dexter11 Posted September 20, 2006 Report Share Posted September 20, 2006 I have to open up a port for Azureus, which I do using drakfirewall. But every time I reboot shorewall forgets it and I have to use drakfirewall again. I've read the shorewall howto here and checked the /etc/shorewall/rules file and it seems correct to me. This is the relevant part: ACCEPT net fw udp 49154 -ACCEPT net fw tcp 49154 Starting drakfirewall from the console and applying settings prints out this: [root@localhost csaba]# drakfirewallLoading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Restarting Shorewall... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Not available Physdev Match: Available IP range Match: Available Recent Match: Available Owner Match: Not available Ipset Match: Not available ROUTE Target: Not available Extended MARK Target: Available CONNMARK Target: Available Connmark Match: Available Determining Zones... Zones: net loc Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: ppp+:0.0.0.0/0 Local Zone: eth0:0.0.0.0/0 Processing /etc/shorewall/init ... Pre-processing Actions... Pre-processing /usr/share/shorewall/action.DropSMB... Pre-processing /usr/share/shorewall/action.RejectSMB... Pre-processing /usr/share/shorewall/action.DropUPnP... Pre-processing /usr/share/shorewall/action.RejectAuth... Pre-processing /usr/share/shorewall/action.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth... Pre-processing /usr/share/shorewall/action.AllowSMTP... Pre-processing /usr/share/shorewall/action.AllowPOP3... Pre-processing /usr/share/shorewall/action.AllowICMPs... Pre-processing /usr/share/shorewall/action.AllowIMAP... Pre-processing /usr/share/shorewall/action.AllowTelnet... Pre-processing /usr/share/shorewall/action.AllowVNC... Pre-processing /usr/share/shorewall/action.AllowVNCL... Pre-processing /usr/share/shorewall/action.AllowNTP... Pre-processing /usr/share/shorewall/action.AllowRdate... Pre-processing /usr/share/shorewall/action.AllowNNTP... Pre-processing /usr/share/shorewall/action.AllowTrcrt... Pre-processing /usr/share/shorewall/action.AllowSNMP... Pre-processing /usr/share/shorewall/action.AllowPCA... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Deleting user chains... Processing /etc/shorewall/continue ... Processing /etc/shorewall/routestopped ... Setting up Accounting... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Setting up NETMAP... Adding Common Rules Processing /etc/shorewall/initdone ... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/ipsec... Processing /etc/shorewall/rules... Rule "ACCEPT net fw udp 49154 -" added. Rule "ACCEPT net fw tcp 49154 -" added. Processing Actions... Generating Transitive Closure of Used-action List... Processing /usr/share/shorewall/action.Drop for Chain Drop... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "AllowICMPs - - icmp" added. Rule "dropInvalid" added. Rule "DropSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn - - tcp" added. Rule "DropDNSrep" added. Processing /usr/share/shorewall/action.Reject for Chain Reject... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "AllowICMPs - - icmp" added. Rule "dropInvalid" added. Rule "RejectSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn - - tcp" added. Rule "DropDNSrep" added. Processing /usr/share/shorewall/action.RejectAuth for Chain RejectAuth... Rule "REJECT - - tcp 113" added. Processing /usr/share/shorewall/action.AllowICMPs for Chain AllowICMPs... Rule "ACCEPT - - icmp fragmentation-needed" added. Rule "ACCEPT - - icmp time-exceeded" added. Processing /usr/share/shorewall/action.DropSMB for Chain DropSMB... Rule "DROP - - udp 135" added. Rule "DROP - - udp 137:139" added. Rule "DROP - - udp 445" added. Rule "DROP - - tcp 135" added. Rule "DROP - - tcp 139" added. Rule "DROP - - tcp 445" added. Processing /usr/share/shorewall/action.DropUPnP for Chain DropUPnP... Rule "DROP - - udp 1900" added. Processing /usr/share/shorewall/action.DropDNSrep for Chain DropDNSrep... Rule "DROP - - udp - 53" added. Processing /usr/share/shorewall/action.RejectSMB for Chain RejectSMB... Rule "REJECT - - udp 135" added. Rule "REJECT - - udp 137:139" added. Rule "REJECT - - udp 445" added. Rule "REJECT - - tcp 135" added. Rule "REJECT - - tcp 139" added. Rule "REJECT - - tcp 445" added. Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy ACCEPT for fw to loc using chain fw2loc Policy DROP for net to fw using chain net2all Policy ACCEPT for loc to fw using chain loc2fw Policy ACCEPT for loc to net using chain loc2net Masqueraded Networks and Hosts: Processing /etc/shorewall/tos... Processing /etc/shorewall/ecn... Activating Rules... Processing /etc/shorewall/start ... Shorewall Restarted Processing /etc/shorewall/started ... Any ideas? Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted September 20, 2006 Report Share Posted September 20, 2006 Mine was working fine for my machine for ports 21/22 when I had these configured. However, never used drakfirewall to run it all. Mine was done with: service shorewall start or service shorewall stop my lines in /etc/shorewall/rules appear exactly in the same format as yours. Maybe it's because of drakfirewall :unsure: Quote Link to comment Share on other sites More sharing options...
dexter11 Posted September 20, 2006 Author Report Share Posted September 20, 2006 (edited) Does it mean that I have to stop and restart shorewall everytime? This is what I want to avoid, restart it everytime I boot in. I forgot to mention but this is PCLinuxOS 0.93 Edited September 20, 2006 by dexter11 Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted September 21, 2006 Report Share Posted September 21, 2006 In all honesty, I dunno if you need to restart it each time or not to pick up the new rules. I only know, I've always just issued: service shorewall restart if I had any probs. When you use iptables, or when I have in other distros, there's just a command to refresh it afterwards - unfortunately, can't quite remember what it was. Quote Link to comment Share on other sites More sharing options...
dexter11 Posted September 21, 2006 Author Report Share Posted September 21, 2006 Tried without the GUI (drakfirewall) this time. After I booted in and started the internet connection I launched Azureus and tryed the NAT\Firewall test in the Tools menu. It gave a NAT error on the port which is setup for Azureus as I expected. So I stopped shorewall service shorewall stop Then I tryed the NAT\Firewall test again. Still Nat error. Then I restarted shorewall service shorewall restart Tryed the NAT\Firewall test again and it's OK. What the hell... Should I modify IPtables somehow? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.