Hello All, Here is an error that I am getting when I try to upgrade to version 3.0.x. I was wondering if anyone could assist me into why I am getting this error. The install works fine, and the check seems to work okay, but when I restart the shorewall firewall I get this error. Thanks Bryan......... ---------- error message -------------- IPROUTER# shorewall restart Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... /usr/share/shorewall/firewall: find_interface_address: command not found Processing /etc/shorewall/shorewall.conf... Loading Modules... Restarting Shorewall... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Not available Connection Tracking Match: Not available Packet Type Match: Not available Policy Match: Not available Physdev Match: Not available IP range Match: Not available Recent Match: Not available Owner Match: Available Ipset Match: Not available CONNMARK Target: Not available Connmark Match: Not available Raw Table: Not available CLASSIFY Target: Not available Determining Zones... IPv4 Zones: net loc dmz Firewall Zone: fw Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... net Zone: eth0:0.0.0.0/0 loc Zone: eth1:0.0.0.0/0 dmz Zone: eth2:0.0.0.0/0 Processing /etc/shorewall/init ... Pre-processing Actions... Pre-processing /usr/share/shorewall/action.Drop... ..Expanding Macro /usr/share/shorewall/macro.Auth... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.SMB... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... ..End Macro Pre-processing /usr/share/shorewall/action.Reject... iptables: Bad built-in chain name ERROR: Command "/sbin/iptables -t mangle -P INPUT ACCEPT" Failed Processing /etc/shorewall/stop ... RTNETLINK answers: No such process RTNETLINK answers: No such process iptables: Bad built-in chain name iptables: Bad built-in chain name iptables: Bad built-in chain name IP Forwarding Enabled Processing /etc/shorewall/stopped ... Terminated ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
On Monday 21 November 2005 17:05, Shorewall Admin User wrote:> Hello All, > > Here is an error that I am getting when I try to upgrade to version 3.0.x. > I was wondering if anyone could assist me into why I am getting this error. > The install works fine, and the check seems to work okay, but when I > restart the shorewall firewall I get this error.Which kernel version are you using? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
----- Original Message -----> Processing /etc/shorewall/params ... > /usr/share/shorewall/firewall: find_interface_address: command not foundYour using code in the params file to find an external ip address (find_interface_address), From 2.1+ this needs to be "find_first_interface_address" and should be done in the init file, not the params file. http://www.shorewall.net/FAQ.htm then onto FAQ 1d.> ERROR: Command "/sbin/iptables -t mangle -P INPUT ACCEPT" FailedDid you compile your own kernel/iptables? Jerry ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_idv28&alloc_id845&op=click
The version of kernel that is installed on this firewall is..... Linux iprouter 2.4.7-10 #1 Thu Sep 6 17:21:28 EDT 2001 i586 unknown ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
Shorewall Admin User wrote:> The version of kernel that is installed on this firewall is..... > > Linux iprouter 2.4.7-10 #1 Thu Sep 6 17:21:28 EDT 2001 i586 unknownThat''s a *really* old kernel - you should upgrade. What distribution are you using? Paul ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click