There still seems to be an init script issue with 2.4.1 and the ntsysv utility in FC4. The 2.4.1 version installs the symlinks correctly... but running ntsysv afterward will generate the "S-1shorewall" problem in the /etc/rc directories. This results in shorewall not starting at boot or responding to runlevel changes. Simon Matter''s rpm of 2.4.1 does not have this problem: http://www.invoca.ch/pub/packages/shorewall/2.4/shorewall-2.4.1/ Apparently Fedora changed some behaviours with the sysv stuff... the symlinks for Webmin are trashed in the same way after running ntsysv under FC4. -Tom ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
Hello As I understand,ShoreWall boots fine for me but when i issue restart command it misses up the ip route so, that has nothing to do initv, and I could c any problem with boot (CENTOS 4 is FC4 ) Kind Regards Samer>From: Tom Lisjac <netdxr@gmail.com> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... >Date: Fri, 15 Jul 2005 15:20:44 -0600 > >There still seems to be an init script issue with 2.4.1 and the ntsysv >utility in FC4. The 2.4.1 version installs the symlinks correctly... >but running ntsysv afterward will generate the "S-1shorewall" problem >in the /etc/rc directories. This results in shorewall not starting at >boot or responding to runlevel changes. > >Simon Matter''s rpm of 2.4.1 does not have this problem: > >http://www.invoca.ch/pub/packages/shorewall/2.4/shorewall-2.4.1/ > >Apparently Fedora changed some behaviours with the sysv stuff... the >symlinks for Webmin are trashed in the same way after running ntsysv >under FC4. > >-Tom > > >------------------------------------------------------- >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies >from IBM. Find simple to follow Roadmaps, straightforward articles, >informative Webcasts and more! Get everything you need to get up to >speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users_________________________________________________________________ Don''t just search. Find. Check out the new MSN Search! http://search.msn.com/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Tom Lisjac wrote:> Simon Matter''s rpm of 2.4.1 does not have this problem: > > http://www.invoca.ch/pub/packages/shorewall/2.4/shorewall-2.4.1/ > > Apparently Fedora changed some behaviours with the sysv stuff... the > symlinks for Webmin are trashed in the same way after running ntsysv > under FC4.We have RPMs specifically targeted for Fedora/RedHat and for Mandriva; so long as those work properly, that''s all that matters as far as I''m concerned. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
I c the rpm are installing good, but the issue is in functionality, Im going crazy why it does not restart for me everytime I change something on the firewall rules, I must restart I can say that I Do not change rules that often, but still should not have this to happen>From: Tom Eastep <teastep@shorewall.net> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... >Date: Fri, 15 Jul 2005 14:39:18 -0700 > >Tom Lisjac wrote: > > > Simon Matter''s rpm of 2.4.1 does not have this problem: > > > > http://www.invoca.ch/pub/packages/shorewall/2.4/shorewall-2.4.1/ > > > > Apparently Fedora changed some behaviours with the sysv stuff... the > > symlinks for Webmin are trashed in the same way after running ntsysv > > under FC4. > >We have RPMs specifically targeted for Fedora/RedHat and for Mandriva; >so long as those work properly, that''s all that matters as far as I''m >concerned. > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net >PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ><< signature.asc >>_________________________________________________________________ Don''t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> As I understand,ShoreWall boots fine for me > but when i issue restart command it misses up the ip routeMy post was an FYI to the list. It wasn''t intended to address the problem you''re having.> so, that has nothing to do initv, and I could c any problem with boot > (CENTOS 4 is FC4 )CentOS 4 is FC3. -Tom ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
On Sat, 2005-07-16 at 00:46 +0300, samer Y. Azmy wrote:> I c the rpm are installing good, but the issue is in functionality, Im going > crazy why it does not restart for me > everytime I change something on the firewall rules, I must restart > > I can say that I Do not change rules that often, but still should not have > this to happenJust run the command "shorewall restart", without going through the RC stuff. It should be in /usr/local/sbin, which should be in your PATH using sudo or beeing root. Gretz, Patrick ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Hello That is exactly what im doing and shorewall stops forwarding Please check the attached file I compared the status of shorewall in running condition, and I restarted it, and captured the status and that was the only change I have noticed Kind Regards Samer>From: Patrick Blitz <blitz@securetec.net> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... >Date: Sat, 16 Jul 2005 12:25:19 +0200 > >On Sat, 2005-07-16 at 00:46 +0300, samer Y. Azmy wrote: > > I c the rpm are installing good, but the issue is in functionality, Im >going > > crazy why it does not restart for me > > everytime I change something on the firewall rules, I must restart > > > > I can say that I Do not change rules that often, but still should not >have > > this to happen > >Just run the command "shorewall restart", without going through the RC >stuff. > >It should be in /usr/local/sbin, which should be in your PATH using sudo >or beeing root. > >Gretz, > >Patrick > > > > > >------------------------------------------------------- >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies >from IBM. Find simple to follow Roadmaps, straightforward articles, >informative Webcasts and more! Get everything you need to get up to >speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
