Aleksander Bastl wrote: > The shorewall dont't start and I get two sort of errors >=20 > first one: >=20 > Compiling... > FATAL: Error inserting nf_conntrack_h323=20 > (/lib/modules/2.6.22.9-0.4-xen/kernel/net/netfilter/nf_conntrack_h323.k= o):=20 > Unknown symbol in module, or unknown parameter (see dmesg) > WARNING: Error inserting nf_conntrack_h323=20 > (/lib/modules/2.6.22.9-0.4-xen/kernel/net/netfilter/nf_conntrack_h323.k= o):=20 > Unknown symbol in module, or unknown parameter (see dmesg) > FATAL: Error inserting nf_nat_h323=20 > (/lib/modules/2.6.22.9-0.4-xen/kernel/net/ipv4/netfilter/nf_nat_h323.ko= ):=20 > Unknown symbol in module, or unknown parameter (see dmesg)
FWIW, I'm not seeing that here. But I'm seeing so many problems with
OpenSuSE 10.3 that if I were seeing it, it wouldn't be anywhere near the
top of my list.
>=20
> starting go forward and when I get second one all stops:
>=20
> Applying Policies...
> Activating Rules...
> iptables: Invalid argument
> ERROR: Command "/usr/sbin/iptables -A OUTPUT -o xenbr0 -j xenbr0_out"=
=20
> Failed
> Processing /etc/shorewall/stop ...
> IP Forwarding Enabled
> Processing /etc/shorewall/stopped ...
> /sbin/shorewall: line 366: 6164 Terminated =20
> ${VARDIR}/.start $debugging start
>=20
>=20
> I have similar configuration on OpenSuse 10.2 and SHOREWALL 3.2.x and=20
> work just fine.
>=20
> I attach end from my trace file, were shorewall start stops-terminated.=
>=20
> -----------------------------------------------------------------------=
----
> + run_iptables -A xenbr0_out -m physdev --physdev-out peth0 -j fw2all
> + '[' -n '' ']'
> + /usr/sbin/iptables -A xenbr0_out -m physdev --physdev-out peth0 -j fw=
2all
> + '[' 0 -ne 0 ']'
> + run_iptables -A xenbr0_in -m physdev --physdev-in peth0 -j net2fw
> + '[' -n '' ']'
> + /usr/sbin/iptables -A xenbr0_in -m physdev --physdev-in peth0 -j net2=
fw
> + '[' 0 -ne 0 ']'
> + run_iptables -A eth0_out -d 0.0.0.0/0 -j fw2all
> + '[' -n '' ']'
> + /usr/sbin/iptables -A eth0_out -d 0.0.0.0/0 -j fw2all
> + '[' 0 -ne 0 ']'
> + run_iptables -A eth0_in -s 0.0.0.0/0 -j net2fw
> + '[' -n '' ']'
> + /usr/sbin/iptables -A eth0_in -s 0.0.0.0/0 -j net2fw
> + '[' 0 -ne 0 ']'
> + run_iptables -A xenbr0_fwd -m physdev --physdev-in peth0 -o xenbr0 -m=
=20
> physdev --physdev-out vif+ -j net2dmz
> + '[' -n '' ']'
> + /usr/sbin/iptables -A xenbr0_fwd -m physdev --physdev-in peth0 -o=20
> xenbr0 -m physdev --physdev-out vif+ -j net2dmz
> + '[' 0 -ne 0 ']'
> + run_iptables -A eth0_fwd -s 0.0.0.0/0 -o xenbr0 -m physdev=20
> --physdev-out vif+ -j net2dmz
> + '[' -n '' ']'
> + /usr/sbin/iptables -A eth0_fwd -s 0.0.0.0/0 -o xenbr0 -m physdev=20
> --physdev-out vif+ -j net2dmz
> + '[' 0 -ne 0 ']'
> + run_iptables -A FORWARD -i xenbr0 -j xenbr0_fwd
> + '[' -n '' ']'
> + /usr/sbin/iptables -A FORWARD -i xenbr0 -j xenbr0_fwd
> + '[' 0 -ne 0 ']'
> + run_iptables -A INPUT -i xenbr0 -j xenbr0_in
> + '[' -n '' ']'
> + /usr/sbin/iptables -A INPUT -i xenbr0 -j xenbr0_in
> + '[' 0 -ne 0 ']'
> + run_iptables -A OUTPUT -o xenbr0 -j xenbr0_out
> + '[' -n '' ']'
> + /usr/sbin/iptables -A OUTPUT -o xenbr0 -j xenbr0_out
> iptables: Invalid argument
> + '[' 1 -ne 0 ']'
> + error_message 'ERROR: Command "/usr/sbin/iptables -A' OUTPUT -o xenbr=
0=20
> -j 'xenbr0_out" Failed'
> + echo ' ERROR: Command "/usr/sbin/iptables -A' OUTPUT -o xenbr0 -j=20
> 'xenbr0_out" Failed'
> ERROR: Command "/usr/sbin/iptables -A OUTPUT -o xenbr0 -j xenbr0_out=
"=20
> Failed
> + stop_firewall
> + case $COMMAND in
> + set +x
> /sbin/shorewall: line 366: 5707 Terminated =20
> ${VARDIR}/.start $debugging start
I can't tell anything from that small fragment of the trace file.
But I see that you have a bridged dom0 so it's possible that you are
running into problems caused by the fact that BRIDGING=3DYes is not
supported on kernels beyond 2.6.19 (10.2 had a 2.6.18 kernel while 10.3
has a 2.6.22 kernel).
-Tom
--=20
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
