Hi,
My main gateway is a router running on OpenWrt Barrier Breaker
r37816/ Kernel Version3.10.4.
I installed shorewall-lite from openwrt''s repo using opkg but while
trying to start shorewall-lite I get the folowing errors:
The first error i got was "scp: /var/lib/shorewall-lite: No such file
or directory" simply resolved by making the folder
"shorewall-lite"
in/var/lib/
the second error I am facing is
"ERROR: Shorewall Lite is not properly installed
The file /etc/shorewall-lite/state/firewall does not exist"
As expected creating the file "firewall" in /etc/shorewall-lite/ does
not help so if any one can assist fixing it I would be appreciated!:)
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
On 09/12/2013 11:04 AM, matt darfeuille wrote:> Hi, > > My main gateway is a router running on OpenWrt Barrier Breaker > r37816/ Kernel Version3.10.4. > > I installed shorewall-lite from openwrt''s repo using opkg but while > trying to start shorewall-lite I get the folowing errors: > > The first error i got was "scp: /var/lib/shorewall-lite: No such file > or directory" simply resolved by making the folder "shorewall-lite" > in/var/lib/ > > the second error I am facing is > > "ERROR: Shorewall Lite is not properly installed > The file /etc/shorewall-lite/state/firewall does not exist" > > As expected creating the file "firewall" in /etc/shorewall-lite/ does > not help so if any one can assist fixing it I would be appreciated!:) >Sounds like you don''t understand how Shorewall-lite works. Please look at http://www.shorewall.net/Shorewall-Lite.html. That article describes how to generate the firewall script on a system that has Shorewall installed and how to transfer the script to the Shorewall-lite system. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
I should have explained a bit more what I already did! I refollowed the provided link with the following steps: one generating the capabilities file on the firewall system then copying it along with shorewallrc to the administrative system. Then on the administrative system in the export directory(/usr/share I put the capabilities, shorewallrc files along with those copied from /usr/share/shorewall/configfiles. then I configured the zone interface policy stoppedrules masq along with the shorewall.conf modified as stated on the provided link. then I issued the command /sbin/shorewall load 192.168.88.1 and the output of it is: --- Processing /usr/share/shorewall/3700/params ... Processing /usr/share/shorewall/3700/shorewall.conf... WARNING: Your capabilities file is out of date -- it does not contain all of the capabilities defined by Shorewall version 4.5.18 Compiling /usr/share/shorewall/3700/zones... Compiling /usr/share/shorewall/3700/interfaces... Determining Hosts in Zones... WARNING: *** mult2 is an EMPTY ZONE *** Locating Action Files... Compiling /usr/share/shorewall/3700/policy... Running /usr/share/shorewall/3700/initdone... Adding Anti-smurf Rules Adding rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling /usr/share/shorewall/3700/masq... Compiling MAC Filtration -- Phase 1... Compiling /usr/share/shorewall/3700/rules... Compiling /usr/share/shorewall/3700/conntrack... Compiling MAC Filtration -- Phase 2... Applying Policies... Compiling /usr/share/shorewall/action.Drop for chain Drop... Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... Generating Rule Matrix... Compiling /usr/share/shorewall/action.Reject for chain Reject... Creating iptables-restore input... Compiling /usr/share/shorewall/3700/stoppedrules... Shorewall configuration compiled to /usr/share/shorewall/3700/firewall Copying /usr/share/shorewall/3700/firewall and /usr/share/shorewall/3700/firewall.conf to 192.168.88.1:/var/lib/shorewall-lite... Enter passphrase for key ''/root/.ssh/id_rsa'': scp: /var/lib/shorewall-lite: No such file or directory ------ Am I totally mistaken? Md On 12 Sep 2013 at 11:41, Tom Eastep wrote: Date sent: Thu, 12 Sep 2013 11:41:16 -0700 From: Tom Eastep <teastep@shorewall.net> To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>> On 09/12/2013 11:04 AM, matt darfeuille wrote: > > Hi, > > > > My main gateway is a router running on OpenWrt Barrier Breaker > > r37816/ Kernel Version3.10.4. > > > > I installed shorewall-lite from openwrt''s repo using opkg but while > > trying to start shorewall-lite I get the folowing errors: > > > > The first error i got was "scp: /var/lib/shorewall-lite: No such > > file or directory" simply resolved by making the folder > > "shorewall-lite" in/var/lib/ > > > > the second error I am facing is > > > > "ERROR: Shorewall Lite is not properly installed > > The file /etc/shorewall-lite/state/firewall does not > > exist" > > > > As expected creating the file "firewall" in /etc/shorewall-lite/ > > does not help so if any one can assist fixing it I would be > > appreciated!:) > > > > Sounds like you don''t understand how Shorewall-lite works. Please look > at http://www.shorewall.net/Shorewall-Lite.html. That article > describes how to generate the firewall script on a system that has > Shorewall installed and how to transfer the script to the > Shorewall-lite system. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
On the Shorewall-lite box, what does ''shorewall-lite show config'' produce? Tom teastep@shorewall.net http://www.shorewall.net -----Original Message----- From: matt darfeuille [mailto:matdarf@gmail.com] Sent: Thursday, September 12, 2013 1:06 PM To: Shorewall Users Subject: Re: [Shorewall-users] shorewall-lite error at start I should have explained a bit more what I already did! I refollowed the provided link with the following steps: one generating the capabilities file on the firewall system then copying it along with shorewallrc to the administrative system. Then on the administrative system in the export directory(/usr/share I put the capabilities, shorewallrc files along with those copied from /usr/share/shorewall/configfiles. then I configured the zone interface policy stoppedrules masq along with the shorewall.conf modified as stated on the provided link. then I issued the command /sbin/shorewall load 192.168.88.1 and the output of it is: --- Processing /usr/share/shorewall/3700/params ... Processing /usr/share/shorewall/3700/shorewall.conf... WARNING: Your capabilities file is out of date -- it does not contain all of the capabilities defined by Shorewall version 4.5.18 Compiling /usr/share/shorewall/3700/zones... Compiling /usr/share/shorewall/3700/interfaces... Determining Hosts in Zones... WARNING: *** mult2 is an EMPTY ZONE *** Locating Action Files... Compiling /usr/share/shorewall/3700/policy... Running /usr/share/shorewall/3700/initdone... Adding Anti-smurf Rules Adding rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling /usr/share/shorewall/3700/masq... Compiling MAC Filtration -- Phase 1... Compiling /usr/share/shorewall/3700/rules... Compiling /usr/share/shorewall/3700/conntrack... Compiling MAC Filtration -- Phase 2... Applying Policies... Compiling /usr/share/shorewall/action.Drop for chain Drop... Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... Generating Rule Matrix... Compiling /usr/share/shorewall/action.Reject for chain Reject... Creating iptables-restore input... Compiling /usr/share/shorewall/3700/stoppedrules... Shorewall configuration compiled to /usr/share/shorewall/3700/firewall Copying /usr/share/shorewall/3700/firewall and /usr/share/shorewall/3700/firewall.conf to 192.168.88.1:/var/lib/shorewall-lite... Enter passphrase for key ''/root/.ssh/id_rsa'': scp: /var/lib/shorewall-lite: No such file or directory ------ Am I totally mistaken? Md On 12 Sep 2013 at 11:41, Tom Eastep wrote: Date sent: Thu, 12 Sep 2013 11:41:16 -0700 From: Tom Eastep <teastep@shorewall.net> To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>> On 09/12/2013 11:04 AM, matt darfeuille wrote: > > Hi, > > > > My main gateway is a router running on OpenWrt Barrier Breaker > > r37816/ Kernel Version3.10.4. > > > > I installed shorewall-lite from openwrt''s repo using opkg but while > > trying to start shorewall-lite I get the folowing errors: > > > > The first error i got was "scp: /var/lib/shorewall-lite: No such > > file or directory" simply resolved by making the folder > > "shorewall-lite" in/var/lib/ > > > > the second error I am facing is > > > > "ERROR: Shorewall Lite is not properly installed > > The file /etc/shorewall-lite/state/firewall does not > > exist" > > > > As expected creating the file "firewall" in /etc/shorewall-lite/ > > does not help so if any one can assist fixing it I would be > > appreciated!:) > > > > Sounds like you don''t understand how Shorewall-lite works. Please look > at http://www.shorewall.net/Shorewall-Lite.html. That article > describes how to generate the firewall script on a system that has > Shorewall installed and how to transfer the script to the > Shorewall-lite system. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >---------------------------------------------------------------------------- -- How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
I get the following while running the requested command root@OpenWrt:~# shorewall-lite show config Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite Default VARDIR is /var/lib/shorewall-lite LIBEXEC is /usr/lib SBINDIR is /usr/sbin CONFDIR is /etc LITEDIR is /etc/shorewall-lite/state MD On 12 Sep 2013 at 13:31, Tom Eastep wrote: From: "Tom Eastep" <teastep@shorewall.net> To: <shorewall-users@lists.sourceforge.net> Date sent: Thu, 12 Sep 2013 13:31:25 -0700 Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscr ibe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscrib e>> On the Shorewall-lite box, what does ''shorewall-lite show config'' > produce? > > Tom > teastep@shorewall.net > http://www.shorewall.net > > -----Original Message----- > From: matt darfeuille [mailto:matdarf@gmail.com] > Sent: Thursday, September 12, 2013 1:06 PM > To: Shorewall Users > Subject: Re: [Shorewall-users] shorewall-lite error at start > > I should have explained a bit more what I already did! > > I refollowed the provided link with the following steps: > one generating the capabilities file on the firewall system then > copying it along with shorewallrc to the administrative system. Then > on the administrative system in the export directory(/usr/share I put > the capabilities, shorewallrc files along with those copied from > /usr/share/shorewall/configfiles. then I configured the zone interface > policy stoppedrules masq along with the shorewall.conf modified as > stated on the provided link. then I issued the command /sbin/shorewall > load 192.168.88.1 and the output of it is: --- Processing > /usr/share/shorewall/3700/params ... Processing > /usr/share/shorewall/3700/shorewall.conf... > WARNING: Your capabilities file is out of date -- it does not > contain all > of the capabilities defined by Shorewall version 4.5.18 Compiling > /usr/share/shorewall/3700/zones... Compiling > /usr/share/shorewall/3700/interfaces... Determining Hosts in Zones... > WARNING: *** mult2 is an EMPTY ZONE *** Locating Action Files... > Compiling /usr/share/shorewall/3700/policy... Running > /usr/share/shorewall/3700/initdone... Adding Anti-smurf Rules Adding > rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route > Filtering... Compiling Martian Logging... Compiling > /usr/share/shorewall/3700/masq... Compiling MAC Filtration -- Phase > 1... Compiling /usr/share/shorewall/3700/rules... Compiling > /usr/share/shorewall/3700/conntrack... Compiling MAC Filtration -- > Phase 2... Applying Policies... Compiling > /usr/share/shorewall/action.Drop for chain Drop... Compiling > /usr/share/shorewall/action.Broadcast for chain Broadcast... > Generating Rule Matrix... Compiling /usr/share/shorewall/action.Reject > for chain Reject... Creating iptables-restore input... Compiling > /usr/share/shorewall/3700/stoppedrules... Shorewall configuration > compiled to /usr/share/shorewall/3700/firewall Copying > /usr/share/shorewall/3700/firewall and > /usr/share/shorewall/3700/firewall.conf to > 192.168.88.1:/var/lib/shorewall-lite... Enter passphrase for key > ''/root/.ssh/id_rsa'': scp: /var/lib/shorewall-lite: No such file or > directory ------ > > Am I totally mistaken? > > Md > > On 12 Sep 2013 at 11:41, Tom Eastep wrote: > > Date sent: Thu, 12 Sep 2013 11:41:16 -0700 > From: Tom Eastep <teastep@shorewall.net> > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] shorewall-lite error at start > Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> > > <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscr > ibe> > > <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscrib > e> > > > On 09/12/2013 11:04 AM, matt darfeuille wrote: > > > Hi, > > > > > > My main gateway is a router running on OpenWrt Barrier Breaker > > > r37816/ Kernel Version3.10.4. > > > > > > I installed shorewall-lite from openwrt''s repo using opkg but > > > while trying to start