Shorewall users - Feb 2004 - Upgrade issues 1.4.4b -> 1.4.10

... I upgraded tonight, and Shorewall refuses to start. The end of the debug
output:

+ addnatrule masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ ensurenatchain masq1
+ havenatchain masq1
+ eval test "$exists_nat_masq1" = Yes
+ test Yes = Yes
+ run_iptables2 -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ [ x-t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT = x-t nat -A masq1 -d
0.0.0.0/0 -j SNAT ACCEPT ]
+ run_iptables -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ iptables -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
Try `iptables -h'' or ''iptables --help'' for more
information.
Bad argument `ACCEPT''
+ [ -z  ]
+ stop_firewall
+ set +x
Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...

Commenting out the entry in /etc/shorewall/masq:

eth0                    10.1.1.0/24!10.1.1.1

stopped the error.

I searched in the archives for the "Bad argument" error and came up
dry. I read
the Troubleshooting Guide and found nothing that could help, either.

My upgrade procedure: downloaded and installed the 1.4.10.lrp. Copied over the
following files: 

interfaces
masq
nat
params
policy
rules

(Before copying, Shorewall restarts. Copying over the entire Shorewall
directory also does not work.)

Evidently, my masq file is the problem - but why? And, how to make it happy? I
re-read the masq documentation; nothing obvious stuck out. I use the Bering
LEAF firewall with 3 interfaces; anything else I should disclose?


Thanks for any help.

NYZ
+ addnatrule masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ ensurenatchain masq1
+ havenatchain masq1
+ eval test "$exists_nat_masq1" = Yes
+ test Yes = Yes
+ run_iptables2 -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ [ x-t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT = x-t nat -A masq1 -d
0.0.0.0/0 -j SNAT ACCEPT ]
+ run_iptables -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ iptables -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
Try `iptables -h'' or ''iptables --help'' for more
information.
Bad argument `ACCEPT''
+ [ -z  ]
+ stop_firewall
+ set +x
Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...

-- 
_________________________________________
Nachman Yaakov Ziskind, EA, LLM         awacs@egps.com
Attorney and Counselor-at-Law           http://ziskind.us
Economic Group Pension Services         http://egps.com
Actuaries and Employee Benefit Consultants

On Wednesday 04 February 2004 04:35 pm, Nachman Yaakov Ziskind wrote:
>
> Evidently, my masq file is the problem - but why? And, how to make it
> happy? I re-read the masq documentation; nothing obvious stuck out. I use
> the Bering LEAF firewall with 3 interfaces; anything else I should
> disclose?
>
Yes -- please send me the entire trace.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Wednesday 04 February 2004 04:50 pm, Tom Eastep
wrote:
> On Wednesday 04 February 2004 04:35 pm, Nachman Yaakov Ziskind wrote:
> > Evidently, my masq file is the problem - but why? And, how to make it
> > happy? I re-read the masq documentation; nothing obvious stuck out. I
use
> > the Bering LEAF firewall with 3 interfaces; anything else I should
> > disclose?
>
> Yes -- please send me the entire trace.
The reason that I''m asking is that I can''t reproduce the
problem.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net