_DEFAULT_RT=Yes. I don't see how
> USE_DEFAULT_RT=No can possiblly work here, since you have to be able to
> route between the interfaces and both are provider interfaces.
> 
> 1) I made the changes as you requested, and set "USE_DEFAULT_RT=Yes",
> in /etc/shorewall/shorewall.conf.
> 2) I issued a /sbin/shorewall restart to re-read the configuration
> file (I'm not sure this is entirely required, but I wanted to be sure
> the new changes were being reflected in the current running
> configuration)
> 3) Applied the configuration for the firewall, normal warnings:
> Adding Providers...
>    WARNING: Interface tun0 is not usable -- Provider iPredator (2) not Started
>    WARNING: No Default route added (all 'balance' providers are down)
>    NOTICE: Default route restored
> 4) Connected to OpenVPN
> 5) Attempted to re-apply the firewall configuration, as before (no errors)
> 6) Attempted pings to verify connection (they traversed the VPN correctly)
> 7) Disconnected from the VPN, traffic then traversed my default
> connection incorrectly.

Come on -- you have to be specific. Exactly what connection did you
attempt that worked when you didn't believe that it should? Give the
source iP address, the destination IP address, protocol and port (if
appropriate).

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

2001	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct (93)	Nov (89)	Dec (68)
2002	Jan (229)	Feb (204)	Mar (314)	Apr (380)	May (367)	Jun (244)	Jul (300)	Aug (505)	Sep (359)	Oct (531)	Nov (427)	Dec (390)
2003	Jan (585)	Feb (623)	Mar (412)	Apr (315)	May (480)	Jun (394)	Jul (544)	Aug (768)	Sep (602)	Oct (680)	Nov (499)	Dec (398)
2004	Jan (407)	Feb (400)	Mar (410)	Apr (576)	May (619)	Jun (424)	Jul (513)	Aug (404)	Sep (433)	Oct (455)	Nov (550)	Dec (659)
2005	Jan (450)	Feb (472)	Mar (443)	Apr (465)	May (434)	Jun (273)	Jul (518)	Aug (484)	Sep (380)	Oct (400)	Nov (351)	Dec (265)
2006	Jan (335)	Feb (462)	Mar (498)	Apr (398)	May (280)	Jun (273)	Jul (229)	Aug (377)	Sep (201)	Oct (279)	Nov (247)	Dec (229)
2007	Jan (301)	Feb (190)	Mar (281)	Apr (444)	May (394)	Jun (247)	Jul (259)	Aug (391)	Sep (219)	Oct (306)	Nov (307)	Dec (257)
2008	Jan (256)	Feb (248)	Mar (330)	Apr (219)	May (194)	Jun (179)	Jul (183)	Aug (116)	Sep (260)	Oct (204)	Nov (274)	Dec (228)
2009	Jan (251)	Feb (160)	Mar (178)	Apr (196)	May (189)	Jun (239)	Jul (92)	Aug (155)	Sep (147)	Oct (169)	Nov (159)	Dec (205)
2010	Jan (63)	Feb (230)	Mar (94)	Apr (103)	May (113)	Jun (149)	Jul (158)	Aug (203)	Sep (255)	Oct (138)	Nov (122)	Dec (108)
2011	Jan (93)	Feb (100)	Mar (153)	Apr (175)	May (349)	Jun (210)	Jul (176)	Aug (179)	Sep (148)	Oct (151)	Nov (102)	Dec (83)
2012	Jan (179)	Feb (125)	Mar (211)	Apr (164)	May (195)	Jun (160)	Jul (137)	Aug (159)	Sep (214)	Oct (189)	Nov (71)	Dec (90)
2013	Jan (161)	Feb (99)	Mar (190)	Apr (133)	May (119)	Jun (97)	Jul (116)	Aug (109)	Sep (213)	Oct (175)	Nov (119)	Dec (90)
2014	Jan (104)	Feb (105)	Mar (125)	Apr (119)	May (141)	Jun (82)	Jul (193)	Aug (164)	Sep (160)	Oct (162)	Nov (44)	Dec (43)
2015	Jan (92)	Feb (67)	Mar (117)	Apr (67)	May (121)	Jun (39)	Jul (31)	Aug (87)	Sep (143)	Oct (130)	Nov (116)	Dec (67)
2016	Jan (66)	Feb (78)	Mar (127)	Apr (148)	May (56)	Jun (67)	Jul (30)	Aug (48)	Sep (87)	Oct (113)	Nov (64)	Dec (115)
2017	Jan (95)	Feb (73)	Mar (166)	Apr (27)	May (75)	Jun (94)	Jul (144)	Aug (94)	Sep (70)	Oct (98)	Nov (69)	Dec (176)
2018	Jan (140)	Feb (112)	Mar (68)	Apr (52)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec

S	M	T	W	T	F	S
		1 (4)	2 (7)	3 (23)	4 (7)	5 (12)
6 (8)	7 (6)	8 (12)	9 (14)	10 (6)	11 (13)	12 (2)
13 (2)	14 (2)	15 (18)	16 (4)	17 (5)	18	19 (1)
20 (4)	21 (1)	22	23 (4)	24 (1)	25	26 (1)
27	28 (2)	29 (2)	30	31

Thanks for helping keep SourceForge clean.

Shoreline Firewall (Shorewall)

Brought to you by: el_cubano, judas_iscariote, paulgear, teastep, tis

shorewall-users — Shoreline Firewall users - for getting help and reporting problems