It says it''s running, but on a shorewall start (or restart) I get: /usr/share/shorewall/firewall: line 244: 0 | fe80::200:c0ff:fe7f:60f2 : syntax error in expression (error token is "::200:c0ff:fe7f:60f2 ") /usr/share/shorewall/firewall: line 391: & -4294967296 : syntax error: operand expected (error token is "& -4294967296 ") IP Address aa.bbb.ccc.ddd added to interface eth0 Two changes: 1 - I rebuilt my webserver and upgraded SuSE to the new SuSE 9.0 Professional (from SuSE 8.2 Professional) so I now run 2.4.21 kernel 2 - I upgraded Shorewall from 1.4.7 to 1.4.7c I am using the same rules / zones Any ideas ? Are these really errors ? - Bill
On Mon, 3 Nov 2003 Bill.Light@kp.org wrote:> It says it''s running, but on a shorewall start (or restart) I get: > > /usr/share/shorewall/firewall: line 244: 0 | fe80::200:c0ff:fe7f:60f2 : > syntax error in expression (error token is "::200:c0ff:fe7f:60f2 ") > /usr/share/shorewall/firewall: line 391: & -4294967296 : syntax error: > operand expected (error token is "& -4294967296 ") > IP Address aa.bbb.ccc.ddd added to interface eth0 > > Two changes: > > 1 - I rebuilt my webserver and upgraded SuSE to the new SuSE 9.0 > Professional (from SuSE 8.2 Professional) so I now run 2.4.21 kernel > > 2 - I upgraded Shorewall from 1.4.7 to 1.4.7cAlways good to upgrade as much stuff as possible at once. That way you haven''t a clue where the problem is.> > I am using the same rules / zones > > Any ideas ? Are these really errors ? >I suspect you have a broken shell. What shell have you specified in SHOREWALL_SHELL? Have you validated it using the simple test at http://shorewall.net/shorewall_prerequisitesx.htm? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
> It says it''s running, but on a shorewall start (or restart) I get: > > /usr/share/shorewall/firewall: line 244: 0 | fe80::200:c0ff:fe7f:60f2 : > syntax error in expression (error token is "::200:c0ff:fe7f:60f2 ") > /usr/share/shorewall/firewall: line 391: & -4294967296 : syntax error: > operand expected (error token is "& -4294967296 ") > IP Address aa.bbb.ccc.ddd added to interface eth0 > > Two changes: > > 1 - I rebuilt my webserver and upgraded SuSE to the new SuSE 9.0 > Professional (from SuSE 8.2 Professional) so I now run 2.4.21 kernel > > 2 - I upgraded Shorewall from 1.4.7 to 1.4.7cAlways good to upgrade as much stuff as possible at once. That way you haven''t a clue where the problem is. *** I could go back to 1.4.7 but I took the opportunity to make what *** appeared to be a "minor" upgrade/cleanup... Also stayed with a *** 2.4 kernel. I was actually trying to change as little as possible.> > I am using the same rules / zones > > Any ideas ? Are these really errors ? >I suspect you have a broken shell. What shell have you specified in SHOREWALL_SHELL? *** From /etc/shorewall/shorewall.conf: *** *** SHOREWALL_SHELL=/bin/sh *** *** No change... Tom, everything appears to be working, shorewall *** is running and the "right" things appear to be happening... *** iptables is 1.2.8-71 *** iproute2 is 2.4.7-655 *** gawk is 3.1.3.53 *** echo test yields: 2147483648 *** Have you validated it using the simple test at http://shorewall.net/shorewall_prerequisitesx.htm? *** No change... Tom, everything appears to be working, shorewall *** is running and the "right" things appear to be happening... *** iptables is 1.2.8-71 *** iproute2 is 2.4.7-655 *** gawk is 3.1.3.53 *** echo test yields: 2147483648 *** *** SuSE does NOT appear to have an equivalent to the screen *** you show on the prerequisitesx web page... *** -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Mon, 3 Nov 2003 Bill.Light@kp.org wrote:> > Have you validated it using the simple test at > http://shorewall.net/shorewall_prerequisitesx.htm? > > > *** No change... Tom, everything appears to be working, shorewall > *** is running and the "right" things appear to be happening... > *** iptables is 1.2.8-71 > *** iproute2 is 2.4.7-655 > *** gawk is 3.1.3.53 > *** echo test yields: 2147483648 > *** > *** SuSE does NOT appear to have an equivalent to the screen > *** you show on the prerequisitesx web page... > ***Please: a) "shorewall debug restart 2> /tmp/trace" b) Send me /tmp/trace as a text attachment. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 2003-11-03 at 20:59, Bill.Light@kp.org wrote:> It says it''s running, but on a shorewall start (or restart) I get: > > /usr/share/shorewall/firewall: line 244: 0 | fe80::200:c0ff:fe7f:60f2 : > syntax error in expression (error token is "::200:c0ff:fe7f:60f2 ") > /usr/share/shorewall/firewall: line 391: & -4294967296 : syntax error: > operand expected (error token is "& -4294967296 ") > IP Address aa.bbb.ccc.ddd added to interface eth0hmm, this looks like a ipv6 error. can shorewall handle ipv6 addresses ?