shorewall-lite I get the folowing errors: > > > > > > The first error i got was "scp: /var/lib/shorewall-lite: No such > > > file or directory" simply resolved by making the folder > > > "shorewall-lite" in/var/lib/ > > > > > > the second error I am facing is > > > > > > "ERROR: Shorewall Lite is not properly installed > > > The file /etc/shorewall-lite/state/firewall does not > > > exist" > > > > > > As expected creating the file "firewall" in /etc/shorewall-lite/ > > > does not help so if any one can assist fixing it I would be > > > appreciated!:) > > > > > > > Sounds like you don''t understand how Shorewall-lite works. Please > > look at http://www.shorewall.net/Shorewall-Lite.html. That article > > describes how to generate the firewall script on a system that has > > Shorewall installed and how to transfer the script to the > > Shorewall-lite system. > > > > -Tom > > -- > > Tom Eastep \ When I die, I want to go like my Grandfather who > > Shoreline, \ died peacefully in his sleep. Not screaming > > like Washington, USA \ all of the passengers in his car > > http://shorewall.net > > \________________________________________________ > > > > > > > > ---------------------------------------------------------------------- > ------ -- How ServiceNow helps IT people transform IT departments: 1. > Consolidate legacy IT systems to a single system of record for IT 2. > Standardize and globalize service processes across IT 3. Implement > zero-touch automation to replace manual, redundant tasks > http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.c > lktrk _______________________________________________ Shorewall-users > mailing list Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ---------------------------------------------------------------------- > -------- How ServiceNow helps IT people transform IT departments: 1. > Consolidate legacy IT systems to a single system of record for IT 2. > Standardize and globalize service processes across IT 3. Implement > zero-touch automation to replace manual, redundant tasks > http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.c > lktrk _______________________________________________ Shorewall-users > mailing list Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
On 9/12/2013 5:23 PM, matt darfeuille wrote:> I get the following while running the requested command > > root@OpenWrt:~# shorewall-lite show config > Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite > Default VARDIR is /var/lib/shorewall-lite > LIBEXEC is /usr/lib > SBINDIR is /usr/sbin > CONFDIR is /etc > LITEDIR is /etc/shorewall-lite/state >And what version of Shorewall and of Shorewall-lite are you running? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
I''m running shorewall 4.5.18 and shorewall-lite 4.5.7 MD On 12 Sep 2013 at 17:45, Tom Eastep wrote: Date sent: Thu, 12 Sep 2013 17:45:24 -0700 From: Tom Eastep <teastep@shorewall.net> To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>> On 9/12/2013 5:23 PM, matt darfeuille wrote: > > I get the following while running the requested command > > > > root@OpenWrt:~# shorewall-lite show config > > Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite > > Default VARDIR is /var/lib/shorewall-lite LIBEXEC is /usr/lib > > SBINDIR is /usr/sbin CONFDIR is /etc LITEDIR is > > /etc/shorewall-lite/state > > > > And what version of Shorewall and of Shorewall-lite are you running? > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
On 9/12/2013 5:57 PM, matt darfeuille wrote:> I''m running shorewall 4.5.18 and shorewall-lite 4.5.7 >On the Shorewall-lite system, does the file /etc/shorewall/vardir exist? If so, what are its contents? Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
yes the file vardir does exist on the firewall system and has the following: root@OpenWrt:~# cat /etc/shorewall-lite/vardir # move state dir out of ram VARDIR=/etc/shorewall-lite/state MD On 13 Sep 2013 at 6:28, Tom Eastep wrote: Date sent: Fri, 13 Sep 2013 06:28:12 -0700 From: Tom Eastep <teastep@shorewall.net> To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>> On 9/12/2013 5:57 PM, matt darfeuille wrote: > > I''m running shorewall 4.5.18 and shorewall-lite 4.5.7 > > > > On the Shorewall-lite system, does the file /etc/shorewall/vardir > exist? If so, what are its contents? > > Thanks, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
On 9/13/2013 7:06 AM, matt darfeuille wrote:> yes the file vardir does exist on the firewall system and has the > following: > root@OpenWrt:~# cat /etc/shorewall-lite/vardir > # move state dir out of ram > VARDIR=/etc/shorewall-lite/state >Okay -- try this: a) copy the /usr/share/shorewall/shorewallrc file from the Shorewall-lite box to it''s configuration directory on the Shorewall system. b) Modify that copy to say: VARDIR=/etc/shorewall/state Now try ''shorewall load <lite box name-or-address>'' -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
I did what you suggested on a fresh install, copying shorewallrc from
the firewall system to the administrative system and modifying
shorewallrc with the provided line but no luck!
root@old:/usr/share/shorewall/3700# /sbin/shorewall load 192.168.88.1
Processing /usr/share/shorewall/3700/params ...
Processing /usr/share/shorewall/3700/shorewall.conf...
WARNING: Your capabilities file is out of date -- it does not
contain all of the capabilities defined by Shorewall version 4.5.18
Compiling /usr/share/shorewall/3700/zones...
Compiling /usr/share/shorewall/3700/interfaces...
Determining Hosts in Zones...
WARNING: *** mult2 is an EMPTY ZONE ***
Locating Action Files...
Compiling /usr/share/shorewall/3700/policy...
Running /usr/share/shorewall/3700/initdone...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /usr/share/shorewall/3700/masq...
Compiling MAC Filtration -- Phase 1...
Compiling /usr/share/shorewall/3700/rules...
Compiling /usr/share/shorewall/3700/conntrack...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Compiling /usr/share/shorewall/action.Drop for chain Drop...
Compiling /usr/share/shorewall/action.Broadcast for chain
Broadcast...
Generating Rule Matrix...
Compiling /usr/share/shorewall/action.Reject for chain Reject...
Creating iptables-restore input...
Compiling /usr/share/shorewall/3700/stoppedrules...
Shorewall configuration compiled to
/usr/share/shorewall/3700/firewall
Copying /usr/share/shorewall/3700/firewall and
/usr/share/shorewall/3700/firewall.conf to
192.168.88.1:/var/lib/shorewall-lite...
