thr3ads.net - Shorewall devel - shorewall-perl 4.0.10 [May 2008]

If this information is useful, please help other people find it:
Share via:

Srinivasa Hebbar

2008-May-15 19:08 UTC

shorewall-perl 4.0.10

Hello,

Shorewall perl 4.0.10 stops with errors when 
the interface in providers file doesn''t exist in the sytem.
I have given "optional" keyword in the providers file.

Code generated looks like below.

define_firewall() {

    clear_routing_and_traffic_shaping
    #
    # Establish the values of shell variables used in the following function 
calls
    #
    ppp1_ADDRESS=$(find_first_interface_address ppp1)
    ppp2_ADDRESS=$(find_first_interface_address ppp2)

.....

The above lines are from /var/lib/shorewall/.restart

I have given ppp1 and ppp2 as optional interface in providers file as below.
wan1 1 0x100 main ppp1 detect optional  eth3
wan2 2 0x200 main ppp2 detect optional  eth3

-------
Shorewall start fails as follows:
Starting Shorewall....
Initializing...
   ERROR: Can''t determine the IP address of ppp1
Terminated


Thanks,
Hebbar

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Tom Eastep

2008-May-15 21:36 UTC

head link

Re: shorewall-perl 4.0.10

Srinivasa Hebbar wrote:> Hello,
> 
> Shorewall perl 4.0.10 stops with errors when 
> the interface in providers file doesn''t exist in the sytem.
> I have given "optional" keyword in the providers file.
> 
> Code generated looks like below.
> 
> define_firewall() {
> 
>     clear_routing_and_traffic_shaping
>     #
>     # Establish the values of shell variables used in the following
function
> calls
>     #
>     ppp1_ADDRESS=$(find_first_interface_address ppp1)
>     ppp2_ADDRESS=$(find_first_interface_address ppp2)
> 
> .....
> 
> The above lines are from /var/lib/shorewall/.restart
> 
> I have given ppp1 and ppp2 as optional interface in providers file as
below.
> wan1 1 0x100 main ppp1 detect optional  eth3
> wan2 2 0x200 main ppp2 detect optional  eth3
> 
> -------
> Shorewall start fails as follows:
> Starting Shorewall....
> Initializing...
>    ERROR: Can''t determine the IP address of ppp1
> Terminated
You also need to specify the ''optional'' interface option in 
/etc/shorewall/interfaces.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Tom Eastep

2008-May-15 22:38 UTC

head link

Re: shorewall-perl 4.0.10

Tom Eastep wrote:
>>
>> I have given ppp1 and ppp2 as optional interface in providers file as 
>> below.
>> wan1 1 0x100 main ppp1 detect optional  eth3
>> wan2 2 0x200 main ppp2 detect optional  eth3
>>
>> -------
>> Shorewall start fails as follows:
>> Starting Shorewall....
>> Initializing...
>>    ERROR: Can''t determine the IP address of ppp1
>> Terminated
> 
> You also need to specify the ''optional'' interface option
in
> /etc/shorewall/interfaces.
> 
I should add that 4.2 will make this simpler -- specifying
''optional'' for an
interface in /etc/shorewall/interfaces is all that is required to make 
providers through that interface optional as well.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Srinivasa Hebbar

2008-May-16 03:56 UTC

head link

Re: shorewall-perl 4.0.10

Hello,

Even when I add "optional" in interfaces file, the same error occurs
and shorewall stops.

Interfaces:
wan ppp1 detect tcpflags,nosmurfs,optional
wan ppp2 detect tcpflags,nosmurfs,optional
lan  eth3 detect tcpflags

providers:
wan1 1 0x100 main ppp1 detect optional  eth3
wan2 2 0x200 main ppp2 detect optional  eth3

zones:
fw      firewall
wan      ipv4
lan      ipv4

Error:
Processing /etc/shorewall/params ...
   Shorewall is not running
Starting Shorewall....
Initializing...
   ERROR: Can''t determine the IP address of ppp1
Terminated


Thanks,
Hebbar.
> Tom Eastep wrote:
> >> I have given ppp1 and ppp2 as optional interface in providers file
as
> >> below.
> >> wan1 1 0x100 main ppp1 detect optional  eth3
> >> wan2 2 0x200 main ppp2 detect optional  eth3
> >>
> >> -------
> >> Shorewall start fails as follows:
> >> Starting Shorewall....
> >> Initializing...
> >>    ERROR: Can''t determine the IP address of ppp1
> >> Terminated
> >
> > You also need to specify the ''optional'' interface
option in
> > /etc/shorewall/interfaces.
>
> I should add that 4.2 will make this simpler -- specifying
''optional'' for
> an interface in /etc/shorewall/interfaces is all that is required to make
> providers through that interface optional as well.
>
> -Tom
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Srinivasa Hebbar

2008-May-16 03:59 UTC

head link

Re: shorewall-perl 4.0.10

Hello,

Even when I add "optional" in interfaces file, the same error occurs
and shorewall stops.

