Shorewall users - Mar 2008 - Shorewall on Voyage Linunx - ERROR: /var/lib/shorewall is a Symbolic Link

Dear all,
 
I have been trying to get Shorewall 4.0 to run on my Voyage Linux router box.
Voyage Linux runs on compact flash and to save write cycles it has a switchable
read only file system.
 
So in summary, any files in the /rw/ directory of the file system are read/write
whilst most other directories are read only, and as such i believe
/var/lib/shorewall needs to have read write access. To enable RW access i place
a symbolic link to the /rw dir, this normally works with most packages but
unfortunately Shorewall checks for symbolic links and fails:
 
voyage:/var/lib/shorewall# mv /var/lib/shorewall
/ro/var/lib/shorewallvoyage:/var/lib/shorewall# ln -s /rw//var/lib/shorewall
/var/lib/shorewallremountrofastrebootHowever on ''shorewall
start'' its complaining shorewall directory is a symbolic
link!voyage:/etc/shorewall# shorewall startCompiling...Initializing...   ERROR:
/var/lib/shorewall is a Symbolic Link
People running version 3 said it does work and doesnt have any problem, however
it would be nice if i could get v4 running also. The other option is to change
the /var/lib/shorewall directory location but i cant find the variable in the
scripts to do this.
 
The other option is to remount readwrite, startup the firewall, then remount
read only. I would prefer the initial solution however as its much cleaner and
no mods are required.
 
Voyage Linux is very popular as a router platform and would be nice to have the
latest version of Shorewall to run on this platform.
 
Many thanks in advance,
 
Chris
_________________________________________________________________
Free games, great prizes - get gaming at Gamesbox. 
http://www.searchgamesbox.com

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Chris Morley wrote:
> Dear all,
>  
> I have been trying to get Shorewall 4.0 to run on my Voyage Linux router
> box. Voyage Linux runs on compact flash and to save write cycles it has
> a switchable read only file system.
>  
> So in summary, any files in the /rw/ directory of the file system are
> read/write whilst most other directories are read only, and as such i
> believe /var/lib/shorewall needs to have read write access. To enable RW
> access i place a symbolic link to the /rw dir, this normally works with
> most packages but unfortunately Shorewall checks for symbolic links and
> fails:
>  
> voyage:/var/lib/shorewall# mv /var/lib/shorewall /ro/var/lib/shorewall
> voyage:/var/lib/shorewall# ln -s /rw//var/lib/shorewall /var/lib/shorewall
> remountro
> fastreboot
> 
> However on ''shorewall start'' its complaining shorewall
directory is a
> symbolic link!
> 
> voyage:/etc/shorewall# shorewall start
> Compiling...
> Initializing...
>    ERROR: /var/lib/shorewall is a Symbolic Link
> 
> People running version 3 said it does work and doesnt have any problem,
> however it would be nice if i could get v4 running also. The other
> option is to change the /var/lib/shorewall directory location but i cant
> find the variable in the scripts to do this.
>  
> The other option is to remount readwrite, startup the firewall, then
> remount read only. I would prefer the initial solution however as its
> much cleaner and no mods are required.
>  
> Voyage Linux is very popular as a router platform and would be nice to
> have the latest version of Shorewall to run on this platform.
man shorewall-vardir

(or see http://www.shorewall.net/manpages/shorewall-vardir.html).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

If your kernel and mount program are capable of the Linux bind feature, 
you could use the following:

##--Begin  code snippet--##
mkdir -p /rw/var/lib
mv /var/lib/shorewall /rw/var/lib/
mkdir /var/lib/shorewall
mount --bind /rw/var/lib/shorewall /var/lib/shorewall
shorewall restart
##--End  code snippet--##

If this works, then just add the following line to your /etc/fstab:

##--Begin  code snippet--##
/rw/var/lib/shorewall /var/lib/shorewall none bind 0 0
##--End  code snippet--##

Now, every time your system boots, /var/lib/shorewall will be mounted 
with the file tree located at /rw/var/lib/shorewall.

Chris Morley wrote:
> Dear all,
>  
> I have been trying to get Shorewall 4.0 to run on my Voyage Linux router 
> box. Voyage Linux runs on compact flash and to save write cycles it has 
> a switchable read only file system.
>  
> So in summary, any files in the /rw/ directory of the file system are 
> read/write whilst most other directories are read only . . .

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

>voyage:/var/lib/shorewall# mv /var/lib/shorewall /ro/var/lib/shorewall
>voyage:/var/lib/shorewall# ln -s /rw//var/lib/shorewall /var/lib/shorewall
>remountro
>fastreboot
>However on ''shorewall start'' its complaining shorewall
directory is a
symbolic
>link!
I run shorewall on OpenWRT, and in OpenWRT the /var folder is a tmpfs
RAMdisk 
which disappears during reboots. Instead of trying to fix it the legitimate
way
as Tom points out by messing with shorewall-vardir, I just do this:

(in /etc/init.d/shorewall):
ln -s /etc/shorewall/current/ /var/lib

Inside my /etc/shorewall/current folder I have a shorewall folder. This
tricks
Shorewall because the actual /var/lib/shorewall folder isn''t a symbolic
link,
But the folder where it resides is.

This may not work for you, and there may be something I''m really
messing up
Because of my config, but it works for me.

Best regards,

Russel Riley


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/