I''m planning an upgrade of my five port, kernel 2.4.23 and shorewall 1.4.10f configuration to kernel 2.6.10 and shorewall 2.2.0 and have stumbled on a strange problem. I started with kernel upgrade with no configuration changes to shorewall, everything seems OK, no error messages except for remote printing service (SAPlpd) from server on subnet 192.168.102.0/24 to server on my subnet 192.168.11.0/24, they are both in loc zone, not working. The same configuration works OK with kernel 2.4, if I make shorewall clear with kernel 2.6 than it works again. Any suggestions how to diagnose the problem? Thanks, David
David Pristovnik wrote:> I''m planning an upgrade of my five port, kernel 2.4.23 and shorewall > 1.4.10f configuration to kernel 2.6.10 and shorewall 2.2.0 and have > stumbled on a strange problem. I started with kernel upgrade with no > configuration changes to shorewall,Are you still running Shorewall 1.4.10f? I ask because there is a lengthy article linked from the Shorewall home page telling you about the things that need changing when you migrate from 1.4 to 2.2.> everything seems OK, no error > messages except for remote printing service (SAPlpd) from server on > subnet 192.168.102.0/24 to server on my subnet 192.168.11.0/24, they are > both in loc zone, not working. The same configuration works OK with > kernel 2.4, if I make shorewall clear with kernel 2.6 than it works > again. Any suggestions how to diagnose the problem?It is entirely possible that kernel 2.6 is detecting your network interfaces in an entirely different order than is 2.4. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:>David Pristovnik wrote: > > >>I''m planning an upgrade of my five port, kernel 2.4.23 and shorewall >>1.4.10f configuration to kernel 2.6.10 and shorewall 2.2.0 and have >>stumbled on a strange problem. I started with kernel upgrade with no >>configuration changes to shorewall, >> >> > >Are you still running Shorewall 1.4.10f? > >I ask because there is a lengthy article linked from the Shorewall home >page telling you about the things that need changing when you migrate >from 1.4 to 2.2. > >I have read it and don''t have configuration, that is in conflict with 2.0 or 2.2 version.> > >>everything seems OK, no error >>messages except for remote printing service (SAPlpd) from server on >>subnet 192.168.102.0/24 to server on my subnet 192.168.11.0/24, they are >>both in loc zone, not working. The same configuration works OK with >>kernel 2.4, if I make shorewall clear with kernel 2.6 than it works >>again. Any suggestions how to diagnose the problem? >> >> > >It is entirely possible that kernel 2.6 is detecting your network >interfaces in an entirely different order than is 2.4. > >I have double checked that and everything else is functioning OK, except for SAPlpd traffic which is TCP based, that is very strange.>-Tom > >
David Pristovnik wrote:>> >> > I have double checked that and everything else is functioning OK, except > for SAPlpd traffic which is TCP based, that is very strange. >If you will submit a proper problem report, we will try to help. See: http://shorewall.net/support.htm (including the part about "shorewall status"). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key