Tom Eastep a écrit :
Jérôme Blion wrote:
Tom Eastep a écrit :
Jérôme Blion wrote:
Any help will be greatly appreciated :)
Does 'shorewall start -C shell' work?
-Tom
I want to use shorewall-perl, but it does not cost anything to test
shorewall-shell...
mx:~# shorewall safe-start -C shell
Compiling...
ERROR: SHOREWALL_COMPILER=shell requires the shorewall-shell package
which is not installed
==> So I installed it :-)
mx:/usr/share/shorewall-shell# shorewall safe-start
[ ... quite 30sec to wait the answer ... ]
Giving up on lock file /var/lib/shorewall/lock
Compiling...
Opening /proc/modules: No such file or directory
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Processing /usr/share/shorewall/action.Drop for chain Drop...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting...
Processing /etc/shorewall/params ...
Starting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Setting up ARP filtering...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Accept Source Routing...
Setting up Proxy ARP...
Setting up Traffic Control...
Preparing iptables-restore input...
Running iptables-restore...
iptables-restore: line 124 failed
ERROR: iptables-restore Failed. Input is in
/var/lib/shorewall/.iptables-restore-input
Processing /etc/shorewall/stop ...
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
Processing /etc/shorewall/stopped ...
Shorewall Cleared
/sbin/shorewall: line 816: 6074 Complété
${VARDIR}/.$command $command
Not better...
You still haven't tested Shorewall-shell.
Please 'shorewall start -C shorewall-shell' or if you insist on using
safe-start, then 'shorewall safe-start -C shorewall-shell'
-Tom
Sorry,
I installed the shell version, but not forced it to run...
It gives me the following results:
mx:/usr/local/src/shorewall-shell-4.0.0# ./install.sh
Installing Shorewall-shell Version 4.0.0
/usr/share/shorewall-shell saved to /usr/share/shorewall-shell-4.0.0.bkout
Compiler installed in /usr/share/shorewall-shell/compiler
Library accounting file installed as
/usr/share/shorewall-shell/lib.accounting
Library actions file installed as /usr/share/shorewall-shell/lib.actions
Library maclist file installed as /usr/share/shorewall-shell/lib.maclist
Library nat file installed as /usr/share/shorewall-shell/lib.nat
Library providers file installed as /usr/share/shorewall-shell/lib.providers
Library proxyarp file installed as /usr/share/shorewall-shell/lib.proxyarp
Library tc file installed as /usr/share/shorewall-shell/lib.tc
Library tcrules file installed as /usr/share/shorewall-shell/lib.tcrules
Library tunnels file installed as /usr/share/shorewall-shell/lib.tunnels
Program skeleton file footer installed as
/usr/share/shorewall-shell/prog.footer
Program skeleton file header installed as
/usr/share/shorewall-shell/prog.header
shorewall-shell Version 4.0.0 Installed
mx:/usr/local/src/shorewall-shell-4.0.0# shorewall safe-start -C shell
Giving up on lock file /var/lib/shorewall/lock
Compiling...
Initializing...
Determining Zones...
IPv4 Zones: wan
Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Validating Policy file...
Determining Hosts in Zones...
wan Zone: eth0:0.0.0.0/0
Deleting user chains...
Compiling /etc/shorewall/routestopped ...
Creating Interface Chains...
Compiling Common Rules
Compiling TCP Flags checking...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling IP Forwarding...
Compiling /etc/shorewall/rules...
Compiling Actions...
Compiling /usr/share/shorewall/action.Drop for Chain Drop...
Compiling /usr/share/shorewall/action.Reject for Chain Reject...
Compiling /etc/shorewall/policy...
Compiling Traffic Control Rules...
Compiling Rule Activation...
Shorewall configuration compiled to /var/lib/shorewall/.start
Starting...
Processing /etc/shorewall/params ...
Starting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Clearing Traffic Control/QOS
Deleting user chains...
iptables: No chain/target/match by that name
ERROR: Command "/sbin/iptables -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT" Failed
Processing /etc/shorewall/stop ...
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
Processing /etc/shorewall/stopped ...
Shorewall Cleared
/sbin/shorewall: line 816: 13209 Complété
${VARDIR}/.$command $command
Is there something wrong with this line?
Best regards.
Jerome Blion.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
