Hi all, I''ve shorewall 3.2.6-2, kernel 2.4.27, iptables 1.3.6.0debian1-5 on a debian sarge machine.>From yesterday shorewall can''t start anymore and in theshorewall-init.log I''ve this: ERROR: Rule "REDIRECT lan 8081 tcp 80 " requires NAT which is disabled /sbin/shorewall: line 527: 17071 Terminated $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging $nolock compile ${VARDIR}/.start The rule REDIRECT is for dansguardian. I''ve tried to comment that line and the new error occours: iptables: No chain/target/match by that name ERROR: Command "/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT" Failed Processing /etc/shorewall/stop ... iptables: No chain/target/match by that name iptables: No chain/target/match by that name IP Forwarding Enabled Processing /etc/shorewall/stopped ... /sbin/shorewall: line 527: 14174 Terminated ${VARDIR}/.start $debugging start I''ve the nat enabled in the kernel and this configuration was working 2 days ago. No changes in any configuration file and no change in the NICs (both hardware and software configuration). Anyone can help me? Thanks. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep
2007-May-26 02:47 UTC
Re: Two questions about REDIRECT and iptables chain errors
sond wrote:> Hi all, I''ve shorewall 3.2.6-2, kernel 2.4.27, iptables 1.3.6.0debian1-5 > on a debian sarge machine. >>From yesterday shorewall can''t start anymore and in the > shorewall-init.log I''ve this: > > ERROR: Rule "REDIRECT lan 8081 tcp 80 " requires NAT which is > disabled > /sbin/shorewall: line 527: 17071 Terminated > $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging $nolock compile > ${VARDIR}/.start > > The rule REDIRECT is for dansguardian. > I''ve tried to comment that line and the new error occours: > > iptables: No chain/target/match by that name > ERROR: Command "/sbin/iptables -A FORWARD -m state --state > ESTABLISHED,RELATED -j ACCEPT" Failed > Processing /etc/shorewall/stop ... > iptables: No chain/target/match by that name > iptables: No chain/target/match by that name > IP Forwarding Enabled > Processing /etc/shorewall/stopped ... > /sbin/shorewall: line 527: 14174 Terminated > ${VARDIR}/.start $debugging start > > I''ve the nat enabled in the kernel and this configuration was working 2 > days ago. No changes in any configuration file and no change in the > NICs (both hardware and software configuration). > Anyone can help me? >What output does ''shorewall show capabilities'' produce? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/