Hi, I''m trying to run Shorewall on one of my systems. So far it has worked for all 8 except for this one. I get this error: "iptables-restore: line 147 failed ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input " I''ve checked and that seems to be the COMMIT command from the file. What should I do? Best regards, Eugene ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
Eugene Koh wrote:> Hi, > > I''m trying to run Shorewall on one of my systems. So far it has worked > for all 8 except for this one. > > I get this error: > > "iptables-restore: line 147 failed > ERROR: iptables-restore Failed. Input is in > /var/lib/shorewall/.iptables-restore-input > " > > I''ve checked and that seems to be the COMMIT command from the file. What > should I do?Please consult the Troubleshooting documentation at http://www.shorewall.net/troubleshoot.htm#Start-perl -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
Hi Tom, I ran the debug as listed on the site and the compiling stopped here: " + /sbin/iptables -A logdrop -j LOG --log-level info --log-prefix Shorewall:logdrop:DROP: iptables: Unknown error 18446744073709551615 + ''['' 1 -ne 0 '']'' + ''['' -z '''' '']'' + stop_firewall + case $COMMAND in + set +x Processing /etc/shorewall/stop ... IP Forwarding Enabled Processing /etc/shorewall/stopped ... /sbin/shorewall: line 664: 20417 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart " Does this mean that the line before the Unknown error is the cause of the fault? May I know how do I disable it from the compiler? I don''t really need the logging anyhow. Best regards, Eugene On Sun, Jun 21, 2009 at 8:48 PM, Tom Eastep <teastep@shorewall.net> wrote:> Eugene Koh wrote: > > Hi, > > > > I''m trying to run Shorewall on one of my systems. So far it has worked > > for all 8 except for this one. > > > > I get this error: > > > > "iptables-restore: line 147 failed > > ERROR: iptables-restore Failed. Input is in > > /var/lib/shorewall/.iptables-restore-input > > " > > > > I''ve checked and that seems to be the COMMIT command from the file. What > > should I do? > > Please consult the Troubleshooting documentation at > http://www.shorewall.net/troubleshoot.htm#Start-perl > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > Are you an open source citizen? Join us for the Open Source Bridge > conference! > Portland, OR, June 17-19. Two days of sessions, one day of unconference: > $250. > Need another reason to go? 24-hour hacker lounge. Register today! > > http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
Eugene Koh wrote:> Hi Tom, > > I ran the debug as listed on the site and the compiling stopped here: > > " > + /sbin/iptables -A logdrop -j LOG --log-level info --log-prefix > Shorewall:logdrop:DROP: > iptables: Unknown error 18446744073709551615Two problems: a) You have an old and broken iptables binary that can''t report errors properly (note the ridiculous error number). b) Your kernel appears to lack LOG target support. This doesn''t haven to be a lvs or OpenVZ system does it? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
Hi Tom, I think this particular system is an OpenVZ system. If I were to turn off LOG target would that work as a get around? Best regards, Eugene On Sun, Jun 21, 2009 at 10:59 PM, Tom Eastep <teastep@shorewall.net> wrote:> Eugene Koh wrote: > > Hi Tom, > > > > I ran the debug as listed on the site and the compiling stopped here: > > > > " > > + /sbin/iptables -A logdrop -j LOG --log-level info --log-prefix > > Shorewall:logdrop:DROP: > > iptables: Unknown error 18446744073709551615 > > Two problems: > > a) You have an old and broken iptables binary that can''t report errors > properly (note the ridiculous error number). > > b) Your kernel appears to lack LOG target support. This doesn''t haven to > be a lvs or OpenVZ system does it? > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > Are you an open source citizen? Join us for the Open Source Bridge > conference! > Portland, OR, June 17-19. Two days of sessions, one day of unconference: > $250. > Need another reason to go? 24-hour hacker lounge. Register today! > > http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
Eugene Koh wrote:> Hi Tom, > > I think this particular system is an OpenVZ system. If I were to turn > off LOG target would that work as a get around?Everyone who runs Shorewall on OpenVZ has problems, yet no OpenVZ Shorewall user has been willing to write a HOWTO. I would rather recommend that you load the ipt_LOG module. A firewall that can''t log isn''t a very good idea. If you decide to turn off logging, be sure to turn it off in both /etc/shorewall/policy and /etc/shorewall/shorewall.conf. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org