Re: [Shorewall-devel] [Shorewall-users] shorewall-init fails & 1 provider (vpn) interface unusable on boot -- but sys ends up fully up & running after boot anyway. why?

PGNd Tue, 23 Sep 2014 12:34:39 -0700

After upgrade to Shorewall 4.6.3.4 pkgs

        rpm -qa | grep -i shorewall
                shorewall-core-4.6.3.4-157.1.noarch
                shorewall-init-4.6.3.4-157.1.noarch
                shorewall-lite-4.6.3.4-157.1.noarch
                shorewall6-lite-4.6.3.4-157.1.noarch


on boot, shorewall-init no longer fails

        journalctl -xb | grep -i shorewall-init
                -- Subject: Unit shorewall-init.service has begun with start-up
                -- Unit shorewall-init.service has begun starting up.
                Sep 23 12:21:56 core shorewall-init[934]: Initializing 
"Shorewall-based firewalls": Stopping Shorewall Lite....
                Sep 23 12:21:56 core shorewall-init[934]: done.
                Sep 23 12:21:57 core shorewall-init[934]: Stopping Shorewall6 
Lite....
                Sep 23 12:21:57 core shorewall-init[934]: done.

but, my vpn tun interface specifically does not come up during boot now.  And 
there's additional inconsistent behavior on stop/start/restart after boot, from 
shell,

        /usr/sbin/shorewall-lite restart
                Restarting Shorewall Lite....
                  OK ping @ INTFC=eth0
                  BAD ping @ INTFC=tun1
                Initializing...
                Processing init user exit ...
                Processing tcclear user exit ...
                Setting up Route Filtering...
                Setting up Martian Logging...
                Setting up Accept Source Routing...
                Setting up Proxy ARP...
                Adding Providers...
                   WARNING: Interface tun1 is not usable -- Provider prov2 (2) 
not Started
                Preparing iptables-restore input...
                Running /usr/sbin/iptables-restore...
                IPv4 Forwarding Enabled
                Processing start user exit ...
                Processing started user exit ...
                started - nada
                done.
        /usr/sbin/shorewall-lite restart
                Restarting Shorewall Lite....
                  OK ping @ INTFC=eth0
                  BAD ping @ INTFC=tun1
                Initializing...
                Processing init user exit ...
                Processing tcclear user exit ...
                Setting up Route Filtering...
                Setting up Martian Logging...
                Setting up Accept Source Routing...
                Setting up Proxy ARP...
                Adding Providers...
                   WARNING: Interface tun1 is not usable -- Provider prov2 (2) 
not Started
                Preparing iptables-restore input...
                Running /usr/sbin/iptables-restore...
                IPv4 Forwarding Enabled
                Processing start user exit ...
                Processing started user exit ...
                started - nada
                done.

        /usr/sbin/shorewall-lite stop
                Stopping Shorewall Lite....
                  OK ping @ INTFC=eth0
                  BAD ping @ INTFC=tun1
                Processing stop user exit ...
                Processing tcclear user exit ...
                Running /usr/sbin/iptables-restore...
                IPv4 Forwarding Enabled
                Processing stopped user exit ...
                done.

        /usr/sbin/shorewall-lite start
                Starting Shorewall Lite....
                  BAD ping @ INTFC=eth0
                  BAD ping @ INTFC=tun1
                Initializing...
                Processing init user exit ...
                Processing tcclear user exit ...
                Setting up Route Filtering...
                Setting up Martian Logging...
                Setting up Accept Source Routing...
                Setting up Proxy ARP...
                Adding Providers...
                   WARNING: Interface eth0 is not usable -- Provider prov1 (1) 
not Started
                   WARNING: Interface tun1 is not usable -- Provider prov2 (2) 
not Started
                   WARNING: No Default route added (all 'balance' providers are 
down)
                   NOTICE: Default route restored
                Preparing iptables-restore input...
                Running /usr/sbin/iptables-restore...
                IPv4 Forwarding Enabled
                Processing start user exit ...
                Processing started user exit ...
                started - nada
                done.


        /usr/sbin/shorewall-lite stop
                Stopping Shorewall Lite....
                  OK ping @ INTFC=eth0
                  BAD ping @ INTFC=tun1
                Processing stop user exit ...
                Processing tcclear user exit ...
                Running /usr/sbin/iptables-restore...
                IPv4 Forwarding Enabled
                Processing stopped user exit ...
                done.

        /usr/sbin/shorewall-lite start
                Starting Shorewall Lite....
                  BAD ping @ INTFC=eth0
                  BAD ping @ INTFC=tun1
                Initializing...
                Processing init user exit ...
                Processing tcclear user exit ...
                Setting up Route Filtering...
                Setting up Martian Logging...
                Setting up Accept Source Routing...
                Setting up Proxy ARP...
                Adding Providers...
                   WARNING: Interface eth0 is not usable -- Provider prov1 (1) 
not Started
                   WARNING: Interface tun1 is not usable -- Provider prov2 (2) 
not Started
                   WARNING: No Default route added (all 'balance' providers are 
down)
                   NOTICE: Default route restored
                Preparing iptables-restore input...
                Running /usr/sbin/iptables-restore...
                IPv4 Forwarding Enabled
                Processing start user exit ...
                Processing started user exit ...
                started - nada
                done.

        /usr/sbin/shorewall-lite restart
                Restarting Shorewall Lite....
                  OK ping @ INTFC=eth0
                  BAD ping @ INTFC=tun1
                Initializing...
                Processing init user exit ...
                Processing tcclear user exit ...
                Setting up Route Filtering...
                Setting up Martian Logging...
                Setting up Accept Source Routing...
                Setting up Proxy ARP...
                Adding Providers...
                   WARNING: Interface tun1 is not usable -- Provider prov2 (2) 
not Started
                Preparing iptables-restore input...
                Running /usr/sbin/iptables-restore...
                IPv4 Forwarding Enabled
                Processing start user exit ...
                Processing started user exit ...
                started - nada
                done.


Starting to hunt this down now ...

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Re: [Shorewall-devel] [Shorewall-users] shorewall-init fails & 1 provider (vpn) interface unusable on boot -- but sys ends up fully up & running after boot anyway. why?

Reply via email to