Shore wall will not start. I can start it manually from the command prompt, but the init script always bombs out at boot. I saw in another port that it might have something to do with zones. When I run shorewall debug start 2> /tmp/trace I get this output: [root@corpsrvr ~]# shorewall debug start 2> /tmp/trace Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Starting Shorewall... Loading Modules... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Available Determining Zones... Zones: net loc dmz Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: eth1:0.0.0.0/0 Local Zone: eth0:0.0.0.0/0 Processing /etc/shorewall/init ... Deleting user chains... Setting up Accounting... Setting up User Sets... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Adding Common Rules Adding rules for DHCP Setting up TCP Flags checking... Setting up Kernel Route Filtering... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/rules... Processing /etc/shorewall/policy... Policy ACCEPT for loc to net using chain loc2net Masqueraded Subnets and Hosts: To 0.0.0.0/0 from 192.168.17.0/24 through eth1 Processing /etc/shorewall/tos... Rule "all all tcp - ssh 16" added. Rule "all all tcp ssh - 16" added. Rule "all all tcp - ftp 16" added. Rule "all all tcp ftp - 16" added. Rule "all all tcp ftp-data - 8" added. Rule "all all tcp - ftp-data 8" added. Processing /etc/shorewall/ecn... Activating Rules... Processing /etc/shorewall/start ... Shorewall Started I think the netzone etc showing up as 0.0.0.0 is what is causing the problem, but I don''t know how or where to enter the proper info. ________________________________________ Chip Burke
> Shore wall will not start. I can start it manually from the commandprompt,> but the init script always bombs out at boot. I saw in another port thatit> might have something to do with zones. When I run shorewall debug start2>> /tmp/trace I get this output: ><snip>> I think the netzone etc showing up as 0.0.0.0 is what is causing the > problem, but I don''t know how or where to enter the proper info. >Is the network up before shorewall is started boot? Can you post your config files please. Jerry ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Actually, that is one thing that crossed my mind. The network is S09 and Shorewall is S08. I am guessing it can''t find the networks seeing that no IP has been bound to the interface. Do you suppose it is just a matter of changing the order? I assume I would want IPTables to load before the network so everything is locked down according to the Shorewall stop rules before the network comes up. Then once the network comes up allow Shorewall to start? ________________________________________ Chip Burke -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Jerry Vonau Sent: Wednesday, July 20, 2005 12:44 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Shorewall won''t start> Shore wall will not start. I can start it manually from the commandprompt,> but the init script always bombs out at boot. I saw in another port thatit> might have something to do with zones. When I run shorewall debug start2>> /tmp/trace I get this output: ><snip>> I think the netzone etc showing up as 0.0.0.0 is what is causing the > problem, but I don''t know how or where to enter the proper info. >Is the network up before shorewall is started boot? Can you post your config files please. Jerry ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
Actually, that is one thing that crossed my mind. The network is S09 and Shorewall is S08. I am guessing it can''t find the networks seeing that no IP has been bound to the interface. Do you suppose it is just a matter of changing the order? I assume I would want IPTables to load before the network so everything is locked down according to the Shorewall stop rules before the network comes up. Then once the network comes up allow Shorewall to start? That depends on how you configured shorewall, anything that uses "detect" requires that the network be up first Jerry ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Hah, sometimes it just takes someone asking the right question to make you think. I checked init.d and the chkconfig line had the network loading after Shorewall. I changed the chkconfig to be between IPtables and Shorewall, did a del and add on network, and all is well. Thanks for the help. ________________________________________ Chip Burke -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Jerry Vonau Sent: Wednesday, July 20, 2005 12:54 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Shorewall won''t start Actually, that is one thing that crossed my mind. The network is S09 and Shorewall is S08. I am guessing it can''t find the networks seeing that no IP has been bound to the interface. Do you suppose it is just a matter of changing the order? I assume I would want IPTables to load before the network so everything is locked down according to the Shorewall stop rules before the network comes up. Then once the network comes up allow Shorewall to start? That depends on how you configured shorewall, anything that uses "detect" requires that the network be up first Jerry ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click