Hi *, I''m having the following problem with traffic shaping: Setting up Traffic Control Rules... TC Rule "22 0.0.0.0/0 213.215.225.42 tcp 22 " added Validating /etc/shorewall/tcdevices... Validating /etc/shorewall/tcclasses... Processing /etc/shorewall/tcdevices... RTNETLINK answers: Operation not supported We have an error talking to the kernel I don''t think is a shorewall related problem, maybe I have to load a specific module. right? -- Davide Corio davide.corio@redomino.com Redomino S.r.l. C.so Monte Grappa 90/b - 10145 Torino - Italy Tel: +39 011 19502871 - Fax: +39 011 19791122 - http://www.redomino.com/
Hi Davide Try posting a shorewall dump. Then we may be able to say what the problem is. Rune On 5/21/06, Davide Corio <davide.corio@redomino.com> wrote:> Hi *, > > I''m having the following problem with traffic shaping: > > Setting up Traffic Control Rules... > TC Rule "22 0.0.0.0/0 213.215.225.42 tcp 22 " added > Validating /etc/shorewall/tcdevices... > Validating /etc/shorewall/tcclasses... > Processing /etc/shorewall/tcdevices... > RTNETLINK answers: Operation not supported > We have an error talking to the kernel > > I don''t think is a shorewall related problem, maybe I have to load a > specific module. right? > > > -- > Davide Corio davide.corio@redomino.com > Redomino S.r.l. C.so Monte Grappa 90/b - 10145 Torino - Italy > Tel: +39 011 19502871 - Fax: +39 011 19791122 - http://www.redomino.com/ > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQBEb/TqHgcRMktMxGgRAtmyAKCFbfPxSYbApxkrw7fKI/owGbZlEQCfdTSZ > Amk0D4qwEpN9VhYLaQ0HyWY> =s6TT > -----END PGP SIGNATURE----- > > >------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Rune Kock wrote:> Hi Davide > > Try posting a shorewall dump. Then we may be able to say what the > problem is.Since ''shorewall start'' is failing, a trace would be more appropriate. shorewall trace start 2> /tmp/trace.txt and post the /tmp/trace.txt file as an attachment. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Il giorno dom, 21/05/2006 alle 06.46 -0700, Tom Eastep ha scritto:> Since ''shorewall start'' is failing, a trace would be more appropriate. > > shorewall trace start 2> /tmp/trace.txt > > and post the /tmp/trace.txt file as an attachment.is there a way to test the configuration without stopping shorewall? Unfortunately I can''t work on the server. Or better, If I stop shorewall, will it preserve my ssh connection? -- Davide Corio davide.corio@redomino.com Redomino S.r.l. C.so Monte Grappa 90/b - 10145 Torino - Italy Tel: +39 011 19502871 - Fax: +39 011 19791122 - http://www.redomino.com/
Tom Eastep wrote:> Rune Kock wrote: > >>Hi Davide >> >>Try posting a shorewall dump. Then we may be able to say what the >>problem is. > > > Since ''shorewall start'' is failing, a trace would be more appropriate. > > shorewall trace start 2> /tmp/trace.txt > > and post the /tmp/trace.txt file as an attachment. >You can also get additional information by modifying the ensure_and_save_command function at line 140 in /usr/share/shorewall/firewall as shown below (add the call to error_message). This will show us what command failed. I assume that you are running Shorewall 3.0.5 as you reported on IRC -- if not, the line number may be slightly different. ensure_and_save_command() { if eval $* ; then echo "$@" >> $RESTOREBASE else error_message "ERROR: Command \"$@\" Failed" [ -z "$STOPPING" ] && { stop_firewall; exit 2; } fi } -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Davide Corio wrote:> Il giorno dom, 21/05/2006 alle 06.46 -0700, Tom Eastep ha scritto: > >>Since ''shorewall start'' is failing, a trace would be more appropriate. >> >>shorewall trace start 2> /tmp/trace.txt >> >>and post the /tmp/trace.txt file as an attachment. > > > is there a way to test the configuration without stopping shorewall? > > Unfortunately I can''t work on the server. > > Or better, If I stop shorewall, will it preserve my ssh connection? >It will if either a) you have set ADMINISABSENTMINDED=Yes in shorewall.conf; or b) you have added the IP address of the system where you are running the ssh client to /etc/shorewall/routestopped. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Il giorno dom, 21/05/2006 alle 07.30 -0700, Tom Eastep ha scritto:> You can also get additional information by modifying the > ensure_and_save_command function at line 140 in > /usr/share/shorewall/firewall as shown below (add the call to > error_message). This will show us what command failed.Done, but i can''t see any differences in the trace log> I assume that you > are running Shorewall 3.0.5 as you reported on IRC -- if not, the line > number may be slightly different.Yes, 3.0.5-1 from Debian Etch -- Davide Corio davide.corio@redomino.com Redomino S.r.l. C.so Monte Grappa 90/b - 10145 Torino - Italy Tel: +39 011 19502871 - Fax: +39 011 19791122 - http://www.redomino.com/