Hello everybody,
Please help me to add rule for “tracert” in shorewall.
I wish to run “tracert” from GREEN, ORANGE and BLUE.
I’m not a programmer so please treat me like a “monkey” who want to use NS!
Thank you in advance!
Gabriel
Hi, what do you mean? in linux it is traceroute command
-i interface
Specifies the interface through which traceroute should send packets. By default, the interface is selected according to the routing table.
Hi Nas,
I cannot tracert from GREEN. Ping is allowed.
I just read here how, but …
it is simple to implement, make custom template in shorewall
1 Like
I know it is simple. For you.
I give 
& 
so make a trick :
mkdir -p /etc/e-smith/templates-custom/etc/shorewall/rules
touch /etc/e-smith/templates-custom/etc/shorewall/rules/90icmp_green
vi /etc/e-smith/templates-custom/etc/shorewall/rules/90icmp_green
90icmp_green
{
use esmith::NetworksDB;
my $ndb = esmith::NetworksDB->open_ro();
if ($ndb->green()) {
$OUT.="?COMMENT Allow ICMP from green\n";
$OUT.=“Trcrt/ACCEPT loc net\n”;
}
}
Finally run
signal-event firewall-adjust
Is not e-smith instead of esmith ?
Look at /etc/shorewall/rules you should see section 90icmp after you run signal-event firewall-adjust. Or you could run shorewall check and after it Try to make tracert command.
Hi Nas,
I think I did something wrong before to ask for help and maybe that be the cause.
I tried to create a service according this doc: http://docs.nethserver.org/projects/nethserver-devel/en/latest/services.html#add-a-new-service
The service was created but I could not make it to run.
After that I saw ping under shorewall …
Now I disabled the service but I don’t know how can I remove it. How can I remove the service?
db configuration delete tracert
singnal-event firewall-adjust
and put TAB in template beetwen Accept loc net icmp, you see you should have enrty like 90dns_blue
- db configuration delete tracert - OK!
- put TAB in template beetwen Accept loc net icmp, you see you should have enrty like 90dns_blue - OK!
- signal-event firewall-adjust - Done
- tracert - Fail
Hi Nas,
Stupid question: for tracert isn’t need that the port UDP 33434 to be specified … somewhere?
First show what is in /var/log/messages while you making tacert
try to add
ACCEPT:info $FW net icmp
i have no way to reproduce, you could wrtie me on skype
Thank you Nas but I don’t want to waste your time with me!
I use this configuration of NethServer at my home for tests (I was on vacation till yesterday and I spent some time to learn NS better).
From Monday I will be at my office and I’ll test NS as e-mail server in DMZ to replace Zentyal.
Anyway, I think that tracert must be enabled by default, for all “inside” zones (GREEN, ORANGE, BLUE). I use this for many times. It’s a very usefull tool.
Thank you again!
PS
I found one contact “fedai” from Ukraine on Skype. Is that you?
my skype nassir_911
and we should investigate the issues and build Feature or fork on GIT
If U have zentyal could you pls export ldap user by phpldapadmin?
I will try.
My Zentyal (4.0.9 version) is a standalone multi-domain email server only, placed in DMZ.
The users and their email account are local (on Zentyal), not related to the windows PDC/AD server.
(nassir911 ?)
yep Brazil is mine 
skype