----- Original Message ----- From: "samer Y. Azmy" <samer_symantec@hotmail.com> To: <shorewall-users@lists.sourceforge.net> Sent: Saturday, July 16, 2005 06:01 Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... Hello That is exactly what im doing and shorewall stops forwarding Please check the attached file I compared the status of shorewall in running condition, and I restarted it, and captured the status and that was the only change I have noticed Kind Regards Samer Can you post the providers file please. Jerry ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Hello That the status, and ip files Please advice Kind Regards Samer>From: Tom Lisjac <netdxr@gmail.com> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... >Date: Fri, 15 Jul 2005 15:20:44 -0600 > >There still seems to be an init script issue with 2.4.1 and the ntsysv >utility in FC4. The 2.4.1 version installs the symlinks correctly... >but running ntsysv afterward will generate the "S-1shorewall" problem >in the /etc/rc directories. This results in shorewall not starting at >boot or responding to runlevel changes. > >Simon Matter''s rpm of 2.4.1 does not have this problem: > >http://www.invoca.ch/pub/packages/shorewall/2.4/shorewall-2.4.1/ > >Apparently Fedora changed some behaviours with the sysv stuff... the >symlinks for Webmin are trashed in the same way after running ntsysv >under FC4. > >-Tom > > >------------------------------------------------------- >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies >from IBM. Find simple to follow Roadmaps, straightforward articles, >informative Webcasts and more! Get everything you need to get up to >speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Config files? Need to see them. Jerry> Hello > > That the status, and ip files > > Please advice > > Kind Regards > Samer------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Thank you for your support>From: Jerry Vonau <jvonau@shaw.ca> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... >Date: Sun, 17 Jul 2005 10:20:06 -0500 > > > >Config files? Need to see them. > >Jerry > > > Hello > > > > That the status, and ip files > > > > Please advice > > > > Kind Regards > > Samer > > > > >------------------------------------------------------- >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies >from IBM. Find simple to follow Roadmaps, straightforward articles, >informative Webcasts and more! Get everything you need to get up to >speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users_________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
samer Y. Azmy wrote:> Thank you for your supportYou are defining eth0''s primary IP address in /etc/shorewall/nat. This causes grave problems, particularly when combined with ADD_IP_ALIASES=Yes (which you have also selected). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
excuse my ignornace Should I solve my problem by removing ADD_IP_ALIASES=Yes or make it NO Thank you Samer>From: Tom Eastep <teastep@shorewall.net> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... >Date: Mon, 18 Jul 2005 07:57:41 -0700 > >samer Y. Azmy wrote: > > Thank you for your support > >You are defining eth0''s primary IP address in /etc/shorewall/nat. This >causes grave problems, particularly when combined with >ADD_IP_ALIASES=Yes (which you have also selected). > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net >PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ><< signature.asc >>_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
From the nat file: # EXTERNAL External IP Address - this should NOT be the primary # IP address of the interface named in the next # column and must not be a DNS Name. inet 62.193.72.242/32 scope global eth0 can''t be used in the nat file, as that is your primary ipaddress for that interface The nat file creates aliases, your trying to add something that already exists. Jerry> excuse my ignornace > > Should I solve my problem by removing ADD_IP_ALIASES=Yes or make it NO > > Thank you > Samer > > >From: Tom Eastep <teastep@shorewall.net> > >Reply-To: shorewall-users@lists.sourceforge.net > >To: shorewall-users@lists.sourceforge.net > >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... > >Date: Mon, 18 Jul 2005 07:57:41 -0700 > > > >samer Y. Azmy wrote: > > > Thank you for your support > > > >You are defining eth0''s primary IP address in /etc/shorewall/nat. This > >causes grave problems, particularly when combined with > >ADD_IP_ALIASES=Yes (which you have also selected). > > > >-Tom > >-- > >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > >Shoreline, \ http://shorewall.net > >Washington USA \ teastep@shorewall.net > >PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > ><< signature.asc >> > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today it''s FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
