shorewall 3.4.8 on gentoo (kernel 2.6.26-r3). I''m not sure when this
started but when i change rule or add a new rule, then shorewall restart
(or stop then start). The OLD rules are still present under iptables -L
-nv. I stop shorewall and the iptables -L -nv shows no rules. Start
and it still shows the old rule sets. Also, i started noticing a
shorewall.{hash} directory showing up under the /tmp directory. I''ve
never seen this.
Where in the heck to i start looking......?
Vernon
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Vernon A. Fort wrote:> shorewall 3.4.8 on gentoo (kernel 2.6.26-r3). I''m not sure when this > started but when i change rule or add a new rule, then shorewall restart > (or stop then start). The OLD rules are still present under iptables -L > -nv. I stop shorewall and the iptables -L -nv shows no rules. Start > and it still shows the old rule sets. Also, i started noticing a > shorewall.{hash} directory showing up under the /tmp directory. I''ve > never seen this. > > Where in the heck to i start looking......?I suspect that ''shorewall start'' is failing and your saved configuration is being installed. What do the final messages of ''/sbin/shorewall restart'' look like? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Tom Eastep wrote:> Vernon A. Fort wrote: > >> shorewall 3.4.8 on gentoo (kernel 2.6.26-r3). I''m not sure when this >> started but when i change rule or add a new rule, then shorewall restart >> (or stop then start). The OLD rules are still present under iptables -L >> -nv. I stop shorewall and the iptables -L -nv shows no rules. Start >> and it still shows the old rule sets. Also, i started noticing a >> shorewall.{hash} directory showing up under the /tmp directory. I''ve >> never seen this. >> >> Where in the heck to i start looking......? >> > > I suspect that ''shorewall start'' is failing and your saved configuration > is being installed. What do the final messages of ''/sbin/shorewall > restart'' look like? > > -Tom > > ------------------------------------------------------------------------It looked (looks) perfectly normal - no errors. I also reviewed the /var/lib/shorewall/.start and .restart and .restore and it appeared the previous settting were IN these files. I went ahead and updated to the 4.2.5 version and wiped all the previous configuration directory. Re-configured and it started working as expected. But while tweeking the QOS (tcstart) stuff, it happened just after i did a shorewall stop. until i wiped the lib directory, the start would appear normal but the tables looked as if i just did a stop (only the routestopped values were present). Very odd..... Vernon ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Vernon A. Fort wrote:> Tom Eastep wrote: >> I suspect that ''shorewall start'' is failing and your saved configuration >> is being installed. What do the final messages of ''/sbin/shorewall >> restart'' look like? >> >> -Tom >> >> ------------------------------------------------------------------------ > It looked (looks) perfectly normal - no errors. I also reviewed the > /var/lib/shorewall/.start and .restart and .restore and it appeared the > previous settting were IN these files. I went ahead and updated to the > 4.2.5 version and wiped all the previous configuration directory. > Re-configured and it started working as expected. > > But while tweeking the QOS (tcstart) stuff, it happened just after i did > a shorewall stop. until i wiped the lib directory, the start would > appear normal but the tables looked as if i just did a stop (only the > routestopped values were present). Very odd.....Do you have an /etc/shorewall/vardir file? If so, what is in it? ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Vernon A. Fort wrote:> Tom Eastep wrote: >> Vernon A. Fort wrote: >> >>> shorewall 3.4.8 on gentoo (kernel 2.6.26-r3). I''m not sure when this >>> started but when i change rule or add a new rule, then shorewall restart >>> (or stop then start). The OLD rules are still present under iptables -L >>> -nv. I stop shorewall and the iptables -L -nv shows no rules. Start >>> and it still shows the old rule sets. Also, i started noticing a >>> shorewall.{hash} directory showing up under the /tmp directory. I''ve >>> never seen this. >>> >>> Where in the heck to i start looking......? >>> >> I suspect that ''shorewall start'' is failing and your saved configuration >> is being installed. What do the final messages of ''/sbin/shorewall >> restart'' look like? >> >> -Tom >> >> ------------------------------------------------------------------------ > It looked (looks) perfectly normal - no errors.So you believe that you are a reliable judge of what is ''normal'' with Shorewall? I rather doubt it... