Shorewall users - Jul 2007 - Migration problem

Hi,

i''ve been trying, for a few days, to migrate from shorewall 2.2.4 to
3.4.2, then 3.4.4

After reading several times instructions on migration, new manpages and
features, I can''t figure out why it''s still not working.

I may have missed something important or completly numb but can''t
figure
out what as when I run shorewall check, it says to me :

...
Checking Rule Activation...
Shorewall configuration verified

but when I run shorewall start, I get :

...
Compiling Rule Activation...
Shorewall configuration compiled to /var/lib/shorewall/.start
/var/lib/shorewall/.start: line 1508: syntax error near unexpected token
`}''
/var/lib/shorewall/.start: line 1508: `}''

After looking at /var/lib/shorewall/.start, the problem seems to be more
near line 839 which corresponds to my first DNAT rule ...

the generated code seems lacking a "done" command :

.....
addr=$(find_first_interface_address eth0)
run_iptables -t nat -N net0_dnat

for adr in $addr; do
    run_iptables -t nat -A net0_dnat -p tcp --dport 57 -d $adr -j DNAT 
--to-destination 10.2.22.5
run_iptables -A net02lan2 -p tcp -d 10.2.22.5 --dport 57 -j ACCEPT
progress_message "   Rule \"DNAT net0 lan2:10.2.22.5 tcp 57    
\" added."
   
^^^^^ shouldn''t there be a "done" here ?

addr=$(find_first_interface_address eth0)
   
for adr in $addr; do
.....   

I do think about a misconfiguration from my side but as I get no errors,
I can''t figure it out ...it looks like something is fooling the
compiler
as he doesn''t generate a correct bash script

Sorry for bothering you with such a silly thing,

Best regards,

MaNU

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

eescar@free.fr wrote:
> Hi,
> 
> i''ve been trying, for a few days, to migrate from shorewall 2.2.4
to
> 3.4.2, then 3.4.4
> 
> After reading several times instructions on migration, new manpages and
> features, I can''t figure out why it''s still not working.
> 
> I may have missed something important or completly numb but can''t
figure
> out what as when I run shorewall check, it says to me :
> 
> ...
> Checking Rule Activation...
> Shorewall configuration verified
> 
> but when I run shorewall start, I get :
> 
> ...
> Compiling Rule Activation...
> Shorewall configuration compiled to /var/lib/shorewall/.start
> /var/lib/shorewall/.start: line 1508: syntax error near unexpected token
`}''
> /var/lib/shorewall/.start: line 1508: `}''
> 
> After looking at /var/lib/shorewall/.start, the problem seems to be more
> near line 839 which corresponds to my first DNAT rule ..
Sure would be good if you would show us your "first DNAT rule".

There was a problem like this corrected in 3.4.4 but you seem to have
found another one.
.
> 
> the generated code seems lacking a "done" command :
> 
> .....
> addr=$(find_first_interface_address eth0)
> run_iptables -t nat -N net0_dnat
> 
> for adr in $addr; do
>     run_iptables -t nat -A net0_dnat -p tcp --dport 57 -d $adr -j DNAT 
> --to-destination 10.2.22.5
> run_iptables -A net02lan2 -p tcp -d 10.2.22.5 --dport 57 -j ACCEPT
> progress_message "   Rule \"DNAT net0 lan2:10.2.22.5 tcp 57    
\" added."
>    
> ^^^^^ shouldn''t there be a "done" here ?
> 
> addr=$(find_first_interface_address eth0)
>    
> for adr in $addr; do
> .....   
> 
> I do think about a misconfiguration from my side but as I get no errors,
> I can''t figure it out ...it looks like something is fooling the
compiler
> as he doesn''t generate a correct bash script
> 
> Sorry for bothering you with such a silly thing,
I would appreciate it if you would:

a) shorewall show -f capabilities > /etc/shorewall/capabilities
b) Tar up your /etc/shorewall directory and send the tarball to be
personally.

Thanks,
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/