Enter passphrase for key ''/root/.ssh/id_rsa'':
scp: /var/lib/shorewall-lite: No such file or directory
root@old:/usr/share/shorewall/3700# cat shorewallrc
#
# Created by Shorewall Core version 4.5.7 configure - Tue Sep 10
18:53:19 MST 2013
#
# Input: --target=mips-openwrt-linux --host=mips-openwrt-linux
--build=x86_64-linux-gnu --program-prefix= --program-suffix=
--prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
--sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc
--datadir=/usr/share --localstatedir=/var --mandir=/usr/man
--infodir=/usr/info --disable-nls vendor=linux
#
HOST=linux
PREFIX=/usr
SHAREDIR=/usr/share
LIBEXECDIR=/usr/lib
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/usr/sbin
MANDIR=/usr/man
INITDIR=etc/init.d
INITSOURCE=init.sh
INITFILE=$PRODUCT
AUXINITSOURCEAUXINITFILESYSTEMDSYSCONFFILESYSCONFDIR=/etc
SPARSEANNOTATED#VARDIR=/var/lib
VARDIR=/etc/shorewall/state
MD
On 13 Sep 2013 at 7:44, Tom Eastep wrote:
Date sent: Fri, 13 Sep 2013 07:44:35 -0700
From: Tom Eastep <teastep@shorewall.net>
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] shorewall-lite error at start
Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net>
<mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe>
<mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>
> On 9/13/2013 7:06 AM, matt darfeuille wrote:
> > yes the file vardir does exist on the firewall system and has the
> > following: root@OpenWrt:~# cat /etc/shorewall-lite/vardir
> > # move state dir out of ram
> > VARDIR=/etc/shorewall-lite/state
> >
>
> Okay -- try this:
>
> a) copy the /usr/share/shorewall/shorewallrc file from the
> Shorewall-lite box to it''s configuration directory on the
Shorewall
> system.
>
> b) Modify that copy to say:
>
> VARDIR=/etc/shorewall/state
>
> Now try ''shorewall load <lite box name-or-address>''
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
On 09/13/2013 12:58 PM, matt darfeuille wrote:> I did what you suggested on a fresh install, copying shorewallrc from > the firewall system to the administrative system and modifying > shorewallrc with the provided line but no luck! > > root@old:/usr/share/shorewall/3700# /sbin/shorewall load 192.168.88.1 > Processing /usr/share/shorewall/3700/params ... > Processing /usr/share/shorewall/3700/shorewall.conf... > WARNING: Your capabilities file is out of date -- it does not > contain all of the capabilities defined by Shorewall version 4.5.18 > Compiling /usr/share/shorewall/3700/zones... > Compiling /usr/share/shorewall/3700/interfaces... > Determining Hosts in Zones... > WARNING: *** mult2 is an EMPTY ZONE *** > Locating Action Files... > Compiling /usr/share/shorewall/3700/policy... > Running /usr/share/shorewall/3700/initdone... > Adding Anti-smurf Rules > Adding rules for DHCP > Compiling TCP Flags filtering... > Compiling Kernel Route Filtering... > Compiling Martian Logging... > Compiling /usr/share/shorewall/3700/masq... > Compiling MAC Filtration -- Phase 1... > Compiling /usr/share/shorewall/3700/rules... > Compiling /usr/share/shorewall/3700/conntrack... > Compiling MAC Filtration -- Phase 2... > Applying Policies... > Compiling /usr/share/shorewall/action.Drop for chain Drop... > Compiling /usr/share/shorewall/action.Broadcast for chain > Broadcast... > Generating Rule Matrix... > Compiling /usr/share/shorewall/action.Reject for chain Reject... > Creating iptables-restore input... > Compiling /usr/share/shorewall/3700/stoppedrules... > Shorewall configuration compiled to > /usr/share/shorewall/3700/firewall > Copying /usr/share/shorewall/3700/firewall and > /usr/share/shorewall/3700/firewall.conf to > 192.168.88.1:/var/lib/shorewall-lite... > Enter passphrase for key ''/root/.ssh/id_rsa'': > scp: /var/lib/shorewall-lite: No such file or directory > > root@old:/usr/share/shorewall/3700# cat shorewallrc > # > # Created by Shorewall Core version 4.5.7 configure - Tue Sep 10 > 18:53:19 MST 2013 > # > # Input: --target=mips-openwrt-linux --host=mips-openwrt-linux > --build=x86_64-linux-gnu --program-prefix= --program-suffix= > --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin > --sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc > --datadir=/usr/share --localstatedir=/var --mandir=/usr/man > --infodir=/usr/info --disable-nls vendor=linux > # > HOST=linux > PREFIX=/usr > SHAREDIR=/usr/share > LIBEXECDIR=/usr/lib > PERLLIBDIR=${PREFIX}/share/shorewall > CONFDIR=/etc > SBINDIR=/usr/sbin > MANDIR=/usr/man > INITDIR=etc/init.d > INITSOURCE=init.sh > INITFILE=$PRODUCT > AUXINITSOURCE> AUXINITFILE> SYSTEMD> SYSCONFFILE> SYSCONFDIR=/etc > SPARSE> ANNOTATED> #VARDIR=/var/lib > VARDIR=/etc/shorewall/stateOkay -- I guess the cross-version issues are unsurmountable. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