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Tom Eastep wrote:> Vernon A. Fort wrote: >> Tom Eastep wrote: >>> Vernon A. Fort wrote: >>> >>>> shorewall 3.4.8 on gentoo (kernel 2.6.26-r3). I''m not sure when this >>>> started but when i change rule or add a new rule, then shorewall restart >>>> (or stop then start). The OLD rules are still present under iptables -L >>>> -nv. I stop shorewall and the iptables -L -nv shows no rules. Start >>>> and it still shows the old rule sets. Also, i started noticing a >>>> shorewall.{hash} directory showing up under the /tmp directory. I''ve >>>> never seen this. >>>> >>>> Where in the heck to i start looking......? >>>> >>> I suspect that ''shorewall start'' is failing and your saved configuration >>> is being installed. What do the final messages of ''/sbin/shorewall >>> restart'' look like? >>> >>> -Tom >>> >>> ------------------------------------------------------------------------ >> It looked (looks) perfectly normal - no errors. > > So you believe that you are a reliable judge of what is ''normal'' with > Shorewall? > > I rather doubt it...In other words, I didn''t ask for a qualitative assessment of the output -- I really wanted to see a copy of the output itself. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Shorewall Guy wrote:> Vernon A. Fort wrote: > >> Tom Eastep wrote: >> >>> I suspect that ''shorewall start'' is failing and your saved configuration >>> is being installed. What do the final messages of ''/sbin/shorewall >>> restart'' look like? >>> >>> -Tom >>> >>> ------------------------------------------------------------------------ >>> >> It looked (looks) perfectly normal - no errors. I also reviewed the >> /var/lib/shorewall/.start and .restart and .restore and it appeared the >> previous settting were IN these files. I went ahead and updated to the >> 4.2.5 version and wiped all the previous configuration directory. >> Re-configured and it started working as expected. >> >> But while tweeking the QOS (tcstart) stuff, it happened just after i did >> a shorewall stop. until i wiped the lib directory, the start would >> appear normal but the tables looked as if i just did a stop (only the >> routestopped values were present). Very odd..... >> > > Do you have an /etc/shorewall/vardir file? If so, what is in it? > > ------------------------------------------------------------------------------ >No, does not exist.... Vernon ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
Tom Eastep wrote:> Tom Eastep wrote: > >> Vernon A. Fort wrote: >> >>> Tom Eastep wrote: >>> >>>> Vernon A. Fort wrote: >>>> >>>> >>>>> shorewall 3.4.8 on gentoo (kernel 2.6.26-r3). I''m not sure when this >>>>> started but when i change rule or add a new rule, then shorewall restart >>>>> (or stop then start). The OLD rules are still present under iptables -L >>>>> -nv. I stop shorewall and the iptables -L -nv shows no rules. Start >>>>> and it still shows the old rule sets. Also, i started noticing a >>>>> shorewall.{hash} directory showing up under the /tmp directory. I''ve >>>>> never seen this. >>>>> >>>>> Where in the heck to i start looking......? >>>>> >>>>> >>>> I suspect that ''shorewall start'' is failing and your saved configuration >>>> is being installed. What do the final messages of ''/sbin/shorewall >>>> restart'' look like? >>>> >>>> -Tom >>>> >>>> ------------------------------------------------------------------------ >>>> >>> It looked (looks) perfectly normal - no errors. >>> >> So you believe that you are a reliable judge of what is ''normal'' with >> Shorewall? >> >> I rather doubt it... >> > > In other words, I didn''t ask for a qualitative assessment of the output > -- I really wanted to see a copy of the output itself. > > -Tom > > ------------------------------------------------------------------------ >Understood - ''normal'' meant normal from my perspective and I am NOT a reliable judge. I could not send the output of shorewall restart (or stop/start for that matter) because I did not preserve it. I did, however, preserve the ORIGINAL .restart, .start and .stop files in the /var/lib/shorewall from when i first noticed the problem. I''ll shoot them to you if you want to see them. Shorewall is working for now but not doing everything I want it to do. Most of the firewalls I maintain are very simple two interface setups and shorewall always works flawlessly. This one has two internal networks and two Internet interfaces (Mulit-IPS) so its way more complex. I''m trying to get the Multi-ISP, QoS, SMTP routing via the sprint 1.5 link and everything else routing out the cable modem. I''ve had trouble getting the latter two working together correctly - time to hit the books! Vernon ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com