Tom Eastep escribió el 30/03/09 11:21: > Mariano Absatz wrote: > >> After a LOT of guessing and trying without any success, I simply >> restarted shorewall and everything was nice again... >> >> Now I think (I'm pretty sure, actually) that the problem is that >> shorewall is starting earlier than libvirt-bin and I suppose that since >> the tun devices used by qemu don't exist yet, then the rules are not >> generated correctly. >> >> I don't think I want to delay shorewall's startup... I want it up ASAP >> when I'm booting... but it seems I'd need to restart it after starting >> libvirt-bin... >> > > I personally would fix my Shorewall configuration so it didn't require > the restart. Unfortunately, your post gives us no information that would > let us help you with that. Please see > http://www.shorewall.net/support.htm#Guidelines. > Hi Tom,
thanx for your reply. Sorry for not having included all the required information. I now left 4 different dumps in http://ybab.net/shorewall/ Here are the commands and their output: $ sudo /sbin/shorewall version 4.2.5 $ sudo ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:1e:c9:b0:70:e2 brd ff:ff:ff:ff:ff:ff inet 94.75.244.29/26 brd 94.75.244.63 scope global eth0 inet 94.75.244.57/26 brd 94.75.244.63 scope global secondary eth0:0 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:1e:c9:b0:70:e4 brd ff:ff:ff:ff:ff:ff 4: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 26:1f:34:97:99:a4 brd ff:ff:ff:ff:ff:ff inet 10.3.14.1/24 brd 10.3.14.255 scope global vnet0 5: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether 32:40:38:8b:46:0b brd ff:ff:ff:ff:ff:ff 6: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether 26:1f:34:97:99:a4 brd ff:ff:ff:ff:ff:ff $ sudo ip route show 94.75.244.0/26 dev eth0 proto kernel scope link src 94.75.244.29 10.3.14.0/24 dev vnet0 proto kernel scope link src 10.3.14.1 default via 94.75.244.62 dev eth0 metric 100 now, on to the problem description. I bootstrap the server. It boots OK, shorewall ran and the rules are in place. I execute: $ sudo /sbin/shorewall dump > dump-00.txt I try to connect to the ssh server in the virtual machines from outside the server using the following: $ ssh -p 10017 [email protected] The connection hangs and eventually times out. While waiting for it to timeout, in the server, I execute: $ sudo /sbin/shorewall dump > dump-01.txt Then, I issue $ sudo invoke-rc.d shorewall restart to restart shorewall. I execute: $ sudo /sbin/shorewall dump > dump-10.txt I try to connect again from outside: $ ssh -p 10017 [email protected] The connection succeeds, and once again, I execute: $ sudo /sbin/shorewall dump > dump-11.txt Note that, whenever I can't connect to the virtual machine from outside, if I'm logged into the host and issue ssh [email protected] it does work OK, that is, the virtual machine is up and running and in the expected address. Let me know if there's something else you'd like me to do, and thanx again. -- Mariano Absatz - "El Baby" [email protected] www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Unix is very simple, but it takes a genius to understand the simplicity. -- Dennis Ritchie -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
