Your message dated Sat, 7 Mar 2009 20:19:57 -0500
with message-id <[email protected]>
and subject line Re: Bug#514413: shorewall: ipv4 forwarding not working
has caused the Debian Bug report #514413,
regarding shorewall: ipv4 forwarding not working
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
514413: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514413
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: shorewall
Version: 4.0.15-1
Severity: normal
The system does not forward masqueraded connections, while this is
configured in shorewall. After restarting shorewall once, everything
does work fine.
I have the package insserv installed with dependency based booting and
it seems that shorewall depends on procps being started: adding it to
/etc/init.d/shorewall:
# Required-Start: $network $procps
solves the issue.
I have 'IP_FORWARDING=Yes' in shorewall.conf and the following entries
in /etc/sysctl.conf:
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.ip_forward=1
Regards,
Jaap Eldering
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages shorewall depends on:
ii shorewall-shell 4.0.15-1 Shoreline Firewall, Netfilter conf
shorewall recommends no packages.
shorewall suggests no packages.
-- debconf information:
shorewall/upgrade_20_22:
shorewall/upgrade_14_20:
shorewall/upgrade_to_14:
shorewall/warnrfc1918:
shorewall/warn_about_klogd_floods:
* shorewall/dont_restart:
* shorewall/major_release: false
--- End Message ---
--- Begin Message ---
On Mon, Mar 02, 2009 at 07:07:18PM -0500, Roberto C. Sánchez wrote:
> On Mon, Mar 02, 2009 at 09:04:10PM +0100, Jaap Eldering wrote:
> >
> > 20:43:19 IP Forwarding Enabled
> > 20:43:19 Processing /etc/shorewall/started ...
> > /proc/sys/net/ipv4/ip_forward=1
> > 20:43:19 done.
>
> That right there shows that IP forwarding is enabled after Shorewall
> finishes starting. If it is disabled on your system, then that means
> that something is disabling it after Shorewall has already started. I
> am inclined to think that this is not a bug in Shorewall.
>
I am closing this bug. It is clear that this is not a bug in Shorewall.
If you are able to determine the culprit, please feel free to reopen
and reassign it to the correct package(s).
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
--- End Message ---
