Hi *,
I have downloaded shorewall 3.2.2, and also the shorewall.conf and functions
from the erratas.
I installed the default templates for the single interface config (Laptop with
WLAN)
When starting shorewall, I get the following messages :
Compiling...
Initializing...
Determining Zones...
ERROR: No ipv4 or ipsec Zones Defined
/sbin/shorewall: line 775: 8159 Terminated $SHOREWALL_SHELL
${SHAREDIR}/compiler $debugging $nolock compile ${VARDIR}/.restart
my zones files contains :
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
So, there actually IS one ipv4 zone defined !
I attached the trace obtained by running shorewall debug start.
I hope someone can tell me what I''m doing wrong here. I''m
running shorewall v2.x on my server, and it''s working fine there. Maybe
something is differennt in v3.x and I''m just missing this knowledge.
Just for the understanding : I did a blank new installation of v3.2.2, not an
upgrade from an existing v2.x !
System is Ubuntu 6.06
TIA
Joel
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Joel HATSCH wrote:> Hi *, > > I have downloaded shorewall 3.2.2, and also the shorewall.conf and functions from the erratas. > > I installed the default templates for the single interface config (Laptop with WLAN) > > When starting shorewall, I get the following messages : > Compiling... > Initializing... > Determining Zones... > ERROR: No ipv4 or ipsec Zones Defined > /sbin/shorewall: line 775: 8159 Terminated $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging $nolock compile ${VARDIR}/.restart > > my zones files contains : > #ZONE TYPE OPTIONS IN OUT > # OPTIONS OPTIONS > fw firewall > net ipv4 > #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE > > So, there actually IS one ipv4 zone defined ! > > I attached the trace obtained by running shorewall debug start. > > > I hope someone can tell me what I''m doing wrong here.It *appears* that you copied /usr/share/shorewall/configfiles/shorewall.conf to /etc/shorewall! That file has CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall and is intended solely for use where you want to create an export directory for a system that is running Shorewall Lite! What you need to do is edit shorewall.conf and change that setting to CONFIG_PATH=/etc/shorewall:/usr/share/shorewall -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Tom Eastep wrote:> Joel HATSCH wrote: >> Hi *, >> >> I have downloaded shorewall 3.2.2, and also the shorewall.conf and functions from the erratas.Here''s another possibility -- The shorewall.conf from errata/Shorewall/configfiles was supposed to replace /usr/share/shorewall/configfiles/shorewall.conf, not /etc/shorewall.conf!!! From the known_problems.txt: 1) [ Shorewall ] The file /usr/share/shorewall/configfiles/shorewall.conf is incorrect. A corrected version of the file is available in the errata/Shorewall/configfiles/ sub-directory. It doesn''t say anything about /etc/shorewall.conf -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Tom Eastep wrote:> Tom Eastep wrote: >> Joel HATSCH wrote: >>> Hi *, >>> >>> I have downloaded shorewall 3.2.2, and also the shorewall.conf and functions from the erratas. > > Here''s another possibility -- The shorewall.conf from > errata/Shorewall/configfiles was supposed to replace > /usr/share/shorewall/configfiles/shorewall.conf, not /etc/shorewall.conf!!! > > From the known_problems.txt: > > 1) [ Shorewall ] The file /usr/share/shorewall/configfiles/shorewall.conf is > incorrect. A corrected version of the file is available in the > errata/Shorewall/configfiles/ sub-directory. > > It doesn''t say anything about /etc/shorewall.confI should have had my coffee before writing that -- all references to /etc/shorewall.conf should of course be replaced by /etc/shorewall/shorewall.conf. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Sun, 20 Aug 2006 09:35:10 -0700 Tom Eastep <teastep@shorewall.net> wrote:> Tom Eastep wrote: > > Tom Eastep wrote: > >> Joel HATSCH wrote: > >>> Hi *, > >>> > >>> I have downloaded shorewall 3.2.2, and also the shorewall.conf and > >functions from the erratas. > > > > Here''s another possibility -- The shorewall.conf from > > errata/Shorewall/configfiles was supposed to replace > > /usr/share/shorewall/configfiles/shorewall.conf, not > > /etc/shorewall.conf!!! > > > > From the known_problems.txt: > > > > 1) [ Shorewall ] The file > > /usr/share/shorewall/configfiles/shorewall.conf is > > incorrect. A corrected version of the file is available in the > > errata/Shorewall/configfiles/ sub-directory. > > > > It doesn''t say anything about /etc/shorewall.conf > > I should have had my coffee before writing that -- all references to > /etc/shorewall.conf should of course be replaced by > /etc/shorewall/shorewall.conf.Never mind, *that* was my mistake ! (BTW, better coffee than beer !) Now shorewall starts and works like a charm, I can go in holiday and connect to open wlan''s without any security considerations, thanks a lot for your quick reply ! Joel PS : Beer will be sent when I''m back, you deserved it :-) ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642