ok I guess I would have to find a way to avoied cross-version issues!:) Thanks for pinpointing it though! MD On 13 Sep 2013 at 13:13, Tom Eastep wrote: Date sent: Fri, 13 Sep 2013 13:13:58 -0700 From: Tom Eastep <teastep@shorewall.net> To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>> On 09/13/2013 12:58 PM, matt darfeuille wrote: > > I did what you suggested on a fresh install, copying shorewallrc > > from the firewall system to the administrative system and modifying > > shorewallrc with the provided line but no luck! > > > > root@old:/usr/share/shorewall/3700# /sbin/shorewall load > > 192.168.88.1 Processing /usr/share/shorewall/3700/params ... > > Processing /usr/share/shorewall/3700/shorewall.conf... > > WARNING: Your capabilities file is out of date -- it does not > > contain all of the capabilities defined by Shorewall version 4.5.18 > > Compiling /usr/share/shorewall/3700/zones... Compiling > > /usr/share/shorewall/3700/interfaces... Determining Hosts in > > Zones... > > WARNING: *** mult2 is an EMPTY ZONE *** > > Locating Action Files... > > Compiling /usr/share/shorewall/3700/policy... > > Running /usr/share/shorewall/3700/initdone... > > Adding Anti-smurf Rules > > Adding rules for DHCP > > Compiling TCP Flags filtering... > > Compiling Kernel Route Filtering... > > Compiling Martian Logging... > > Compiling /usr/share/shorewall/3700/masq... > > Compiling MAC Filtration -- Phase 1... > > Compiling /usr/share/shorewall/3700/rules... > > Compiling /usr/share/shorewall/3700/conntrack... > > Compiling MAC Filtration -- Phase 2... > > Applying Policies... > > Compiling /usr/share/shorewall/action.Drop for chain Drop... > > Compiling /usr/share/shorewall/action.Broadcast for chain > > Broadcast... > > Generating Rule Matrix... > > Compiling /usr/share/shorewall/action.Reject for chain Reject... > > Creating iptables-restore input... Compiling > > /usr/share/shorewall/3700/stoppedrules... Shorewall configuration > > compiled to /usr/share/shorewall/3700/firewall Copying > > /usr/share/shorewall/3700/firewall and > > /usr/share/shorewall/3700/firewall.conf to > > 192.168.88.1:/var/lib/shorewall-lite... Enter passphrase for key > > ''/root/.ssh/id_rsa'': scp: /var/lib/shorewall-lite: No such file or > > directory > > > > root@old:/usr/share/shorewall/3700# cat shorewallrc > > # > > # Created by Shorewall Core version 4.5.7 configure - Tue Sep 10 > > 18:53:19 MST 2013 > > # > > # Input: --target=mips-openwrt-linux --host=mips-openwrt-linux > > --build=x86_64-linux-gnu --program-prefix= --program-suffix= > > --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin > > --sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc > > --datadir=/usr/share --localstatedir=/var --mandir=/usr/man > > --infodir=/usr/info --disable-nls vendor=linux > > # > > HOST=linux > > PREFIX=/usr > > SHAREDIR=/usr/share > > LIBEXECDIR=/usr/lib > > PERLLIBDIR=${PREFIX}/share/shorewall > > CONFDIR=/etc > > SBINDIR=/usr/sbin > > MANDIR=/usr/man > > INITDIR=etc/init.d > > INITSOURCE=init.sh > > INITFILE=$PRODUCT > > AUXINITSOURCE> > AUXINITFILE> > SYSTEMD> > SYSCONFFILE> > SYSCONFDIR=/etc > > SPARSE> > ANNOTATED> > #VARDIR=/var/lib > > VARDIR=/etc/shorewall/state > > Okay -- I guess the cross-version issues are unsurmountable. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk
ok to resolved the cross-version issues i installed shorewall-core-4.5.7 along with shorewall-4.5.7 on the administrative system but the following error comes up: "ash: /usr/sbin/shorewall-lite: Permission denied" root@old:/usr/share/shorewall/open# /sbin/shorewall load 192.168.88.1 Enter passphrase for key ''/root/.ssh/id_rsa'': Enter passphrase for key ''/root/.ssh/id_rsa'': Enter passphrase for key ''/root/.ssh/id_rsa'': Enter passphrase for key ''/root/.ssh/id_rsa'': Compiling... Processing /usr/share/shorewall/open/params ... Processing /usr/share/shorewall/open/shorewall.conf... Compiling /usr/share/shorewall/open/zones... Compiling /usr/share/shorewall/open/interfaces... Determining Hosts in Zones... Locating Action Files... Compiling /usr/share/shorewall/action.Drop for chain Drop... Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... Compiling /usr/share/shorewall/action.Invalid for chain Invalid... Compiling /usr/share/shorewall/action.NotSyn for chain NotSyn... Compiling /usr/share/shorewall/action.Reject for chain Reject... Compiling /usr/share/shorewall/open/policy... Adding Anti-smurf Rules Adding rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling /usr/share/shorewall/open/masq... Compiling MAC Filtration -- Phase 1... Compiling /usr/share/shorewall/open/rules... Compiling MAC Filtration -- Phase 2... Applying Policies... Generating Rule Matrix... Creating iptables-restore input... Compiling /usr/share/shorewall/open/routestopped... Shorewall configuration compiled to /usr/share/shorewall/open/firewall Copying /usr/share/shorewall/open/firewall and /usr/share/shorewall/open/firewall.conf to 192.168.88.1:/etc/shorewall-lite/state... Enter passphrase for key ''/root/.ssh/id_rsa'': firewall 100% 70KB 69.6KB/s 00:00 firewall.conf 100% 382 0.4KB/s 00:00 Copy complete Enter passphrase for key ''/root/.ssh/id_rsa'': ash: /usr/sbin/shorewall-lite: not found any idea why? p.s. so to recap administrative system : shorewall 4.5.7 and on the firewall system shorewall-lite 4.5.7 and shorewallrc and the capabilities files are in the export directory of the administrative system MD On 13 Sep 2013 at 13:13, Tom Eastep wrote: Date sent: Fri, 13 Sep 2013 13:13:58 -0700 From: Tom Eastep <teastep@shorewall.net> To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>> On 09/13/2013 12:58 PM, matt darfeuille wrote: > > I did what you suggested on a fresh install, copying shorewallrc > > from the firewall system to the administrative system and modifying > > shorewallrc with the provided line but no luck! > > > > root@old:/usr/share/shorewall/3700# /sbin/shorewall load > > 192.168.88.1 Processing /usr/share/shorewall/3700/params ... > > Processing /usr/share/shorewall/3700/shorewall.conf... > > WARNING: Your capabilities file is out of date -- it does not > > contain all of the capabilities defined by Shorewall version 4.5.18 > > Compiling /usr/share/shorewall/3700/zones... Compiling > > /usr/share/shorewall/3700/interfaces... Determining Hosts in > > Zones... > > WARNING: *** mult2 is an EMPTY