in other words what u mean and that is not in my nat conf file>From: Jerry Vonau <jvonau@shaw.ca> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... >Date: Tue, 19 Jul 2005 02:00:39 -0500 > >From the nat file: ># EXTERNAL External IP Address - this should NOT be the primary ># IP address of the interface named in the next ># column and must not be a DNS Name. > >inet 62.193.72.242/32 scope global eth0 >can''t be used in the nat file, as that is your >primary ipaddress for that interface >The nat file creates aliases, your trying to add >something that already exists. > >Jerry > > > excuse my ignornace > > > > Should I solve my problem by removing ADD_IP_ALIASES=Yes or make it NO > > > > Thank you > > Samer > > > > >From: Tom Eastep <teastep@shorewall.net> > > >Reply-To: shorewall-users@lists.sourceforge.net > > >To: shorewall-users@lists.sourceforge.net > > >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... > > >Date: Mon, 18 Jul 2005 07:57:41 -0700 > > > > > >samer Y. Azmy wrote: > > > > Thank you for your support > > > > > >You are defining eth0''s primary IP address in /etc/shorewall/nat. This > > >causes grave problems, particularly when combined with > > >ADD_IP_ALIASES=Yes (which you have also selected). > > > > > >-Tom > > >-- > > >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > > >Shoreline, \ http://shorewall.net > > >Washington USA \ teastep@shorewall.net > > >PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > ><< signature.asc >> > > > > _________________________________________________________________ > > Express yourself instantly with MSN Messenger! Download today it''s FREE! > > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > > > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > > from IBM. Find simple to follow Roadmaps, straightforward articles, > > informative Webcasts and more! Get everything you need to get up to > > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > >------------------------------------------------------- >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies >from IBM. Find simple to follow Roadmaps, straightforward articles, >informative Webcasts and more! Get everything you need to get up to >speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
and for SURE it works Tom you are Magic>From: Tom Eastep <teastep@shorewall.net> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... >Date: Mon, 18 Jul 2005 07:57:41 -0700 > >samer Y. Azmy wrote: > > Thank you for your support > >You are defining eth0''s primary IP address in /etc/shorewall/nat. This >causes grave problems, particularly when combined with >ADD_IP_ALIASES=Yes (which you have also selected). > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net >PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ><< signature.asc >>_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
So it works now? ----- Original Message ----- From: "samer Y. Azmy" <samer_symantec@hotmail.com> To: <shorewall-users@lists.sourceforge.net> Sent: Tuesday, July 19, 2005 02:32 Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1...> and for SURE it works > Tom you are Magic > > > >From: Tom Eastep <teastep@shorewall.net> > >Reply-To: shorewall-users@lists.sourceforge.net > >To: shorewall-users@lists.sourceforge.net > >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... > >Date: Mon, 18 Jul 2005 07:57:41 -0700 > > > >samer Y. Azmy wrote: > > > Thank you for your support > > > >You are defining eth0''s primary IP address in /etc/shorewall/nat. This > >causes grave problems, particularly when combined with > >ADD_IP_ALIASES=Yes (which you have also selected). > > > >-Tom > >--------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Sure it works>From: Jerry Vonau <jvonau@shaw.ca> >Reply-To: shorewall-users@lists.sourceforge.net >To: shorewall-users@lists.sourceforge.net >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... >Date: Tue, 19 Jul 2005 02:43:49 -0500 > >So it works now? > >----- Original Message ----- >From: "samer Y. Azmy" <samer_symantec@hotmail.com> >To: <shorewall-users@lists.sourceforge.net> >Sent: Tuesday, July 19, 2005 02:32 >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... > > > > and for SURE it works > > Tom you are Magic > > > > > > >From: Tom Eastep <teastep@shorewall.net> > > >Reply-To: shorewall-users@lists.sourceforge.net > > >To: shorewall-users@lists.sourceforge.net > > >Subject: Re: [Shorewall-users] FC4 ntsysv and shorewall 2.4.1... > > >Date: Mon, 18 Jul 2005 07:57:41 -0700 > > > > > >samer Y. Azmy wrote: > > > > Thank you for your support > > > > > >You are defining eth0''s primary IP address in /etc/shorewall/nat. This > > >causes grave problems, particularly when combined with > > >ADD_IP_ALIASES=Yes (which you have also selected). > > > > > >-Tom > > >-- > > > > >------------------------------------------------------- >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies >from IBM. Find simple to follow Roadmaps, straightforward articles, >informative Webcasts and more! Get everything you need to get up to >speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click