Hi, EDIT: I found how to work around the issue, but thought it is best to report anyway.
i've stumbled upon wierd problem regarding shorewall startup when machine is booting. This is related to bridging. I've installed KVM on CentOS 5.3 with back-ported kernel 2.6.18-92.1.22.el5.centos.plus (last CentOS 5.2 kernel). This was done to avoid kernel crashing with 5.3 kernel on AMD integrated motheboard. Following howto's, I installed bridge (brctrl-utils) br0 that has eth0 as a member. br0 has two public IP's set following "MultiISP" howto. So far I installed one KVM guest and I have set it's Public IP on virtual eth0 (on the guest system). Public IP is on the same subnet as one of KVM host's IP. Later I am going to also add public IP from other subnet existing on the host. I checked all and shorewall is nicely started using "service shorewall start/restart" commands. Problem starts when I boot/reboot the host. Since shorewall's duty is to separate routing for both subnets, it's failing to start means there is no network traffic whatsoever. When I login as local user, via the keyboard, shorewall starts nicely again. Watching booting messages, I found out WHEN and generally WHY it's not starting on boot. Problem is connected to postponed start of br0 interface (I had to add "service network restart" to /etc.rd/rc.local to have active network after the boot). Adding "service shorewall restart" in /etc.rd/rc.local after "service network restart" does not help. EDIT: I later followed http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29 and disabled NetworkManager service with chkconfig, enabled network service and commented out "service network restart" from /etc.rd/rc.local. network now starts the br0 interface, but shorewall still reports error and refuses to start. Leaving "service shorewall restart" in /etc.rd/rc.local solves the issue. Since no log shows the message I see on boot, I added "service network restart" INSIDE the /etc.rd/init.d/network after the code in it's "start" and "restart". Here is error I get after the (changed) "service network restart" and also on the boot screen (note that in this case shorewall DOES start: [r...@vmaster init.d]# service network restart Shutting down interface br0: [ OK ] Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0 [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ] Bringing up interface br0: [ OK ] Restarting shorewall: iptables-restore v1.3.5: Bad mac address `-j' Error occurred at line: 32 Try `iptables-restore -h' or 'iptables-restore --help' for more information. ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input /sbin/shorewall: line 756: 12573 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart [FAILED] Restarting shorewall: Shorewall is not running [ OK ] [r...@vmaster init.d]# service shorewall status Shorewall-4.2.7 Status at vmaster.plnet.rs - Sun Apr 19 21:51:22 CEST 2009 Shorewall is running State:Started (Sun Apr 19 21:51:10 CEST 2009) EDIT: After changes written in "EDIT" comments, and active "service shorewall restart" in /etc.rd/rc.local, everything works. Ljubomir Ljubojevic ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
