Hello,
I''m using Shorewall version 1.4.4 with kernel version 2.4.20. I have
installed the iproute2 package from a tarball and it all seems to be
working fine. However I can''t start Shorewall because it keeps telling
me
that "Error: Shorewall 1.4.4 requires the iproute package
(''ip'' utility)".
I have read about a similar problem to this, but the solution involved
installing an rpm without dependancies, which I cannot do as I''m
running an
LFS system. (http://www.linuxfromscratch.org).
Any help that anyone can give would be much appreciated :)
Kind Regards,
Sally Young
Did you try at the shell prompt "which ip" if it gets and error it is not intstalled. Mike ----- Original Message ----- From: "Sally Young" <sally@justafish.co.uk> To: <shorewall-users@lists.shorewall.net> Sent: Monday, May 26, 2003 10:01 AM Subject: [Shorewall-users] problem starting shorewall> Hello, > > I''m using Shorewall version 1.4.4 with kernel version 2.4.20. I have > installed the iproute2 package from a tarball and it all seems to be > working fine. However I can''t start Shorewall because it keeps telling me > that "Error: Shorewall 1.4.4 requires the iproute package (''ip'' utility)". > I have read about a similar problem to this, but the solution involved > installing an rpm without dependancies, which I cannot do as I''m runningan> LFS system. (http://www.linuxfromscratch.org). > Any help that anyone can give would be much appreciated :) > > Kind Regards, > Sally Young > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
ahh, the joys of running a linux system built from scratch. Shorewall depends on "which" as well. I had assumed iproute2 was working as I''d been playing around with it and what not. But after installing "which", it works perfectly. It''s times like these that make me feel like a right idiot :p At 10:56 26/05/2003 -0700, you wrote:>Did you try at the shell prompt "which ip" if it gets and error it is not >intstalled. > >Mike
On 26/05/2003 7:26 PM +0100 Sally Young wrote:> ahh, the joys of running a linux system built from scratch. Shorewall > depends on "which" as well. I had assumed iproute2 was working as I''d > been playing around with it and what not. But after installing "which", > it works perfectly. It''s times like these that make me feel like a right > idiot :pI had/have the same problem as you Sally, except ''which ip'' returns /sbin/ip so I don''t understand why I get the same error. I had to get the firewall up ASAP so I just removed the verify_ip function from the shorewall main firewall file but I''d like to find out why it doesn''t work. Regards, Gonzalo.
On Tue, 27 May 2003 09:39:40 +1000, Gonzalo Servat <gonzalo@linuxaus.com> wrote:> On 26/05/2003 7:26 PM +0100 Sally Young wrote: > >> ahh, the joys of running a linux system built from scratch. Shorewall >> depends on "which" as well. I had assumed iproute2 was working as I''d >> been playing around with it and what not. But after installing "which", >> it works perfectly. It''s times like these that make me feel like a right >> idiot :p > > I had/have the same problem as you Sally, except ''which ip'' returns > /sbin/ip so I don''t understand why I get the same error. > > I had to get the firewall up ASAP so I just removed the verify_ip > function from the shorewall main firewall file but I''d like to find out > why it doesn''t work. >Well, since only YOU can reproduce this problem, if YOU don''t submit a detailed problem report there is nothing we can do.... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On 26/05/2003 5:10 PM -0700 Tom Eastep wrote:> Well, since only YOU can reproduce this problem, if YOU don''t submit a > detailed problem report there is nothing we can do.... > > -TomWhat more information can I provide? As you already know, I''m using Shorewall 1.4.4, /sbin/ip is there and ''which'' exists. If it helps, it''s a RedHat 7.3 box. Regards, Gonzalo
