Hi,
I have been trying to upgrade my Shorewall system from 4.4.0 to 4.4.5.4 on my
gentoo gateway, and am getting the following error
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting Shorewall....
iptables-restore v1.4.3.2: Couldn''t load target
`ppp0_fwd'':/lib/xtables/libipt_ppp0_fwd.so: cannot open shared object
file: No such file or directory
Error occurred at line: 102
Try `iptables-restore -h'' or ''iptables-restore
--help'' for more information.
ERROR: iptables-restore Failed. Input is in
/var/lib/shorewall/.iptables-restore-input
/sbin/shorewall: line 385: 3406 Terminated ${VARDIR}/.start
$debugging start
I have upgraded iptables, and upgraded other packages too.
4.4.0 is still starting ok (but reporting a warning)
Using intrapositioned negation (''--option ! this'') is
deprecated in favor of extrapositioned (''! --option this'')
Any ideas on what i might need to add to allow usage of 4.4.5.4?
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon''s best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
On Mon, 28 Dec 2009 14:28:09 +1100 Marcus Limosani <marcus@limosani.com> wrote:> Hi, > > I have been trying to upgrade my Shorewall system from 4.4.0 to > 4.4.5.4 on my gentoo gateway, and am getting the following error > > > Shorewall configuration compiled to /var/lib/shorewall/.start > Starting Shorewall.... > iptables-restore v1.4.3.2: Couldn''t load target > `ppp0_fwd'':/lib/xtables/libipt_ppp0_fwd.so: cannot open shared object > file: No such file or directory > > Error occurred at line: 102 > Try `iptables-restore -h'' or ''iptables-restore --help'' for more > information. ERROR: iptables-restore Failed. Input is > in /var/lib/shorewall/.iptables-restore-input /sbin/shorewall: line > 385: 3406 Terminated ${VARDIR}/.start $debugging start >So did you actually LOOK at /var/lib/shorewall/.iptables-restore-input and see what was on line 102?????> > I have upgraded iptables, and upgraded other packages too. > 4.4.0 is still starting ok (but reporting a warning) > Using intrapositioned negation (''--option ! this'') is deprecated in > favor of extrapositioned (''! --option this'') > > Any ideas on what i might need to add to allow usage of 4.4.5.4?Please see http://www.shorewall.net/support.htm#Guidelines regarding how to report ''shorewall start'' errors... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Line 102 includes the line -A FORWARD -i ppp0 -j ppp0_fwd There is no libipt_ppp0_fwd.so in the /lib/xtables folder, and I am not sure how to create one. I am not sure if it is a kernel feature or program feature, and google searching is not helping find anything much either -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Monday, 28 December 2009 2:54 PM To: Shorewall Users Cc: Marcus Limosani Subject: Re: [Shorewall-users] Upgrading Shorewall On Mon, 28 Dec 2009 14:28:09 +1100 Marcus Limosani <marcus@limosani.com> wrote:> Hi, > > I have been trying to upgrade my Shorewall system from 4.4.0 to > 4.4.5.4 on my gentoo gateway, and am getting the following error > > > Shorewall configuration compiled to /var/lib/shorewall/.start > Starting Shorewall.... > iptables-restore v1.4.3.2: Couldn''t load target > `ppp0_fwd'':/lib/xtables/libipt_ppp0_fwd.so: cannot open shared object > file: No such file or directory > > Error occurred at line: 102 > Try `iptables-restore -h'' or ''iptables-restore --help'' for more > information. ERROR: iptables-restore Failed. Input is > in /var/lib/shorewall/.iptables-restore-input /sbin/shorewall: line > 385: 3406 Terminated ${VARDIR}/.start $debugging start >So did you actually LOOK at /var/lib/shorewall/.iptables-restore-input and see what was on line 102?????> > I have upgraded iptables, and upgraded other packages too. > 4.4.0 is still starting ok (but reporting a warning) > Using intrapositioned negation (''--option ! this'') is deprecated in > favor of extrapositioned (''! --option this'') > > Any ideas on what i might need to add to allow usage of 4.4.5.4?Please see http://www.shorewall.net/support.htm#Guidelines regarding how to report ''shorewall start'' errors... