... I upgraded tonight, and Shorewall refuses to start. The end of the debug
output:
+ addnatrule masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ ensurenatchain masq1
+ havenatchain masq1
+ eval test "$exists_nat_masq1" = Yes
+ test Yes = Yes
+ run_iptables2 -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ [ x-t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT = x-t nat -A masq1 -d
0.0.0.0/0 -j SNAT ACCEPT ]
+ run_iptables -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ iptables -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
Try `iptables -h'' or ''iptables --help'' for more
information.
Bad argument `ACCEPT''
+ [ -z ]
+ stop_firewall
+ set +x
Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
Commenting out the entry in /etc/shorewall/masq:
eth0 10.1.1.0/24!10.1.1.1
stopped the error.
I searched in the archives for the "Bad argument" error and came up
dry. I read
the Troubleshooting Guide and found nothing that could help, either.
My upgrade procedure: downloaded and installed the 1.4.10.lrp. Copied over the
following files:
interfaces
masq
nat
params
policy
rules
(Before copying, Shorewall restarts. Copying over the entire Shorewall
directory also does not work.)
Evidently, my masq file is the problem - but why? And, how to make it happy? I
re-read the masq documentation; nothing obvious stuck out. I use the Bering
LEAF firewall with 3 interfaces; anything else I should disclose?
Thanks for any help.
NYZ
+ addnatrule masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ ensurenatchain masq1
+ havenatchain masq1
+ eval test "$exists_nat_masq1" = Yes
+ test Yes = Yes
+ run_iptables2 -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ [ x-t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT = x-t nat -A masq1 -d
0.0.0.0/0 -j SNAT ACCEPT ]
+ run_iptables -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
+ iptables -t nat -A masq1 -d 0.0.0.0/0 -j SNAT ACCEPT
Try `iptables -h'' or ''iptables --help'' for more
information.
Bad argument `ACCEPT''
+ [ -z ]
+ stop_firewall
+ set +x
Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
--
_________________________________________
Nachman Yaakov Ziskind, EA, LLM awacs@egps.com
Attorney and Counselor-at-Law http://ziskind.us
Economic Group Pension Services http://egps.com
Actuaries and Employee Benefit Consultants