ZONE *** > > Locating Action Files... > > Compiling /usr/share/shorewall/3700/policy... > > Running /usr/share/shorewall/3700/initdone... > > Adding Anti-smurf Rules > > Adding rules for DHCP > > Compiling TCP Flags filtering... > > Compiling Kernel Route Filtering... > > Compiling Martian Logging... > > Compiling /usr/share/shorewall/3700/masq... > > Compiling MAC Filtration -- Phase 1... > > Compiling /usr/share/shorewall/3700/rules... > > Compiling /usr/share/shorewall/3700/conntrack... > > Compiling MAC Filtration -- Phase 2... > > Applying Policies... > > Compiling /usr/share/shorewall/action.Drop for chain Drop... > > Compiling /usr/share/shorewall/action.Broadcast for chain > > Broadcast... > > Generating Rule Matrix... > > Compiling /usr/share/shorewall/action.Reject for chain Reject... > > Creating iptables-restore input... Compiling > > /usr/share/shorewall/3700/stoppedrules... Shorewall configuration > > compiled to /usr/share/shorewall/3700/firewall Copying > > /usr/share/shorewall/3700/firewall and > > /usr/share/shorewall/3700/firewall.conf to > > 192.168.88.1:/var/lib/shorewall-lite... Enter passphrase for key > > ''/root/.ssh/id_rsa'': scp: /var/lib/shorewall-lite: No such file or > > directory > > > > root@old:/usr/share/shorewall/3700# cat shorewallrc > > # > > # Created by Shorewall Core version 4.5.7 configure - Tue Sep 10 > > 18:53:19 MST 2013 > > # > > # Input: --target=mips-openwrt-linux --host=mips-openwrt-linux > > --build=x86_64-linux-gnu --program-prefix= --program-suffix= > > --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin > > --sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc > > --datadir=/usr/share --localstatedir=/var --mandir=/usr/man > > --infodir=/usr/info --disable-nls vendor=linux > > # > > HOST=linux > > PREFIX=/usr > > SHAREDIR=/usr/share > > LIBEXECDIR=/usr/lib > > PERLLIBDIR=${PREFIX}/share/shorewall > > CONFDIR=/etc > > SBINDIR=/usr/sbin > > MANDIR=/usr/man > > INITDIR=etc/init.d > > INITSOURCE=init.sh > > INITFILE=$PRODUCT > > AUXINITSOURCE> > AUXINITFILE> > SYSTEMD> > SYSCONFFILE> > SYSCONFDIR=/etc > > SPARSE> > ANNOTATED> > #VARDIR=/var/lib > > VARDIR=/etc/shorewall/state > > Okay -- I guess the cross-version issues are unsurmountable. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
On 9/16/2013 10:43 AM, matt darfeuille wrote:> Copy complete > Enter passphrase for key ''/root/.ssh/id_rsa'': > ash: /usr/sbin/shorewall-lite: not found > > any idea why? >In /usr/share/shorewall/shorewallrc, what is the setting of SBINDIR on both systems? Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
here they are!
administrative system
SBINDIR=/sbin #Directory where system
administration programs are installed
firewall system:
SBINDIR=/usr/sbin
administrative system:
root@old:~# cat /usr/share/shorewall/shorewallrc
#
# Debian Shorewall 4.5 rc file
#
BUILD= #Default is to detect the
build system
HOST=debian
PREFIX=/usr #Top-level directory for
shared files, libraries, etc.
SHAREDIR=${PREFIX}/share #Directory for arch-neutral
files.
LIBEXECDIR=${PREFIX}/share #Directory for executable
scripts.
PERLLIBDIR=${PREFIX}/share/shorewall #Directory to install
Shorewall Perl module directory
CONFDIR=/etc #Directory where subsystem
configurations are installed
SBINDIR=/sbin #Directory where system
administration programs are installed
MANDIR=${PREFIX}/share/man #Directory where manpages are
installed.
INITDIR=/etc/init.d #Directory where SysV init
scripts are installed.
INITFILE=$PRODUCT #Name of the product''s
installed SysV init script
INITSOURCE=init.debian.sh #Name of the distributed file
to be installed as the SysV init script
ANNOTATED= #If non-zero, annotated
configuration files are installed
SYSCONFFILE=default.debian #Name of the distributed file
to be installed in $SYSCONFDIR
SYSCONFDIR=/etc/default #Directory where SysV init
parameter files are installed
SYSTEMD= #Directory where .service
files are installed (systems running systemd only)
SPARSE=Yes #If non-empty, only install
$PRODUCT/$PRODUCT.conf in $CONFDIR
VARDIR=/var/lib #Directory where product
variable data is stored.
firewall system:
root@OpenWrt:~# cat /usr/share/shorewall/shorewallrc
#
# Created by Shorewall Core version 4.5.7 configure - Tue Sep 10
18:53:19 MST 2013
#
# Input: --target=mips-openwrt-linux --host=mips-openwrt-linux
--build=x86_64-linux-gnu --program-prefix= --program-suffix=
--prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
--sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc
--datadir=/usr/share --localstatedir=/var --mandir=/usr/man
--infodir=/usr/info --disable-nls vendor=linux
#
HOST=linux
PREFIX=/usr
SHAREDIR=/usr/share
LIBEXECDIR=/usr/lib
PERLLIBDIR=${PREFIX}/share/shorewall
CONFDIR=/etc
SBINDIR=/usr/sbin
MANDIR=/usr/man
INITDIR=etc/init.d
INITSOURCE=init.sh
INITFILE=$PRODUCT
AUXINITSOURCEAUXINITFILESYSTEMDSYSCONFFILESYSCONFDIR=/etc
SPARSEANNOTATEDVARDIR=/var/lib
MD
On 16 Sep 2013 at 10:57, Tom Eastep wrote:
Date sent: Mon, 16 Sep 2013 10:57:16 -0700
From: Tom Eastep <teastep@shorewall.net>
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] shorewall-lite error at start
Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net>
<mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe>
<mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>
> On 9/16/2013 10:43 AM, matt darfeuille wrote:
>
> > Copy complete
> > Enter passphrase for key ''/root/.ssh/id_rsa'':
> > ash: /usr/sbin/shorewall-lite: not found
> >
> > any idea why?
> >
>
> In /usr/share/shorewall/shorewallrc, what is the setting of SBINDIR on
> both systems?