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On Mon, 28 Dec 2009 23:26:57 +1100 Marcus Limosani <marcus@limosani.com> wrote:> Line 102 includes the line > > -A FORWARD -i ppp0 -j ppp0_fwd > > There is no libipt_ppp0_fwd.so in the /lib/xtables folder, and I am > not sure how to create one. I am not sure if it is a kernel feature > or program feature, and google searching is not helping find anything > much either >It appears to be a bug in the Shorewall rules compiler.> -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net]> > Please see http://www.shorewall.net/support.htm#Guidelines regarding > how to report ''shorewall start'' errors... >Since you ignored that request for information, please do this instead: a) shorewall show -f capabilities > /etc/shorewall/caps b) tar -cf /etc/shorewall shorewall.tgz c) Send shorewall.tgz as an email attachment to me personally. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On Mon, 28 Dec 2009 07:26:41 -0800 Tom Eastep <teastep@shorewall.net> wrote:> please do this instead: > > a) shorewall show -f capabilities > /etc/shorewall/caps > b) tar -cf /etc/shorewall shorewall.tgzShould be ''tar -cf shorewall.tgz /etc/shorewall''> c) Send shorewall.tgz as an email attachment to me personally-Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On Mon, 28 Dec 2009 07:40:43 -0800 Tom Eastep <teastep@shorewall.net> wrote:> On Mon, 28 Dec 2009 07:26:41 -0800 > Tom Eastep <teastep@shorewall.net> wrote: > > > please do this instead: > > > > a) shorewall show -f capabilities > /etc/shorewall/caps > > b) tar -cf /etc/shorewall shorewall.tgz > > Should be ''tar -cf shorewall.tgz /etc/shorewall'' > > > c) Send shorewall.tgz as an email attachment to me personally > >The attached patch *may* correct the problem: patch /usr/share/shorewall/Shorewall/Rules.pm < fwdchain.patch If that doesn''t work, then please forward the tarball I requested. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On Mon, 28 Dec 2009 10:24:41 -0800 Tom Eastep <teastep@shorewall.net> wrote:> On Mon, 28 Dec 2009 07:40:43 -0800 > Tom Eastep <teastep@shorewall.net> wrote: > > > On Mon, 28 Dec 2009 07:26:41 -0800 > > Tom Eastep <teastep@shorewall.net> wrote: > > > > > please do this instead: > > > > > > a) shorewall show -f capabilities > /etc/shorewall/caps > > > b) tar -cf /etc/shorewall shorewall.tgz > > > > Should be ''tar -cf shorewall.tgz /etc/shorewall'' > > > > > c) Send shorewall.tgz as an email attachment to me personally > > > > > > The attached patch *may* correct the problem: > > patch /usr/share/shorewall/Shorewall/Rules.pm < > fwdchain.patch > > If that doesn''t work, then please forward the tarball I requested.To wrap this up, the patch didn''t work. Marcus has an unusual configuration": a) two interfaces, *both with routeback*. b) each interface defines a zone. Since I''ve managed to break this configuration before, I''ve added it to my regression library. Attached is the patch that fixed the problem. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Many thanks Tom. 4.4.5.4 now operating with patch applied. Greatly appreciated. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tuesday, 29 December 2009 10:45 AM To: Shorewall Users Subject: Re: [Shorewall-users] Upgrading Shorewall On Mon, 28 Dec 2009 10:24:41 -0800 Tom Eastep <teastep@shorewall.net> wrote:> On Mon, 28 Dec 2009 07:40:43 -0800 > Tom Eastep <teastep@shorewall.net> wrote: > > > On Mon, 28 Dec 2009 07:26:41 -0800 > > Tom Eastep <teastep@shorewall.net> wrote: > > > > > please do this instead: > > > > > > a) shorewall show -f capabilities > /etc/shorewall/caps > > > b) tar -cf /etc/shorewall shorewall.tgz > > > > Should be ''tar -cf shorewall.tgz /etc/shorewall'' > > > > > c) Send shorewall.tgz as an email attachment to me personally > > > > > > The attached patch *may* correct the problem: > > patch /usr/share/shorewall/Shorewall/Rules.pm < > fwdchain.patch > > If that doesn''t work, then please forward the tarball I requested.To wrap this up, the patch didn''t work. Marcus has an unusual configuration": a) two interfaces, *both with routeback*. b) each interface defines a zone. Since I''ve managed to break this configuration before, I''ve added it to my regression library. Attached is the patch that fixed the problem. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev