On Sat, Apr 8, 2017 at 5:38 PM, Adam <a...@gmx.com> wrote:
> Hi there. I'm trying to get fwknop working on Centos 7.3 for the first
> time (I've used it on Ubuntu for years).
>
> The systemd log records the following:
>
> Apr 08 21:17:14 nextcloud fwknopd[1052]: Starting fwknopd
> Apr 08 21:17:14 nextcloud systemd[1]: PID file
> /var/run/fwknop/fwknopd.pid not readable (yet?) after start.
> Apr 08 21:17:25 nextcloud fwknopd[1052]: Added jump rule from chain:
> INPUT to chain: FWKNOP_INPUT
> Apr 08 21:17:26 nextcloud fwknopd[1052]: Warning: Could not use the
> 'comment' match
> Apr 08 21:17:28 nextcloud systemd[1]: fwknopd.service never wrote its
> PID file. Failing.
> Apr 08 21:17:28 nextcloud systemd[1]: Failed to start The FireWall KNock
> OPerator (fwknop).
> Apr 08 21:17:28 nextcloud systemd[1]: Unit fwknopd.service entered
> failed state.
> Apr 08 21:17:28 nextcloud systemd[1]: fwknopd.service failed.
>
>
> I'm NOT using firewalld which I believe may be where the problem lies
> (and I really don't want to use it). I masked firewalld and removed the
> firewalld references from the service file and now I have this:
>
Hello Adam,
The problem appears to be the inability of fwknopd to see the 'comment'
match. Did you install the 'fwknop-server' package from the CentOS package
repositories? If so, to get things working and switch over to iptables, I'd
recommend installing the latest release of fwknop from sources and
compiling it with iptables support. Or just clone the latest code and to
the following:
$ git clone https://github.com/mrash/fwknop fwknop.git
$ cd fwknop.git
$ ./autogen.sh
$ ./configure --with-iptables=/sbin/iptables --prefix=/usr
--sysconfdir=/etc --localstatedir=/run
$ make
$ sudo make install
I think fwknopd should be functional after this.
Thanks,
--Mike
>
> [Unit]
> Description=The FireWall KNock OPerator (fwknop)
> Documentation=man:fwknop(8)
> After=network-online.target
>
> [Service]
> Type=forking
> PIDFile=/var/run/fwknop/fwknopd.pid
> ExecStart=/usr/sbin/fwknopd
> ExecReload=/bin/kill -HUP $MAINPID
>
> [Install]
> WantedBy=multi-user.target
>
>
> I run iptables using a bash script which builds the rules and then also
> have the following systemd file. FYI, the ipables binary was already on
> my vps when I booted it for the first time so I didn't install
> iptables-service. My existing arrangement is simple enough and works fine.
>
> [Unit]
> Description=ipt_centos7
> After=network.target
>
> [Service]
> RemainAfterExit=yes
> ExecStart=/root/ipt_centos7.sh start
> ExecStop=/root/ipt_centos7.sh stop
> User=root
>
> [Install]
> WantedBy=multi-user.target
>
>
> Anyone able to help out?
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fwknop-discuss mailing list
> Fwknop-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