>
> Thanks,
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
On 9/16/2013 11:23 AM, matt darfeuille wrote:> here they are! > > administrative system > SBINDIR=/sbin #Directory where system > administration programs are installed > > firewall system: > SBINDIR=/usr/sbin > >The firewall system''s shorewallrc file says that ''shorewall-lite'' should be in /usr/sbin; where is it actually installed? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
Ok it is now working like a charm! I just had to change SBINDIR=/usr/sbin to SBINDIR=/sbin in shorewallrc! Now it brings me to an other question! I want to keep install shorewall 4.5.7 for managing my firewall system but i would like to run an other version of shorewall(eg 4.5.18) for firewalling my administrative system, if this possible? If yes how? And thank you Tom for helping me having it working! MD On 16 Sep 2013 at 12:53, Tom Eastep wrote: Date sent: Mon, 16 Sep 2013 12:53:36 -0700 From: Tom Eastep <teastep@shorewall.net> To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>> On 9/16/2013 11:23 AM, matt darfeuille wrote: > > here they are! > > > > administrative system > > SBINDIR=/sbin #Directory where system > > administration programs are installed > > > > firewall system: > > SBINDIR=/usr/sbin > > > > > > The firewall system''s shorewallrc file says that ''shorewall-lite'' > should be in /usr/sbin; where is it actually installed? > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
after some troubles with my gmail acount(unread emails gone ...) I apologize for my late answer! on the shorewall-lite note with the spindir option set to /sbin in shorewallrc it is also working with a newer version of shorewall (shorewall 4.5.20 for instence) the only "problem" with shorewall-4.5.20 is that the load/reload command SCPed firewall firewall.conf to var/lib/shorewall-lite but with shorewall-lite4.5.7 they need to be in /etc/shorewall-lite/state/. Is there a way to change where scp send the files? MD On 17 Sep 2013 at 1:42, matt darfeuille wrote: From: "matt darfeuille" <matdarf@gmail.com> To: Shorewall Users <shorewall-users@lists.sourceforge.net> Date sent: Tue, 17 Sep 2013 01:42:10 +0200 Priority: normal Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: shorewall-users@lists.sourceforge.net <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscr ibe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscrib e>> Ok it is now working like a charm! > I just had to change SBINDIR=/usr/sbin to SBINDIR=/sbin in > shorewallrc! > > Now it brings me to an other question! > I want to keep install shorewall 4.5.7 for managing my firewall > system but i would like to run an other version of shorewall(eg > 4.5.18) for firewalling my administrative system, if this possible? If > yes how? > > And thank you Tom for helping me having it working! > > MD > > On 16 Sep 2013 at 12:53, Tom Eastep wrote: > > Date sent: Mon, 16 Sep 2013 12:53:36 -0700 > From: Tom Eastep <teastep@shorewall.net> > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] shorewall-lite error at start > Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> > <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubsc > ribe> > <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscri > be> > > > On 9/16/2013 11:23 AM, matt darfeuille wrote: > > > here they are! > > > > > > administrative system > > > SBINDIR=/sbin #Directory where system > > > administration programs are installed > > > > > > firewall system: > > > SBINDIR=/usr/sbin > > > > > > > > > > The firewall system''s shorewallrc file says that ''shorewall-lite'' > > should be in /usr/sbin; where is it actually installed? > > > > -Tom > > -- > > Tom Eastep \ When I die, I want to go like my Grandfather who > > Shoreline, \ died peacefully in his sleep. Not screaming > > like Washington, USA \ all of the passengers in his car > > http://shorewall.net > > \________________________________________________ > > > > > > > > ---------------------------------------------------------------------- > -------- LIMITED TIME SALE - Full Year of Microsoft Training For Just > $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows > 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New > Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. > Lowest price ever! Ends 9/20/13. > http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.c > lktrk _______________________________________________ Shorewall-users > mailing list Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
On 9/18/2013 12:11 PM, matt darfeuille wrote:> after some troubles with my gmail acount(unread emails gone ...) I > apologize for my late answer! > > on the shorewall-lite note > with the spindir option set to /sbin in shorewallrc it is also > working with a newer version of shorewall (shorewall 4.5.20 for > instence) > > the only "problem" with shorewall-4.5.20 is that the load/reload > command SCPed firewall firewall.conf to var/lib/shorewall-lite but > with shorewall-lite4.5.7 they need to be in > /etc/shorewall-lite/state/. > > Is there a way to change where scp send the files?There is, but it can''t specify /etc/shorewall/state at the moment. I''ll include in 4.5.21. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
On 9/18/2013 4:27 PM, Tom Eastep wrote:> On 9/18/2013 12:11 PM, matt darfeuille wrote: >> after some troubles with my gmail acount(unread emails gone ...) I >> apologize for my late answer! >> >> on the shorewall-lite note >> with the spindir option set to /sbin in shorewallrc it is also >> working with a newer version of shorewall (shorewall 4.5.20 for >> instence) >> >> the only "problem" with shorewall-4.5.20 is that the load/reload >> command SCPed firewall firewall.conf to var/lib/shorewall-lite but >> with shorewall-lite4.5.7 they need to be in >> /etc/shorewall-lite/state/. >> >> Is there a way to change where scp send the files? > > There is, but it can''t specify /etc/shorewall/state at the moment. I''ll > include in 4.5.21.Please apply the attached patch and see if it works correctly. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
On 9/18/2013 8:40 PM, Tom Eastep wrote:> On 9/18/2013 4:27 PM, Tom Eastep wrote: >> On 9/18/2013 12:11 PM, matt darfeuille wrote: >>> after some troubles with my gmail acount(unread emails gone ...) I >>> apologize for my late answer! >>> >>> on the shorewall-lite note >>> with the spindir option set to /sbin in shorewallrc it is also >>> working with a newer version of shorewall (shorewall 4.5.20 for >>> instence) >>> >>> the only "problem" with shorewall-4.5.20 is that the load/reload >>> command SCPed firewall firewall.conf to var/lib/shorewall-lite but >>> with shorewall-lite4.5.7 they need to be in >>> /etc/shorewall-lite/state/. >>> >>> Is there a way to change where scp send the files? >> >> There is, but it can''t specify /etc/shorewall/state at the moment. I''ll >> include in 4.5.21. > > Please apply the attached patch and see if it works correctly.Corrected patch attached -- use this one rather than the prior one. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
