dear all shorewall member, i use shorewall version 2.0.8 on my redhat version 9. i used 2 ethernet eth0 connect to internet and eth1 connect to my local net and shorewall action as firewall and router if i used shorewall for 8 hour, i can''t telnet,go to internet,ssh from my shorewall to my local net and internet. but when i''m restarting shorewall it''s Ok. start shorewall is faster, but if stop shorewall i''m waiting 5 minutes, and i get this messages:lockfile: Sorry, giving up on "/var/lib/shorewall/lock" have any idea??? eddy
On Wed, 2004-12-29 at 09:41 +0700, stefanus wrote:> dear all shorewall member, > > i use shorewall version 2.0.8 on my redhat version 9. > i used 2 ethernet eth0 connect to internet and eth1 connect to my local net > and shorewall action as firewall and router > > if i used shorewall for 8 hour, i can''t telnet,go to internet,ssh from my > shorewall to my local net and internet. but when i''m restarting shorewall > it''s Ok. >Please read http://shorewall.net/Introduction.html and you will see that whatever your problem is, it is not directly related to Shorewall. I suspect that your conntrack table is filling up and needs to be larger; look at your system log.> start shorewall is faster, but if stop shorewall i''m waiting 5 minutes, and > i get this messages:lockfile: Sorry, giving up on "/var/lib/shorewall/lock"I need a trace -- see http://shorewall.net/troubleshoot.htm under "shorewall start and shorewall restart Errors". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Tue, 2004-12-28 at 19:02 -0800, Tom Eastep wrote:> look at your system log. > > > start shorewall is faster, but if stop shorewall i''m waiting 5 minutes, and > > i get this messages:lockfile: Sorry, giving up on "/var/lib/shorewall/lock" > > I need a trace -- see http://shorewall.net/troubleshoot.htm under > "shorewall start and shorewall restart Errors".Note that when this error occurs, it often means that the PREVIOUS /sbin/shorewall command terminated abnormally. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key