Tom Eastep wrote: > Compare the output of 'shorewall-lite dump' before and after the restart.
it's rather huge and very different (because of packet number differences it's not easy to compare). it'd be better to create some kind of better dump which is easier to compare. but i assume i find it (diff -u)!: - /proc/sys/net/ipv4/ip_forward = 0 + /proc/sys/net/ipv4/ip_forward = 1 how can it be possible? the strange there are other differences like: -broadcast 213.253.216.128 dev eth1 proto kernel scope link src 213.253.216.130 +xt_comment 5953 0 +xt_policy 7617 0 >> the only difference what i find in the sysinit script is -f option to >> shorewall but in /var/lib/shorewall-lite/ the file firewall and >> restore are the same. > > The files /var/lib/shorewall-lite/firewall and > /var/lib/shorewall/restore are supposed to be the same if you have done > a 'shorewall-lite save'. > >> if i comment out the -f option then it's working without any >> workaround (or this is the workaround). >> so what can be the reason? >> > > The file /var/lib/shorewall-lite/.iptables-restore-input is probably > wrong. But since I can't see it, I can't tell you what is wrong with it. > > You can try this experiment: > > a) cd /var/lib/shorewall-lite > b) mv .iptables-restore-input bad-input > c) shorewall-lite save > d) diff -au bad-input .iptables-restore-input i try cd /var/lib/shorewall-lite/ rm -rf * .??* after that i reload from the central server and reboot but still not working:-( -- Levente "Si vis pacem para bellum!" ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