Interfaces:
wan ppp1 detect tcpflags,nosmurfs,optional
wan ppp2 detect tcpflags,nosmurfs,optional
lan  eth3 detect tcpflags

providers:
wan1 1 0x100 main ppp1 detect optional  eth3
wan2 2 0x200 main ppp2 detect optional  eth3

zones:
fw      firewall
wan      ipv4
lan      ipv4

Error:
Processing /etc/shorewall/params ...
   Shorewall is not running
Starting Shorewall....
Initializing...
   ERROR: Can''t determine the IP address of ppp1
Terminated


Thanks,
Hebbar.
> Tom Eastep wrote:
> >> I have given ppp1 and ppp2 as optional interface in providers file
as
> >> below.
> >> wan1 1 0x100 main ppp1 detect optional  eth3
> >> wan2 2 0x200 main ppp2 detect optional  eth3
> >>
> >> -------
> >> Shorewall start fails as follows:
> >> Starting Shorewall....
> >> Initializing...
> >>    ERROR: Can''t determine the IP address of ppp1
> >> Terminated
> >
> > You also need to specify the ''optional'' interface
option in
> > /etc/shorewall/interfaces.
>
> I should add that 4.2 will make this simpler -- specifying
''optional'' for
> an interface in /etc/shorewall/interfaces is all that is required to make
> providers through that interface optional as well.
>
> -Tom
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Tom Eastep

2008-May-16 05:19 UTC

head link

Re: shorewall-perl 4.0.10

Srinivasa Hebbar wrote:> Hello,
> 
> Even when I add "optional" in interfaces file, the same error
occurs
> and shorewall stops.
> 
> Interfaces:
> wan ppp1 detect tcpflags,nosmurfs,optional
> wan ppp2 detect tcpflags,nosmurfs,optional
> lan  eth3 detect tcpflags
> 
> providers:
> wan1 1 0x100 main ppp1 detect optional  eth3
> wan2 2 0x200 main ppp2 detect optional  eth3
> 
> zones:
> fw      firewall
> wan      ipv4
> lan      ipv4
> 
> Error:
> Processing /etc/shorewall/params ...
>    Shorewall is not running
> Starting Shorewall....
> Initializing...
>    ERROR: Can''t determine the IP address of ppp1
> Terminated
>
Then please send a tarball of your /etc/shorewall/ directory, including a 
capabilities file -- I can''t reproduce the problem here.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Tom Eastep

2008-May-16 14:30 UTC

head link

Re: shorewall-perl 4.0.10

Tom Eastep wrote:> Srinivasa Hebbar wrote:
>> interfaces
>> wan ppp1 detect tcpflags,nosmurfs,optional
>> wan ppp2 detect tcpflags,nosmurfs,optional
>> lan  eth3 detect tcpflags
>>
>> providers:
>> wan1 1 0x100 main ppp1 detect optional  eth3
>> wan2 2 0x200 main ppp2 detect optional  eth3
>>
>> zones:
>> fw      firewall
>> wan      ipv4
>> lan      ipv4
>>
>> Error:
>> Processing /etc/shorewall/params ...
>>    Shorewall is not running
>> Starting Shorewall....
>> Initializing...
>>    ERROR: Can''t determine the IP address of ppp1
>> Terminated
>>
> 
> Then please send a tarball of your /etc/shorewall/ directory, including 
> a capabilities file -- I can''t reproduce the problem here.
>
You can send the tarball to support@shorewall.net if you are squeamish 
about sending it to the list.

My test case has:

[teastep@fedora user008]$ /sbin/shorewall version -a
4.0.10
Shorewall-perl 4.0.10
[teastep@fedora user008]$

zones:
fw      firewall
lan     ipv4
...

interfaces:
lan     eth0            -               nosmurfs,tcpflags,dhcp,optional
lan     eth5            -               nosmurfs,tcpflags,dhcp,optional
...

providers:
isp1    1       1       main       eth0       detect          optional
isp2    2       2       main       eth5       detect          optional

That configuration produces this shell code:

     ETH5_ADDRESS=$(find_first_interface_address_if_any eth5)
     ETH0_ADDRESS=$(find_first_interface_address_if_any eth0)

The find_first_interface_address_if_any() function does not fail with 
the error message that you are seeing.

-Tom


-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Tom Eastep

2008-May-17 14:04 UTC

head link

Re: shorewall-perl 4.0.10

Srinivasa Hebbar wrote:> Hello,
> 
> Even when I add "optional" in interfaces file, the same error
occurs
> and shorewall stops.
>And I have asked you to send me a copy of your /etc/shorewall directory 
because I cannot reproduce the problem.

I can''t solve your problem just by looking at your emails, no matter
how
many you send.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Shorewall devel - May 2008 - shorewall-perl 4.0.10

shorewall-perl 4.0.10

Re: shorewall-perl 4.0.10

Re: shorewall-perl 4.0.10

Re: shorewall-perl 4.0.10

Re: shorewall-perl 4.0.10

Re: shorewall-perl 4.0.10

Re: shorewall-perl 4.0.10

Re: shorewall-perl 4.0.10