On 4 Nov 2003, Holger Br?ckner wrote:> On Mon, 2003-11-03 at 20:59, Bill.Light@kp.org wrote: > > It says it''s running, but on a shorewall start (or restart) I get: > > > > /usr/share/shorewall/firewall: line 244: 0 | fe80::200:c0ff:fe7f:60f2 : > > syntax error in expression (error token is "::200:c0ff:fe7f:60f2 ") > > /usr/share/shorewall/firewall: line 391: & -4294967296 : syntax error: > > operand expected (error token is "& -4294967296 ") > > IP Address aa.bbb.ccc.ddd added to interface eth0 > > hmm, this looks like a ipv6 error. can shorewall handle ipv6 addresses ? >No. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Tue, 2003-11-04 at 13:39, Tom Eastep wrote:> On 4 Nov 2003, Holger Br?ckner wrote: > > > On Mon, 2003-11-03 at 20:59, Bill.Light@kp.org wrote: > > > It says it''s running, but on a shorewall start (or restart) I get: > > > > > > /usr/share/shorewall/firewall: line 244: 0 | fe80::200:c0ff:fe7f:60f2 : > > > syntax error in expression (error token is "::200:c0ff:fe7f:60f2 ") > > > /usr/share/shorewall/firewall: line 391: & -4294967296 : syntax error: > > > operand expected (error token is "& -4294967296 ") > > > IP Address aa.bbb.ccc.ddd added to interface eth0 > > > > hmm, this looks like a ipv6 error. can shorewall handle ipv6 addresses ? > > > > No.well, maybe this is the problem ... as far as i remember also has some configuration for ipv6. maybe removing the corresponding entries from /etc/hosts may help ? (just a wild guess .. i haven''t seen suse 9 yet) cya Holger
On Tue, 2003-11-04 at 13:39, Tom Eastep wrote:> On 4 Nov 2003, Holger Br?ckner wrote: > > > On Mon, 2003-11-03 at 20:59, Bill.Light@kp.org wrote: > > > It says it''s running, but on a shorewall start (or restart) I get: > > > > > > /usr/share/shorewall/firewall: line 244: 0 |fe80::200:c0ff:fe7f:60f2 :> > > syntax error in expression (error token is "::200:c0ff:fe7f:60f2 ") > > > /usr/share/shorewall/firewall: line 391: & -4294967296 : syntaxerror:> > > operand expected (error token is "& -4294967296 ") > > > IP Address aa.bbb.ccc.ddd added to interface eth0 > > > > hmm, this looks like a ipv6 error. can shorewall handle ipv6 addresses?> > > > No.well, maybe this is the problem ... as far as i remember also has some configuration for ipv6. maybe removing the corresponding entries from /etc/hosts may help ? (just a wild guess .. i haven''t seen suse 9 yet) cya Holger Thanks Holger & Tom ! I specifically made sure that I did NOT install ipv6. I can double check when I get back to the box. In playing around with a replacement box to work, I have temporarily disabled access from work to this LAN to get eithter the trace of the startup (to send to Tom) or checking for ipv6 (as Holger suggested). The /etc/hosts file seemed to be the same as from SuSE 8.2 to 9.0 - but I''m willing to be wrong... The (e-mail) exchanges came after I left work - so I won''t get the info before tonight....Will let you know. - Bill
On Tue, 2003-11-04 at 13:39, Tom Eastep wrote:> On 4 Nov 2003, Holger Br?ckner wrote: > > > On Mon, 2003-11-03 at 20:59, Bill.Light@kp.org wrote: > > > It says it''s running, but on a shorewall start (or restart) I get: > > > > > > /usr/share/shorewall/firewall: line 244: 0 |fe80::200:c0ff:fe7f:60f2 :> > > syntax error in expression (error token is "::200:c0ff:fe7f:60f2 ") > > > /usr/share/shorewall/firewall: line 391: & -4294967296 : syntaxerror:> > > operand expected (error token is "& -4294967296 ") > > > IP Address aa.bbb.ccc.ddd added to interface eth0 > > > > hmm, this looks like a ipv6 error. can shorewall handle ipv6 addresses?> > > > No.well, maybe this is the problem ... as far as i remember also has some configuration for ipv6. maybe removing the corresponding entries from /etc/hosts may help ? (just a wild guess .. i haven''t seen suse 9 yet) cya Holger Thanks Holger & Tom ! I specifically made sure that I did NOT install ipv6. I can double check when I get back to the box. In playing around with a replacement box to work, I have temporarily disabled access from work to this LAN to get eithter the trace of the startup (to send to Tom) or checking for ipv6 (as Holger suggested). The /etc/hosts file seemed to be the same as from SuSE 8.2 to 9.0 - but I''m willing to be wrong... The (e-mail) exchanges came after I left work - so I won''t get the info before tonight....Will let you know. - Bill Tom & Holger - Many thanks... I''ve still broken the route from home to the office so I never did get a trace. Here''s what I did find... the box I "broke" is 2.4.20 kernel (SuSE 8.2 Professional) running shorewall 1.4.7... Had (now removed) ipv6 installed with no errors. My breaking of the box occurred after I wanted to "clean up" the routing from what I learned on the 9.0 install on a different box. The box that caused this support query is 2.4.21 kernel (SuSE 9.0 Professional) running Shorewall 1.4.7c. I cleaned up /etc/hosts to remove the "stuff" Holger suggested. No luck. I then searched software installation and found a utils package that said it had Ipv6 support - so I removed it and rebooted, still no luck. I then (which I should have done first...sigh) did an lsmod and found the ipv6 in the kernel....removed it, rebooted, and viola, error message(s) are now gone. So one of two things was the problem: a) Something changed enough with SuSE from 2.4.20 to 2.4.21 that it affects shorewall - and / or - b) Something minor changed in Shorewall routing from 1.4.7 to 1.4.7c Like I said, Tom, I really did try to change as little as possible, but I didn''t want to install "old" shorewall (1.4.7) when "new" (1.4.7c) was available on a new build. Do you still want (or need) a trace?? The box is not yet "productional" - Bill
> > > Do you still want (or need) a trace?? The box is not yet "productional" >Yes, please -- we''ve seen other cases where IPV6 can break Shorewall and I want to try to get all of them cleaned up. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline \ http://www.shorewall.net Washington, USA \ teastep@shorewall.net