On Tue, 27 May 2003 10:17:52 +1000, Gonzalo Servat <gonzalo@linuxaus.com> wrote:> On 26/05/2003 5:10 PM -0700 Tom Eastep wrote: > >> Well, since only YOU can reproduce this problem, if YOU don''t submit a >> detailed problem report there is nothing we can do.... >> >> -Tom > > What more information can I provide? As you already know, I''m using > Shorewall 1.4.4, /sbin/ip is there and ''which'' exists. If it helps, it''s > a RedHat 7.3 box.>From http://www.shorewall.net/support.htm:If an error occurs when you try to "shorewall start", include a trace (See the Troubleshooting section for instructions). -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On 26/05/2003 5:22 PM -0700 Tom Eastep wrote:> From http://www.shorewall.net/support.htm: > > If an error occurs when you try to "shorewall start", include a trace > (See the Troubleshooting section for instructions).This is the first thing I did when Shorewall wouldn''t start. The thing is when I tried to start it with debug it didn''t stop at where the problem was. This might be expected behaviour (I can''t really check as I can only access the server remotely now and I''d hate to lock myself out) Regards, Gonzalo
On Tue, 27 May 2003 10:28:51 +1000, Gonzalo Servat <gonzalo@linuxaus.com> wrote:> On 26/05/2003 5:22 PM -0700 Tom Eastep wrote: > >> From http://www.shorewall.net/support.htm: >> >> If an error occurs when you try to "shorewall start", include a trace >> (See the Troubleshooting section for instructions). > > This is the first thing I did when Shorewall wouldn''t start. The thing is > when I tried to start it with debug it didn''t stop at where the problem > was. This might be expected behaviour (I can''t really check as I can only > access the server remotely now and I''d hate to lock myself out) >Well, that''s the only way that I know of to debug the problem -- if you don''t want to do that then don''t complain about the problem on the mailing list. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 26 May 2003 17:35:02 -0700, Tom Eastep <teastep@shorewall.net> wrote:> Well, that''s the only way that I know of to debug the problem -- if you > don''t want to do that then don''t complain about the problem on the > mailing list. >Well -- maybe not. Try this as root from a shell prompt (be sure you are running /bin/sh): PATH=<the way that you have it set in /etc/shorewall/shorewall.conf> qt() { "$@" >/dev/null 2>&1 } verify_ip() { qt which ip ||\ startup_error "Shorewall $version requires the iproute package (''ip'' utility)" } set -x verify_ip -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 26 May 2003 17:51:05 -0700, Tom Eastep <teastep@shorewall.net> wrote:> > verify_ip() { > qt which ip ||\ > startup_error "Shorewall $version requires the iproute package (''ip'' > utility)" > }To avoid an error on ''startup_error'', replace ''startup_error'' with ''echo''. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On 26/05/2003 5:51 PM -0700 Tom Eastep wrote:> Well -- maybe not. > > Try this as root from a shell prompt (be sure you are running /bin/sh): > > PATH=<the way that you have it set in /etc/shorewall/shorewall.conf> > > qt() > { > "$@" >/dev/null 2>&1 > } > > > verify_ip() { > qt which ip ||\ > startup_error "Shorewall $version requires the iproute package (''ip'' > utility)" } > > set -x > > verify_ipTried that & no problem (only difference is I replaced startup_error with just "echo" as there''s no startup_error function in this scenario). The output: sh-2.05a# verify_ip + verify_ip + qt which ip + which ip sh-2.05a# Regards, Gonzalo.
