I just installed the latest kernel 2.6.32-573.8.1.el6.x86_64 and when I rebooted it shorewall (shorewall-4.5.4-1.el6.noarch) failed with the following error ERROR: a non-empty masq file requires NAT in your kernel and iptables /etc/shorewall/masq (line 15) Question is is this a problem in the kernel or is it a problem in Shorewall? Booting the previous kernel allowed shorewall to start normally. Any one else seen this error, if so what's the fix? Any help would be greatly appreciated. Pete -- If money can fix it, it's not a problem. -- Click and Clack the Tappet brothers
Marcelo Ricardo Leitner
2015-Nov-12 15:46 UTC
[CentOS] Shorewall and the latest kernel problem
Em 12-11-2015 11:12, Pete Geenhuizen escreveu:> I just installed the latest kernel 2.6.32-573.8.1.el6.x86_64 and when I > rebooted it shorewall (shorewall-4.5.4-1.el6.noarch) failed with the > following error > > ERROR: a non-empty masq file requires NAT in your kernel and iptables > /etc/shorewall/masq (line 15) > > Question is is this a problem in the kernel or is it a problem in > Shorewall? > > Booting the previous kernel allowed shorewall to start normally. > > Any one else seen this error, if so what's the fix?That points to something different in kernel. What is your 'previous' kernel? Sounds like the nat modules aren't being loaded, for some reason. Marcelo
On 11/12/15 10:46, Marcelo Ricardo Leitner wrote:> Em 12-11-2015 11:12, Pete Geenhuizen escreveu: > > That points to something different in kernel. What is your 'previous' > kernel? Sounds like the nat modules aren't being loaded, for some reason. > > MarceloMarcelo, Thanks for the input, it works fine in 2.6.32-573.7.1.el6.x86_64, and yeah I would tend to agree with you that it's more likely as not kernel related. Of course it's possible I suppose that the kernel has changed slightly enough that the shorewall rpm needs to be updated. Thanks Pete -- If money can fix it, it's not a problem. -- Click and Clack the Tappet brothers
> I just installed the latest kernel 2.6.32-573.8.1.el6.x86_64 and when > I rebooted it shorewall (shorewall-4.5.4-1.el6.noarch) failed with the > following error > > ERROR: a non-empty masq file requires NAT in your kernel and iptables > /etc/shorewall/masq (line 15)FYI I have the same kernel (2.6.32-573.8.1.el6.x86_64) and shorewall (shorewall-4.5.4-1.el6.noarch) versions and non-empty /etc/shorewall/masq here and do not see this problem. Try as root: service shorewall restart.