Shorewall users - Jun 2002 - Is this a bug or did I upgrade my bering to LATEST.lrp wrong?

I recently tried upgrading from the shorewall that comes with Bering 1.0-rc2
(shorwall.lrp 1.2.x I think) to the LATEST.lrp
on the shorewall site as of 6/19/2002.

After I upgraded it worked fine on the first reboot, I copied my old rules,
interfaces, etc.. files into
the /etc/shorewall directory.

I issued a shorewall stop and shorewall start command and everything loaded
correctly.

I went to the lrcfg program and backed up ''shorwall.lrp'' and
it completed
successfully.

I rebooted the computer and this time shorewall would not load.  I dropped
to a console and when
I type: shorewall

I get this error message:

/var/lib/shorewall/functions does not exist!

If I mkdir the functions directory, shorewall then it complains that
''firewall'' does not exist?

Is this an issue with the lrpcfg script that backs up shorewall? is it still
trying to use the old directory
structure to back up the config files?

FYI, I am not using Bering 1.0-rc3...

note: the only files I coppied from my older shorewall into the
/etc/shorewall directory where:
blacklist,interfaces,masq,policy,proxyarp,rules,tos,zones

Steve Sobka
hickbot@fuzzylinux.net

On Thu, 20 Jun 2002, Steve Sobka wrote:
> I recently tried upgrading from the shorewall that comes with Bering
1.0-rc2
> (shorwall.lrp 1.2.x I think) to the LATEST.lrp
> on the shorewall site as of 6/19/2002.
> 
> After I upgraded it worked fine on the first reboot, I copied my old rules,
> interfaces, etc.. files into
> the /etc/shorewall directory.
> 
> I issued a shorewall stop and shorewall start command and everything loaded
> correctly.
> 
> I went to the lrcfg program and backed up ''shorwall.lrp''
and it completed
> successfully.
> 
> I rebooted the computer and this time shorewall would not load.  I dropped
> to a console and when
> I type: shorewall
> 
> I get this error message:
> 
> /var/lib/shorewall/functions does not exist!
> 
> If I mkdir the functions directory, shorewall then it complains that
> ''firewall'' does not exist?
> 
> Is this an issue with the lrpcfg script that backs up shorewall? is it
still
> trying to use the old directory
> structure to back up the config files?
> 
> FYI, I am not using Bering 1.0-rc3...
> 
> note: the only files I coppied from my older shorewall into the
> /etc/shorewall directory where:
> blacklist,interfaces,masq,policy,proxyarp,rules,tos,zones
> 
Sounds like /var/lib/shorewall isn''t being backed up. The 
/var/lib/lrpkg/shorwall.list file that''s included with Shorwall 1.3.2 
includes /var/lib/shorewall and I assume that file drives the backup. Do 
you possibly still have the old file installed?

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

I thought I was goin nuts.  I tried to update using Bering 1.0 RC3 with
the shorewall 1.3.2 in the same manner.  Files I copied were blacklist,
masq, interfaces, policy and rules.  I kept getting the same error
message "/var/lib/shorewallfunctions does not exist".  I was watching
the mailing list to see if I was the one with this problem.  I have
tried this on two attempts, both with shorewal 1.3.2.  Previously I have
been using Bering 1.0 RC2 with shorewall 1.3.1.

Karl K. Sakai
kazman@iname.com 

-----Original Message-----
From: shorewall-users-admin@shorewall.net
[mailto:shorewall-users-admin@shorewall.net] On Behalf Of Steve Sobka
Sent: Thursday, June 20, 2002 05:02
To: shorewall-users@shorewall.net
Subject: [Shorewall-users] Is this a bug or did I upgrade my bering to
LATEST.lrp wrong?


I recently tried upgrading from the shorewall that comes with Bering
1.0-rc2 (shorwall.lrp 1.2.x I think) to the LATEST.lrp on the shorewall
site as of 6/19/2002.

After I upgraded it worked fine on the first reboot, I copied my old
rules, interfaces, etc.. files into the /etc/shorewall directory.

I issued a shorewall stop and shorewall start command and everything
loaded correctly.

I went to the lrcfg program and backed up ''shorwall.lrp'' and
it
completed successfully.

I rebooted the computer and this time shorewall would not load.  I
dropped to a console and when I type: shorewall

I get this error message:

/var/lib/shorewall/functions does not exist!

If I mkdir the functions directory, shorewall then it complains that
''firewall'' does not exist?

Is this an issue with the lrpcfg script that backs up shorewall? is it
still trying to use the old directory structure to back up the config
files?

FYI, I am not using Bering 1.0-rc3...

note: the only files I coppied from my older shorewall into the
/etc/shorewall directory where:
blacklist,interfaces,masq,policy,proxyarp,rules,tos,zones

Steve Sobka
hickbot@fuzzylinux.net


_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users

> Sounds like /var/lib/shorewall isn''t being backed up. The
> /var/lib/lrpkg/shorwall.list file that''s included with Shorwall
1.3.2
> includes /var/lib/shorewall and I assume that file drives the backup. Do
> you possibly still have the old file installed?
>
> -Tom
It''s possible I do... I assumed I did not because of the way I
upgraded:

Logon to firewall at console and drop to shell,

1) mount floppy, rename shorwall.lrp on Bering 1.0-rc2 to shorwall.bak
2) copy LATEST.lrp to shorwall.lrp on Bering 1.0-rc2 disk
3) reboot box
4) mount floppy, copy shorwall.bak /tmp
5) cd /tmp ; tar -zxvpf shorwall.bak
6) cp /tmp/etc/shorewall/*.files_I_need /etc/shorewall
7) rm -rf /tmp/*
8) shorewall stop (no errors)
9) shorewall start (no errors), loc, dmz, etc.. all work fine...
10) umount floppy
11) lrcfg, (b)ackup, shorwall.lrp, backup completed, no errors.
12) reboot box
13) when system restarts I cannot browse the net from loc, or dmz, I logon
at console...
14) type:  shorewall
15) get error messages about /var/lib/shorewall/functions not being found...

I thought that by installing this way, I would be avoiding having two
seperate versions running at the same time.  My guess is it''s the new
shorewall directory structure for the ''firewall'' and version
files and them
not being backed up when the shorwall.lrp file is created from the backup
program?  But what do I know, I am just a hickbot! :-)

Hope this helps debug...

P.S. I think I forgot to mention that I was also using shorewall 1.3.1, the
one that was listed on the leaf.sf.net site under ''news'' as of
May 31, 2002.

Steve Sobka
hickbot@fuzzylinux.net

On Thu, 20 Jun 2002, Steve Sobka wrote:
> 
> Hope this helps debug...
Well, I don''t run Bering here at all so it will have to be one of the 
Bering folks who gives you a hand. I suggest posting on the LEAF list as 
well. 

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Looks like the update to the shorwall.list file worked.  Thank you Tom
and Jaques for the help.
Karl K. Sakai
kazman@iname.com