On 26/05/2003 6:04 PM -0700 Tom Eastep wrote:> That''s the same code that you claim fails when it is run during a > "shorewall start". > > -TomYes, I realise this is the code as I digged into the shorewall file, and I too think it doesn''t make any sense but hey, I''m not making this up. Since I can''t really muck around with the box remotely, I''ll have to wait until I''m next on-site to play with Shorewall a bit (add some tests in there) to figure it out. Regards, Gonzalo
On Tue, 27 May 2003, Gonzalo Servat wrote:> > Tried that & no problem (only difference is I replaced startup_error with > just "echo" as there''s no startup_error function in this scenario). The > output: > > sh-2.05a# verify_ip > + verify_ip > + qt which ip > + which ip > sh-2.05a# >Did you have the PATH set as you have it in /etc/shorewall/shorewall.conf? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Tue, 27 May 2003, Gonzalo Servat wrote:> On 26/05/2003 6:04 PM -0700 Tom Eastep wrote: > > > That''s the same code that you claim fails when it is run during a > > "shorewall start". > > > > -Tom > > Yes, I realise this is the code as I digged into the shorewall file, and I > too think it doesn''t make any sense but hey, I''m not making this up. > > Since I can''t really muck around with the box remotely, I''ll have to wait > until I''m next on-site to play with Shorewall a bit (add some tests in > there) to figure it out. >Ok -- please let me know what you find. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On 26/05/2003 6:14 PM -0700 Tom Eastep wrote:> Did you have the PATH set as you have it in /etc/shorewall/shorewall.conf? > > -TomYep, I copied it from the shorewall.conf file. Gonzalo
On 26/05/2003 6:15 PM -0700 Tom Eastep wrote:>> Yes, I realise this is the code as I digged into the shorewall file, and >> I too think it doesn''t make any sense but hey, I''m not making this up. >> >> Since I can''t really muck around with the box remotely, I''ll have to wait >> until I''m next on-site to play with Shorewall a bit (add some tests in >> there) to figure it out. >> > > Ok -- please let me know what you find.Tom, I found out the problem, not the solution though (yet). It seems to work fine when I do a /etc/rc.d/init.d/shorewall restart, but when I do a ''service shorewall restart'' (as I normally do) it gives me the error. Strange, huh?? I found the cause by accident as I did ''service shorewall restart'' on an old box running Shorewall 1.4.2 and got the error and that''s when I realised it only does it when I use ''service'' to restart Shorewall. Any ideas? Regards, Gonzalo.
On Wed, 28 May 2003 22:18:56 +1000, Gonzalo Servat <gonzalo@linuxaus.com> wrote:> On 26/05/2003 6:15 PM -0700 Tom Eastep wrote:> Tom, > > I found out the problem, not the solution though (yet). > > It seems to work fine when I do a /etc/rc.d/init.d/shorewall restart, but > when I do a ''service shorewall restart'' (as I normally do) it gives me > the error. Strange, huh??Yes -- most people do "shorewall restart" which runs two fewer programs than "service shorewall restart".> > I found the cause by accident as I did ''service shorewall restart'' on an > old box running Shorewall 1.4.2 and got the error and that''s when I > realised it only does it when I use ''service'' to restart Shorewall. > > Any ideas?None -- you are using the standard /etc/init.d/shorewall script I presume? If so, all it does is "exec /sbin/shorewall $@" You could try temporarily modifying /etc/init.d/shorewall. Replace: exec /sbin/shorewall $@ with /sbin/shorewall debug $@ 2> /tmp/trace and try "service shorewall restart". The trace may show us something... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Hi there, I know that we had this problem too while testing shorewall for a customer. We are using a modified Redhat 7.3 distribution (kernel 2.4.18-5 which normally takes a Checkpoint Firewall NG. The kernel itself isn''t touched. There are just packages removed, accounts deleted etc.). My colleague fixed it somehow and even told me how but I can''t remember right now. I''ll ask him on Monday when he is back from his vacation. Not very helpful right now but I thought I let you know I saw it too. Axel Westerhold -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Mittwoch, 28. Mai 2003 16:15 To: Gonzalo Servat Cc: shorewall-users@lists.shorewall.net On Wed, 28 May 2003 22:18:56 +1000, Gonzalo Servat <gonzalo@linuxaus.com> wrote:> On 26/05/2003 6:15 PM -0700 Tom Eastep wrote:> Tom, > > I found out the problem, not the solution though (yet). > > It seems to work fine when I do a /etc/rc.d/init.d/shorewall restart,but> when I do a ''service shorewall restart'' (as I normally do) it gives me> the error. Strange, huh??Yes -- most people do "shorewall restart" which runs two fewer programs than "service shorewall restart".> > I found the cause by accident as I did ''service shorewall restart'' onan> old box running Shorewall 1.4.2 and got the error and that''s when I > realised it only does it when I use ''service'' to restart Shorewall. > > Any ideas?None -- you are using the standard /etc/init.d/shorewall script I presume? If so, all it does is "exec /sbin/shorewall $@" You could try temporarily modifying /etc/init.d/shorewall. Replace: exec /sbin/shorewall $@ with /sbin/shorewall debug $@ 2> /tmp/trace and try "service shorewall restart". The trace may show us something... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm