Greetings. In summary, I installed shorewall 2.2.3 on Debian Sarge, and got error messages when trying to start it. Seeing that that version is no longer supported, I installed 3.0.3 and once again tried to start shorewall. It failed, saying that there was an error in my zones file. I''ve attached the trace ... Also attached is the result of "shorewall show" .... Any and all help appreciated. Kenn
Kenn, I think it Hill bea lo easyer if you send your shorewall zones and also copy and paste the error that you get alter you type shorewall check Fernando Rodriguez -----Mensaje original----- De: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] En nombre de kenn Enviado el: Jueves, 29 de Diciembre de 2005 03:27 p.m. Para: shorewall-users@lists.sourceforge.net Asunto: [Shorewall-users] problem with Debian and shorewall ... Greetings. In summary, I installed shorewall 2.2.3 on Debian Sarge, and got error messages when trying to start it. Seeing that that version is no longer supported, I installed 3.0.3 and once again tried to start shorewall. It failed, saying that there was an error in my zones file. I''ve attached the trace ... Also attached is the result of "shorewall show" .... Any and all help appreciated. Kenn ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
On Thursday 29 December 2005 13:27, kenn wrote:> Greetings. > > In summary, I installed shorewall 2.2.3 on Debian Sarge, and got error > messages when trying to start it. Seeing that that version is no longer > supported, I installed 3.0.3 and once again tried to start shorewall. > It failed, saying that there was an error in my zones file. I''ve > attached the trace ... Also attached is the result of "shorewall show" > .... > > > Any and all help appreciated.Debian users seem to be having a hard time with this. I suggest that you carefully read the release notes linked from the top of the Shorewall home page. There you will learn that you must have IPSECFILE=ipsec in /etc/shorewall/shorewall.conf if you want to use your old /etc/shorewall/zones file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:>On Thursday 29 December 2005 13:27, kenn wrote: > > >>Greetings. >> >>In summary, I installed shorewall 2.2.3 on Debian Sarge, and got error >>messages when trying to start it. Seeing that that version is no longer >>supported, I installed 3.0.3 and once again tried to start shorewall. >>It failed, saying that there was an error in my zones file. I''ve >>attached the trace ... Also attached is the result of "shorewall show" >>.... >> >> >>Any and all help appreciated. >> >> > >Debian users seem to be having a hard time with this. I suggest that you >carefully read the release notes linked from the top of the Shorewall home >page. There you will learn that you must have IPSECFILE=ipsec >in /etc/shorewall/shorewall.conf if you want to use your >old /etc/shorewall/zones file. > >-Tom > >Okay, I did that, but when I run shorewall check, I still get the following: -------------- Loading /usr/share/shorewall/functions... Processing /etc/shorewall/shorewall.conf... Loading Modules... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Not available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Not available Physdev Match: Available IP range Match: Available Recent Match: Available Owner Match: Available Ipset Match: Not available CONNMARK Target: Not available Connmark Match: Not available Raw Table: Available CLASSIFY Target: Available Verifying Configuration... Determining Zones... ERROR: Illegal zone name "1" in zones file ----------------- /etc/shorewall/zones looks like this: 1 Red Red ---------------- Any ideas, other than purging shorewall and reinstalling it again from scratch? (One reason I say that is that it didn''t work BEFORE I upgraded to 3.0.3 .. that''s why I upgraded. So I may end up purging it, reinstalling 3.0.3 and trying again.) As always, all help is REALLY appreciated. Kenn 2 Office Office
Try naming it differently...
I have in my zones file:
#ZONE TYPE OPTIONS IN OUT
#
fw firewall
net
loc
wire
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
And it works quite well... Perhaps numeric zone names are not legal???
----- Original Message -----
From: kenn
To: shorewall-users@lists.sourceforge.net
Sent: Friday, December 30, 2005 9:54 AM
Subject: Re: [Shorewall-users] problem with Debian and shorewall ...
