Hola Amigos quisiera que medieran una mano estoy configurando shorewall y tengo un problema no me inicia de forma normal.
a qui va la salida de start

user@serv ~]# service shorewall start
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Starting Shorewall...
/usr/share/shorewall/firewall: line 7691: /etc/shorewall/modules: No such file or directory
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Available
CLASSIFY Target: Available
FORWARD Mangle Chain: Available
Determining Zones...
IPv4 Zones: net loc
Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
net Zone: eth0:0.0.0.0/0
loc Zone: eth1:0.0.0.0/0
Processing /etc/shorewall/init ...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Pre-processing /usr/share/shorewall/action.Reject...
Pre-processing /usr/share/shorewall/action.Limit...
Deleting user chains...
Processing /etc/shorewall/continue ...
Processing /etc/shorewall/routestopped ...
Setting up Accounting...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Setting up NETMAP...
Adding Common Rules
Processing /etc/shorewall/initdone ...
Adding rules for DHCP
IP Forwarding Enabled
Setting up IPSEC...
Processing /etc/shorewall/rules...
Rule "ACCEPT fw net tcp 20,21,80,443 " added.
ERROR: Duplicate or out of order SECTION NEW
Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
/sbin/service: line 68: 18056 Terminado env -i LANG="$LANG" PATH="$PATH" TERM="$TERM" "${SERVICEDIR}/${SERVICE}" ${OPTIONS}
[user@serv ~]#

---

edulinux

mmmm deberias de publiar lo al parecer dice que tque hiciste ,tienes duplicado el SECTION NEW en el rules ... pero quisa sea en otro archivo deverias revisarlo ..un saludo

Copiastes las reglas de algún manual? Modificastes el archivo rules con el WorPad o Bloc de Notas?

hola amigos gracias por responderme.

Bueno segui las lineas que indica en la sección de manuales de este sitio y edite todos los archivos con vi.
Uso CentOs 4.5.

---

edulinux

Puedes echarle una ojeadita a el Manual de Shorewall del sitio Com-SL

salu2

Burjans

---

Mantente ávido por saber y tal vez llegaras a ser sabio

Amigos, mi problema es que tengo todo bloqueado, he seguido todos los manuales que encontre pero nada, quiero hacer andar Squid con Shorewall, pero ninguna maquina de la lan entra a Internet, solo el servidor.
He configurado todo como dicen los manuales,
Compiling...
Initializing...
Determining Zones...
IPv4 Zones: net loc
Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
net Zone: eth1:0.0.0.0/0
loc Zone: eth0:0.0.0.0/0
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Pre-processing /usr/share/shorewall/action.Limit...
Deleting user chains...
Compiling /etc/shorewall/routestopped ...
Creating Interface Chains...
Compiling Proxy ARP
Compiling NAT...
Compiling NETMAP...
Compiling Common Rules
Adding Anti-smurf Rules
Compiling TCP Flags checking...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling IP Forwarding...
Compiling /etc/shorewall/rules...
Compiling Actions...
Compiling /usr/share/shorewall/action.Drop for Chain Drop...
Compiling /usr/share/shorewall/action.Reject for Chain Reject...
Compiling /etc/shorewall/policy...
Compiling Masquerading/SNAT
Compiling Traffic Control Rules...
Validating /etc/shorewall/tcdevices...
Validating /etc/shorewall/tcclasses...
Compiling Rule Activation...
Compiling Refresh of Black List...
Validating /etc/shorewall/tcdevices...
Validating /etc/shorewall/tcclasses...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
Initializing...
Clearing Traffic Control/QOS
Deleting user chains...
Enabling Loopback and DNS Lookups
Creating Interface Chains...
Setting up Proxy ARP...
Setting up one-to-one NAT...
Setting up SMURF control...
Setting up Black List...
Adding Anti-smurf Jumps...
Setting up TCP Flags checking...
Setting up ARP filtering...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Accept Source Routing...
Setting up SYN Flood Protection...
Setting up IPSEC management...
Setting up Rules...
Setting up Actions...
Creating action chain Drop
Creating action chain Reject
Creating action chain dropBcast
Creating action chain dropInvalid
Creating action chain dropNotSyn
Applying Policies...
Setting up Masquerading/SNAT...
Setting up TC Rules...
Activating Rules...
done.

¿Por que me reconoce mi lan en eth0 como 0.0.0.0/0 ? , cuando deberia ser 192.168.1.0/24
Creo que tengo algo mal configurado.

muestranos que configurastes pana, asi te podremos ayudar mejor, rules, zones, policy, interfaces, masq, a lo mejor desinstalando el shorewall y eliminando el directorio por completo, de /etc/, instalalo nuevamente y ahi si configura sin copiar nada, solo editando.