- The seawall.conf file released with version 3.0 was missing the "dmz" and "poptop" variables. Although Seattle Firewall will work without these variables, if you wish to have a complete config file, you may download ftp://seawall.sourceforge.net/pub/Seawall/errata/3.0/seawall.conf. This problem is also corrected in version 3.0.1.
- Seattle Firewall 3.0 does not work properly on a standalone system. Please download and install version 3.0.1.
- The /etc/seawall/servers file is ignored on a standalone system. This is fixed in version 3.1.2.
- The ip utility must be installed in /sbin (as opposed to /usr/sbin). This is fixed in version 3.1.2.
- IPSec tunnels on the firewall system require that ipsec0 or ipsec9 be used. This is fixed in version 3.1.2.
The firewall fails to start on Mandrake 7.1. This is a problem with bash-2.04 that can be worked around by changing the run_ipchains and run_ipmasqadm functions in the "firewall" script.
Change "if ( ! ipchains $* ); then" to "if ! ipchains $* ; then" and change "if ( ! ipmasqadm portfw $* ) ; then" to "if ! ipmasqadm portfw $* ; then".
- Specifying "Yes" for pptpclient only results in ppp0 being enabled. Download a corrected firewall script here.
- Configuring poptop on a system with a PPP/PPoE interface to the internet opens the firewall completely (The PoPToP documentation warns against running PoPToP on systems connected via PPP but the firewall did not prevent such configurations). I have uploaded a version of the firewall script that allows PoPToP to be safely configured on PPP/PPoE systems.
The above two problems are also corrected in Version 3.2.2.
- The version 3.2.2 LRP module uploaded to Sourceforge was actually a 3.0 version. A new 3.2.3 version has been uploaded.
- Version 3.2.2 (and LRP version 3.2.3) fails to start on systems that have a DMZ configured and that have ip installed. Download a corrected firewall script here or on an LRP system, edit the /etc/init.d/firewall script directly and change line 1326:
if [ -z "`echo $dmznet" | grep '/'`" ]; then
should be:
if [ -z "`echo "$dmznet" | grep '/'`" ]; then
Be sure to backup Seattle Firewall to your boot floppy (Step 10) after you make this change.
Note that this problem doesn't occur on Coyote systems since those systems have ifconfig rather than ip.
- Installation of Coyote LRP fails. Be sure that you have the latest version of the instructions (refresh them in your browser). The original instructions had a typo and a "chicken and egg" problem among others. The correct instructions have 16 steps.
- Version 3.2.2 (and LRP version 3.2.3) fail to start on systems with pptpserver set; download a corrected firewall script here. LRP users will want to edit the firewall script and change line 1456:
run_ipmasqadm portfw -a -P tcp -L $myip 1723 -R "$pptpserver" 1723
should be:
run_ipmasqadm -a -P tcp -L $myip 1723 -R "$pptpserver" 1723
In other words, remove the word "portfw".
- Coyote version 3.2.2 was incompatible with the version of "grep" released with Coyote (Seattle Firewall assumes that grep searches for regular expressions while Coyote grep only searches for strings). A new version of the Seattle Firewall Coyote module corrects this problem.
- Version 3.2.2 broke dial-up and PPPOE :-( Download a corrected firewall script here
- Restarting the firewall when masquerading an IPSEC tunnel results in the message: IOCADDRT: File exists. Download a corrected firewall script here
- A "seawall stop" command will cause subsequent attempts to obtain an IP address via DHCP to fail. Download a corrected firewall script here
Last updated 11/4/2000 - Tom Eastep