Shorewall users - Aug 2005 - shorewall cleared regularly?

Using 2.4.3 on Fedora Core 2. I start up Shorewall and it starts
successfully - [shorewall show shorewall] gives:

Shorewall-2.4.3 Chain shorewall at localhost - Sat Aug 20 10:49:07 EDT 2005
Counters reset Sat Aug 20 10:49:06 EDT 2005
Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination 

However, after about ten minutes, [shorewall show shorewall] gives:

Shorewall-2.4.3 Chain shorewall at localhost - Sat Aug 20 10:48:38 EDT 2005
Counters reset Sat Aug 20 10:41:28 EDT 2005
iptables: Table does not exist (do you need to insmod?)

I''m logged in as root; I''m the only user; there''s
nothing in the
crontab. Any idea why it''s stopping like this?

Thanks!



Other info below: 
Version: 2.4.3
ipaddr show (xx for privacy): 
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:11:5b:d0:90:f8 brd ff:ff:ff:ff:ff:ff
    inet 69.46.xx.xxx/20 brd 69.46.xx.xxx scope global eth0
    inet6 fe80::211:5bff:fed0:90f8/64 scope link
       valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0

ip route show:
69.46.0.0/20 dev eth0  proto kernel  scope link  src 69.46.xx.xxx
169.254.0.0/16 dev eth0  scope link
default via 69.46.0.1 dev eth0


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

box file wrote:
>
> I''m logged in as root; I''m the only user;
there''s nothing in the
> crontab. Any idea why it''s stopping like this?
>
No -- but *it can''t stop itself*. Once "shorewall start" has
completed,
Shorewall has done it''s job and there is no part of Shorewall left
running. See http://shorewall.net/Introduction.html

So the bottom line is that *some* process is running or being run that
is periodically clearing Netfilter.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

> > I''m logged in as root; I''m the only user;
there''s nothing in the
> > crontab. Any idea why it''s stopping like this?
> >
> 
> No -- but *it can''t stop itself*. Once "shorewall start"
has completed,
> Shorewall has done it''s job and there is no part of Shorewall left
> running. See http://shorewall.net/Introduction.html
> 
> So the bottom line is that *some* process is running or being run that
> is periodically clearing Netfilter.
Thanks for the quick response. 

Any idea what this might be clearing nefilter? I just tried some
experiments with a normal iptables configuration (shorewall not
running at all) and the same thing happened. After ten mins or so,
netfilter is cleared. This is a few days old install of Fedora Core 2
with nothing out of the ordinary installed.

Thanks....



> 
> -Tom
> --
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
> 
> 
> 
>

-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

box file wrote:
>
> Thanks for the quick response.
>
> Any idea what this might be clearing nefilter? I just tried some
> experiments with a normal iptables configuration (shorewall not
> running at all) and the same thing happened. After ten mins or so,
> netfilter is cleared. This is a few days old install of Fedora Core 2
> with nothing out of the ordinary installed.
DHCP client?

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

I typically turn off the iptables service, and do not install any other 
Fedora Core default firewalls. I make sure the Shorewall starts at 
boot, and make sure I do a "shorewall save" after everything is
running
correctly.

I would also move to at least FC 3 - much more stable IMHO. I am now 
just starting to upgrade to FC 4 on my production boxes, after some 
time on the test boxes running FC 4 without issues.




On Aug 21, 2005, at 11:40 AM, box file wrote:
> This is a few days old install of Fedora Core 2
> with nothing out of the ordinary installed.


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

OK, all is working again. Crontab - which I thought I''d checked - was
stopping apf every five minutes, which flushed iptables. APF wasn''t
being restarted - not that it would have mattered, as it wasn''t
configured anyway. So any changes I made to Shorewall or iptables were
being cleared every five minutes. Hey ho...
> I typically turn off the iptables service, and do not install any other
> Fedora Core default firewalls. I make sure the Shorewall starts at
> boot, and make sure I do a "shorewall save" after everything is
running
> correctly.
> 
> I would also move to at least FC 3 - much more stable IMHO. I am now
> just starting to upgrade to FC 4 on my production boxes, after some
> time on the test boxes running FC 4 without issues.
FC2 is our dev environment. We are jumping to FC4 soon once testing
indicates all is well...

Thanks for the help - wasn''t expecting responses on a Sunday!


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf