Hey! No, actually shorewall works very well and starts and so on... Thanks for this! Problem is that it won''t start on boot it seems. At least it doesn''t enable forwarding. However, if I do /etc/init.d/shorewall restart it enables forwarding and the rest... But not if I do /etc/init.d/shorewall start ;) Seems weird... System is Debian Sid, Shorewall is prepackaged by Debian... Is it because of my stupidity, is it buggy package (and then other Sid users should have expirienced this) or something else? It seems I don''t have anything in startup scripts that would mangle forwarding after shorewall has done it''s job, so... Thanks, Boris
/etc/default/shorewall? /etc/sysctl.conf? or is forwarding touched somewhere else? Boris Maryshev wrote:>Hey! > >No, actually shorewall works very well and starts and so on... Thanks for this! > >Problem is that it won''t start on boot it seems. At least it doesn''t >enable forwarding. However, if I do /etc/init.d/shorewall restart it >enables forwarding and the rest... But not if I do >/etc/init.d/shorewall start ;) Seems weird... > >System is Debian Sid, Shorewall is prepackaged by Debian... > >Is it because of my stupidity, is it buggy package (and then other Sid >users should have expirienced this) or something else? > >It seems I don''t have anything in startup scripts that would mangle >forwarding after shorewall has done it''s job, so... > >Thanks, >Boris >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm > >
Boris Maryshev wrote:> Hey! > > No, actually shorewall works very well and starts and so on... Thanks for this! > > Problem is that it won''t start on boot it seems. At least it doesn''t > enable forwarding. However, if I do /etc/init.d/shorewall restart it > enables forwarding and the rest... But not if I do > /etc/init.d/shorewall start ;) Seems weird... >One possible explaination .... /etc/init.d/shorewall start uses the "-f" option of "/sbin/shorewall start". So if you have ever done a "shorewall save" then the configuration that you saved is restored rather than the one reflected in your current configuration files (this is done because restoring a saved configuration is orders of magnitude faster than parsing all of the config files and running iptables 100s or 1000s of times and people usually want their firewall to boot quickly). So once you have done a "shorewall save" then EVERY TIME YOU CHANGE YOUR CONFIGURATION YOU MUST DO ANOTHER "shorewall save" after you are satisfied that the new configuration is working properly. Alternatively, run "shorewall forget" and don''t "shorewall save" again. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Sunday 27 March 2005 18:45, Boris Maryshev wrote:> Problem is that it won''t start on boot it seems. At least it doesn''t > enable forwarding. However, if I do /etc/init.d/shorewall restart it > enables forwarding and the rest... But not if I do > /etc/init.d/shorewall start ;) Seems weird... >I am running SimplyMepis which is a Debian based distro. I had a problem with Shorewall starting at boot time. The ideal place to start Shorewall is from rcS.d ( say S44shorewall after networking startup ). However, the script was failing because "/var/log/messages" was not in place. There was an option in my distro to clear all the logs at boot. The fix for me was to add the line to /etc/init.d/shorewall:- # start the firewall shorewall_start () { touch /var/log/messages echo -n "Starting \"Shorewall firewall\": " wait_for_pppd $SRWL start >> $INITLOG 2>&1 && echo "done." || echo_notdone return 0 Maybe you have a similar probelm? Regards Stewart -- Stewart Outram uk