Tom Eastep wrote:
On Thursday 29 December 2005 13:27, kenn wrote:
Greetings.
In summary, I installed shorewall 2.2.3 on Debian Sarge, and got error
messages when trying to start it. Seeing that that version is no longer
supported, I installed 3.0.3 and once again tried to start shorewall.
It failed, saying that there was an error in my zones file. I''ve
attached the trace ... Also attached is the result of "shorewall
show"
....
Any and all help appreciated.
Debian users seem to be having a hard time with this. I suggest that you
carefully read the release notes linked from the top of the Shorewall home
page. There you will learn that you must have IPSECFILE=ipsec
in /etc/shorewall/shorewall.conf if you want to use your
old /etc/shorewall/zones file.
-Tom
Okay, I did that, but when I run shorewall check, I still get the following:
--------------
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Available
CLASSIFY Target: Available
Verifying Configuration...
Determining Zones...
ERROR: Illegal zone name "1" in zones file
-----------------
/etc/shorewall/zones looks like this:
1 Red Red
----------------
Any ideas, other than purging shorewall and reinstalling it again from scratch?
(One reason I say that is that it didn''t work BEFORE I upgraded to
3.0.3 .. that''s why I upgraded. So I may end up purging it,
reinstalling 3.0.3 and trying again.)
As always, all help is REALLY appreciated.
Kenn
2 Office Office
On Friday 30 December 2005 06:54, kenn wrote:> Tom Eastep wrote: > >On Thursday 29 December 2005 13:27, kenn wrote: > >>Greetings. > >> > >>In summary, I installed shorewall 2.2.3 on Debian Sarge, and got error > >>messages when trying to start it. Seeing that that version is no longer > >>supported, I installed 3.0.3 and once again tried to start shorewall. > >>It failed, saying that there was an error in my zones file. I''ve > >>attached the trace ... Also attached is the result of "shorewall show" > >>.... > >> > >> > >>Any and all help appreciated. > > > >Debian users seem to be having a hard time with this. I suggest that you > >carefully read the release notes linked from the top of the Shorewall home > >page. There you will learn that you must have IPSECFILE=ipsec > >in /etc/shorewall/shorewall.conf if you want to use your > >old /etc/shorewall/zones file. > > > >-Tom > > Okay, I did that, but when I run shorewall check, I still get the > following: -------------- > > Loading /usr/share/shorewall/functions... > Processing /etc/shorewall/shorewall.conf... > Loading Modules... > Shorewall has detected the following iptables/netfilter capabilities: > NAT: Available > Packet Mangling: Available > Multi-port Match: Available > Extended Multi-port Match: Not available > Connection Tracking Match: Available > Packet Type Match: Available > Policy Match: Not available > Physdev Match: Available > IP range Match: Available > Recent Match: Available > Owner Match: Available > Ipset Match: Not available > CONNMARK Target: Not available > Connmark Match: Not available > Raw Table: Available > CLASSIFY Target: Available > Verifying Configuration... > Determining Zones... > ERROR: Illegal zone name "1" in zones file > > ----------------- > > /etc/shorewall/zones looks like this: > > 1 Red Red >Err -- zone short names must start with a letter. "1" is not a valid zone name. You look like you are flailing around in the dark. I suggest that you go to http://www.shorewall.net/shorewall_quickstart_guide.htm and learn how quickly and easily set up Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:>On Friday 30 December 2005 06:54, kenn wrote: > > >Err -- zone short names must start with a letter. "1" is not a valid zone >name. You look like you are flailing around in the dark. >I suggest that you go to >http://www.shorewall.net/shorewall_quickstart_guide.htm and learn how >quickly and easily set up Shorewall. > >-Tom > >Yep, you''re right, and I was ... actually I was using what I *thought* was a decent howto but apparently it had a LOT of holes in it .... In any case, I did what you suggested and all is well now. Thanks for taking the time to point me there ... Kenn