Hello, I''m trying to install the shorewall 1.4.9 on a redhat 9. when I issue the start comand, it locks me out with this message: iptables: match `state'' v1.2.8 (I''m v1.2.7a). Indeed, the rh9 has the 1.2.7 version of iptables, which is strange since all previous redhat releases have 1.2.8. The thing is even more frustrating since I can''t access the server at this stage, even though the routestopped file has my IP address and I''ve set the default policy to ACCEPT from net to fw. . Any ideas/workaround ? 10x, Marius
On Wednesday 14 January 2004 03:56 am, Marius Stan wrote:> Hello, > > I''m trying to install the shorewall 1.4.9 on a redhat 9. > when I issue the start comand, it locks me out with this message: > > iptables: match `state'' v1.2.8 (I''m v1.2.7a). > > Indeed, the rh9 has the 1.2.7 version of iptables, which is strange since > all previous redhat releases have 1.2.8. > The thing is even more frustrating since I can''t access the server at this > stage, even though the routestopped file has my IP address and I''ve set the > default policy to ACCEPT from net to fw. . > Any ideas/workaround ?Sounds like you have a mixed set of iptables components installed. For what it''s worth, Shorewall runs here on two RH9 boxes and has been running on those systems since shortly after RH9 was released. I suggest that you "rpm -V iptables". Also, be sure that you haven''t compiled and installed a 1.2.8 version of iptables somewhere else on the system (such as under /usr/local). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Wednesday 14 January 2004 03:56 am, Marius Stan wrote:> Hello, > > I''m trying to install the shorewall 1.4.9 on a redhat 9. > when I issue the start comand, it locks me out with this message: > > iptables: match `state'' v1.2.8 (I''m v1.2.7a). > > Indeed, the rh9 has the 1.2.7 version of iptables, which is strange since > all previous redhat releases have 1.2.8. > The thing is even more frustrating since I can''t access the server at this > stage, even though the routestopped file has my IP address and I''ve set the > default policy to ACCEPT from net to fw. . > Any ideas/workaround ?To get access to your system again, issue "shorewall clear". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Wednesday 14 January 2004 09:57 am, Tom Eastep wrote:> On Wednesday 14 January 2004 03:56 am, Marius Stan wrote: > > Hello, > > > > I''m trying to install the shorewall 1.4.9 on a redhat 9. > > when I issue the start comand, it locks me out with this message: > > > > iptables: match `state'' v1.2.8 (I''m v1.2.7a). > > > > Indeed, the rh9 has the 1.2.7 version of iptables, which is strange since > > all previous redhat releases have 1.2.8. > > The thing is even more frustrating since I can''t access the server at > > this stage, even though the routestopped file has my IP address and I''ve > > set the default policy to ACCEPT from net to fw. . > > Any ideas/workaround ? > > To get access to your system again, issue "shorewall clear".Actually, with a broken ''state'' match module you probably won''t be able to do that either. Try this at a root shell prompt: for table in nat mangle filter; do iptables -t $table -F iptables -t $table -X done -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net