-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am forwarding your post to the Debian Shorewall maintainer -- none of
the code involved in Shorewall startup under Debian is part of the
standard Shorewall distribution.
- -Tom
- -------- Original Message --------
Subject: [Shorewall-users] Problems with Firewall start at Boot time
Date: Mon, 06 Sep 2004 16:48:16 -0400
From: Stewart Outram <stewart@soutram.fsnet.co.uk>
Reply-To: Mailing List for Shorewall Users
<shorewall-users@lists.shorewall.net>
To: Shorewall User List <shorewall-users@lists.shorewall.net>
Hi
I have installed Shorewall 2.0.8 from the Debian Repositories and
although the firewall is working fine I have a problem with the start up
at Boot time.
I am running "SimplyMepis" which is a Debian based distro with kernel
2.4 or 2.6.
My config is the firewall running on a PC with 2 nics, eth1 connected
to a private lan, etho with a fixed ip address connected to another
private lan which is connected to just an ADSL Router/Modem.
ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
~ link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
~ inet 127.0.0.1/8 scope host lo
~ inet6 ::1/128 scope host
~ valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
~ link/ether 00:0d:61:73:66:60 brd ff:ff:ff:ff:ff:ff
~ inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0
~ inet6 fe80::20d:61ff:fe73:6660/64 scope link
~ valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
~ link/ether 00:04:5a:8c:67:6a brd ff:ff:ff:ff:ff:ff
~ inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1
~ inet6 fe80::204:5aff:fe8c:676a/64 scope link
~ valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
~ link/sit 0.0.0.0 brd 0.0.0.0
ip route show
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.1
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1
default via 10.0.0.2 dev eth0
Shorewall starts and stops correctly from the command line as as stated
the firewall is performing correctly.
However, Shorewall is not starting at boot.
All the scripts and links seem to be in the correct locations :-
/etc/init.d/shorewall
/etc/rc0.d/K89shorewall
/etc/rc6.d/K89shorewall
/etc/rcS.d/S40shorewall
The only entry on the log file seems to be the default one :-
cat /var/log/shorewall-init.log
LOGFILE (/var/log/messages) does not exist!
( /var/log/messages does in fact exist )
The Boot messages indicate that "echo_notdone" is being called and
displaying the "check log" error message.
It seems that "wait_for_ppd" is failing for some reason?
Also, I am not clear on where the Variable "$wait_interface" gets
initiated. After running shorewall start it appears to be an empty
string :-
root@2[stewart]# echo $wait_interface
root@2[stewart]#
I don''t think I have overlooked anything in the general setting up as
everything seems to be working fine from the command line.
Any suggestions would be appreciated.
PS As a further check I removed the links from rcS.d, rc6.d and rc0.d
and replaced them with the defaults of Start in 2,3,4,5 and Stop in
0,1,6. This appears to fix the problem which would indicate that the
problem is related to the network interfaces not being up in time. I am
not sure whether this is the best fix as I believe that rcS.d starts
things very early on in the Boot process which I guess is preferable for
a Firewall?
- --
Stewart Outram
UK
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBPIpcO/MAbZfjDLIRAqeUAKDFjhj7e0fBI/cQFkifUlZy/ENjvQCfS4fr
JqDqL9xA0nK48WLWdqWxN3A=+BkA
-----END PGP SIGNATURE-----