Hi Tom and thank you for the patch and for including it in the upcoming versionof shorewall! However I am not sure how to patch shorewall(first time patching something on debian7). Should I put the patch in a particular directory before issuing the patch command? Whitch command should I use?(I tried patch LiTEDIR1.patch, patch -p0 LITEDIR1.patch, patch -p1 LITEDIR1.patch but without luck) Obviously I am missing something here!:) MD On 18 Sep 2013 at 21:03, Tom Eastep wrote: Date sent: Wed, 18 Sep 2013 21:03:34 -0700 From: Tom Eastep <teastep@shorewall.net> To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>> On 9/18/2013 8:40 PM, Tom Eastep wrote: > > On 9/18/2013 4:27 PM, Tom Eastep wrote: > >> On 9/18/2013 12:11 PM, matt darfeuille wrote: > >>> after some troubles with my gmail acount(unread emails gone ...) I > >>> apologize for my late answer! > >>> > >>> on the shorewall-lite note > >>> with the spindir option set to /sbin in shorewallrc it is also > >>> working with a newer version of shorewall (shorewall 4.5.20 for > >>> instence) > >>> > >>> the only "problem" with shorewall-4.5.20 is that the load/reload > >>> command SCPed firewall firewall.conf to var/lib/shorewall-lite but > >>> with shorewall-lite4.5.7 they need to be in > >>> /etc/shorewall-lite/state/. > >>> > >>> Is there a way to change where scp send the files? > >> > >> There is, but it can''t specify /etc/shorewall/state at the moment. > >> I''ll include in 4.5.21. > > > > Please apply the attached patch and see if it works correctly. > > Corrected patch attached -- use this one rather than the prior one. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ >------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
On 9/19/2013 4:32 AM, matt darfeuille wrote:> Hi Tom and thank you for the patch and for including it in the > upcoming versionof shorewall! > > However I am not sure how to patch shorewall(first time patching > something on debian7). > > Should I put the patch in a particular directory before issuing the > patch command? > Whitch command should I use?(I tried patch LiTEDIR1.patch, patch -p0 > LITEDIR1.patch, patch -p1 LITEDIR1.patch but without luck) > > Obviously I am missing something here!:) >Matt, The patch need not be in any particular directory: patch /usr/share/shorewall/lib.cli-std < <path-to-patch> -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
Ok I patched it successfully, while in the export directory on the administrative system I issued the command /sbin/shorewall load/reload and it is now working flawlessly!!!:) again thank you so much for helping me solving it and for making such an amazing software! MD root@old:~# patch /usr/share/shorewall/lib.cli-std /root/shorewall/LITEDIR1.patch (Stripping trailing CRs from patch.) patching file /usr/share/shorewall/lib.cli-std root@old:~# cd /root/3700/ root@old:~/3700# /sbin/shorewall load wndr Enter passphrase for key ''/root/.ssh/wndr'': Compiling... Processing /root/3700/params ... Processing /root/3700/shorewall.conf... Compiling /root/3700/zones... Compiling /root/3700/interfaces... Determining Hosts in Zones... WARNING: *** mult2 is an EMPTY ZONE *** Locating Action Files... Compiling /root/3700/policy... Running /root/3700/initdone... Adding Anti-smurf Rules Adding rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling /root/3700/masq... Compiling MAC Filtration -- Phase 1... Compiling /root/3700/rules... Compiling /root/3700/conntrack... Compiling MAC Filtration -- Phase 2... Applying Policies... Compiling /usr/share/shorewall/action.Drop for chain Drop... Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... Generating Rule Matrix... Compiling /usr/share/shorewall/action.Reject for chain Reject... Creating iptables-restore input... Compiling /root/3700/stoppedrules... Shorewall configuration compiled to /root/3700/firewall Copying /root/3700/firewall and /root/3700/firewall.conf to wndr:/etc/shorewall-lite/state... Enter passphrase for key ''/root/.ssh/wndr'': firewall 100% 76KB 75.7KB/s 00:00 firewall.conf 100% 861 0.8KB/s 00:00 Copy complete Enter passphrase for key ''/root/.ssh/wndr'': Starting Shorewall Lite.... Initializing... Processing init user exit ... Processing tcclear user exit ... Setting up Route Filtering... Setting up Martian Logging... Setting up Proxy ARP... Preparing iptables-restore input... Running /usr/sbin/iptables-restore... IPv4 Forwarding Enabled Processing start user exit ... Processing started user exit ... done. System wndr loaded root@old:~/3700# /sbin/shorewall reload wndr Enter passphrase for key ''/root/.ssh/wndr'': Compiling... Processing /root/3700/params ... Processing /root/3700/shorewall.conf... Compiling /root/3700/zones... Compiling /root/3700/interfaces... Determining Hosts in Zones... WARNING: *** mult2 is an EMPTY ZONE *** Locating Action Files... Compiling /root/3700/policy... Running /root/3700/initdone... Adding Anti-smurf Rules Adding rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling /root/3700/masq... Compiling MAC Filtration -- Phase 1... Compiling /root/3700/rules... Compiling /root/3700/conntrack... Compiling MAC Filtration -- Phase 2... Applying Policies... Compiling /usr/share/shorewall/action.Drop for chain Drop... Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... Generating Rule Matrix... Compiling /usr/share/shorewall/action.Reject for chain Reject... Creating iptables-restore input... Compiling /root/3700/stoppedrules... Shorewall configuration compiled to /root/3700/firewall Copying /root/3700/firewall and /root/3700/firewall.conf to wndr:/etc/shorewall-lite/state... Enter passphrase for key ''/root/.ssh/wndr'': firewall 100% 76KB 75.7KB/s 00:00 firewall.conf 100% 861 0.8KB/s 00:00 Copy complete Enter passphrase for key ''/root/.ssh/wndr'': Restarting Shorewall Lite.... Initializing... Processing init user exit ... Processing tcclear user exit ... Setting up Route Filtering... Setting up Martian Logging... Setting up Proxy ARP... Preparing iptables-restore input... Running /usr/sbin/iptables-restore... IPv4 Forwarding Enabled Processing start user exit ... Processing started user exit ... done. System wndr reloaded On 19 Sep 2013 at 6:32, Tom Eastep wrote: Date sent: Thu, 19 Sep 2013 06:32:57 -0700 From: Tom Eastep <teastep@shorewall.net> To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] shorewall-lite error at start Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>> On 9/19/20 13 4:32 AM, matt darfeuille wrote: > > Hi Tom and thank you for the patch and for including it in the > > upcoming versionof shorewall! > > > > However I am not sure how to patch shorewall(first time patching > > something on debian7). > > > > Should I put the patch in a particular directory before issuing the > > patch command? Whitch command should I use?(I tried patch > > LiTEDIR1.patch, patch -p0 LITEDIR1.patch, patch -p1 LITEDIR1.patch > > but without luck) > > > > Obviously I am missing something here!:) > > > > Matt, > > The patch need not be in any particular directory: > > patch /usr/share/shorewall/lib.cli-std < <path-to-patch> > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
On 9/19/2013 7:31 AM, matt darfeuille wrote:> Ok I patched it successfully, while in the export directory on the > administrative system I issued the command /sbin/shorewall > load/reload and it is now working flawlessly!!!:) > > again thank you so much for helping me solving it and for making such > an amazing software! >Thanks for testing, Matt -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk