Hi,
I am moving my old Shorewall configuration to a new box with new
version of Shorewall.
Unfortunately I have a problem starting it if I keep the "ULOG"
parameter in the following line of rules file.
>>
REDIRECT:ULOG wall 82 tcp 80
>>
If I remove the ":ULOG" from that line, Shorewall starts successfully.
I am attachig the start trace "shorewall -vv start" output to this email.
The given error is :
iptables v1.3.5: Need TCP or UDP with port specification
Try `iptables -h' or 'iptables --help' for more information.
ERROR: Command "/sbin/iptables -A log0 -j REDIRECT --to-port 82" Failed
What is the problem ?
Thanks.
[trixbox1.localdomain etc]# shorewall -vv restart
Compiling...
Processing /etc/shorewall/params ...
Loading Modules...
WARNING: RFC1918_LOG_LEVEL=ULOG ignored. The 'norfc1918' interface/host
option is no longer supported
Shorewall has detected the following capabilities:
Address Type Match: Available
CLASSIFY Target: Available
CONNMARK Target: Available
Capability Version: 4.3.10
Comments: Available
Connection Tracking Match: Available
Connlimit Match: Not Available
Connmark Match: Available
Extended CONNMARK Target: Available
Extended Connection Tracking Match: Not Available
Extended Connmark Match: Available
Extended Mark Target: Available
Extended Multi-port Match: Available
Extended Reject: Not Available
Goto Support: Available
Hashlimit Match: Not Available
Helper Match: Available
IP Range Match: Not Available
IPMARK Target: Not Available
IPP2P Match: Not Available
Ipset Match: Not Available
LOG Target: Available
LOGMARK Target: Not Available
MARK Target: Available
Mangle FORWARD Chain: Available
Multi-port Match: Available
NAT: Available
NFQUEUE Target: Available
Old IPP2P Match Syntax: Not Available
Old conntrack match syntax: Not Available
Owner Match: Not Available
Packet Mangling: Available
Packet Type Match: Available
Packet length Match: Available
Physdev Match: Available
Physdev-is-bridged support: Available
Policy Match: Available
Raw Table: Available
Realm Match: Available
Recent Match: Not Available
Repeat match: Not Available
TCPMSS Match: Available
Time Match: Not Available
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Interface "lan br0 detect dhcp,routeback" Validated
Interface "wan ppp0 detect dhcp" Validated
Interface "wan tun0 detect" Validated
Interface "lan eth1 detect dhcp,routeback" Validated
Interface "lan eth3 detect dhcp,routeback" Validated
Determining Hosts in Zones...
walx (ipv4)
WARNING: *** walx is an EMPTY ZONE ***
wall (ipv4)
WARNING: *** wall is an EMPTY ZONE ***
fire (firewall)
wan (ipv4)
ppp0:0.0.0.0/0
tun0:0.0.0.0/0
lan (ipv4)
br0:0.0.0.0/0
eth1:0.0.0.0/0
eth3:0.0.0.0/0
Preprocessing Action Files...
Pre-processing /usr/share/shorewall/action.Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro /usr/share/shorewall/macro.Auth
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro /usr/share/shorewall/macro.AllowICMPs
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro /usr/share/shorewall/macro.SMB
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro /usr/share/shorewall/macro.DropUPnP
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro /usr/share/shorewall/macro.DropDNSrep
Pre-processing /usr/share/shorewall/action.Reject...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro /usr/share/shorewall/macro.Auth
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro /usr/share/shorewall/macro.SMB
Compiling /etc/shorewall/policy...
Policy for fire to wall is REJECT using chain fire2wall
Policy for lan to wall is REJECT using chain lan2wall
Policy for wan to wall is REJECT using chain wan2wall
Policy for wall to wan is REJECT using chain wall2wan
Policy for wall to lan is REJECT using chain wall2lan
Policy for wall to fire is REJECT using chain wall2fire
Policy for wan to lan is ACCEPT using chain wan2lan
Policy for lan to wan is ACCEPT using chain lan2wan
Policy for fire to wan is ACCEPT using chain fire2wan
Policy for fire to lan is ACCEPT using chain fire2lan
Policy for wan to fire is REJECT using chain wan2fire
Policy for lan to fire is ACCEPT using chain lan2fire
Processing /etc/shorewall/initdone...
Adding rules for DHCP
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/masq...
WARNING: Using an interface as the masq SOURCE requires the interface to be
up and configured when Shorewall starts/restarts : /etc/shorewall/masq (line 11)
Masq record "ppp0 br0" Compiled
Masq record "tun0 br0" Compiled
Masq record "eth1 br0" Compiled
Masq record "eth3 br0" Compiled
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Rule "ACCEPT walx wan tcp 80" Compiled
Rule "REDIRECT:ULOG wall 82 tcp 80" Compiled
Rule "ACCEPT:ULOG wall fire:192.168.5.254 udp 53" Compiled
Rule "ACCEPT wan fire tcp 3003" Compiled
Rule "ACCEPT wan fire udp 5060" Compiled
Rule "ACCEPT wan fire udp 32300:33000" Compiled
Rule "ACCEPT wan fire tcp 8080" Compiled
Rule "DNAT wan lan:192.168.254.20 tcp 63639" Compiled
Rule "DNAT wan lan:192.168.254.20 udp 63639" Compiled
Rule "DNAT wan lan:192.168.254.20 tcp 8088" Compiled
Rule "DNAT wan lan:192.168.254.20 tcp 8883" Compiled
Rule "DNAT wan lan:192.168.254.1 tcp 1001:1002" Compiled
Rule "DNAT wan lan:192.168.254.1 udp 1001:1002" Compiled
Rule "DNAT wan lan:192.168.254.1 tcp 63630" Compiled
Rule "DNAT wan lan:192.168.254.1 udp 63630" Compiled
Rule "DNAT wan lan:192.168.254.3 tcp 1901:1902" Compiled
Rule "DNAT wan lan:192.168.254.3 udp 1901:1902" Compiled
Rule "DNAT wan lan:192.168.254.3 tcp 22:24" Compiled
Rule "DNAT wan lan:192.168.254.3 tcp 53" Compiled
Rule "DNAT wan lan:192.168.254.3 udp 53" Compiled
Rule "DNAT wan lan:192.168.254.3 tcp 63636" Compiled
Rule "DNAT wan lan:192.168.254.3 udp 63636" Compiled
Rule "DNAT wan lan:192.168.254.2 tcp 2499" Compiled
Rule "DNAT wan lan:192.168.254.2 udp 2499" Compiled
Rule "DNAT wan:195.87.232.68 lan:192.168.254.25:80 tcp 80" Compiled
Rule "DNAT wan:195.87.232.68 lan:192.168.254.25:554 udp 554" Compiled
Rule "DNAT wan:195.87.232.68 lan:192.168.254.25:554 tcp 554" Compiled
Rule "DNAT wan:193.243.207.122 lan:192.168.254.25:80 tcp 80" Compiled
Rule "DNAT wan:81.8.58.40 lan:192.168.254.25:80 tcp 80" Compiled
Rule "DNAT wan:81.8.58.40 lan:192.168.254.25:554 udp 554" Compiled
Rule "DNAT wan:81.8.58.40 lan:192.168.254.25:554 tcp 554" Compiled
Rule "DNAT wan:81.8.58.40 lan:192.168.254.25:8554 udp 8554" Compiled
Rule "DNAT wan:81.8.58.40 lan:192.168.254.25:8554 tcp 8554" Compiled
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Processing /usr/share/shorewall/action.Drop for chain Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Policy CONTINUE from walx to wan using chain walx2wan
Policy REJECT from wall to fire using chain wall2fire
Policy REJECT from wall to wan using chain wall2wan
Policy REJECT from wall to lan using chain wall2lan
Policy REJECT from fire to wall using chain fire2wall
Policy ACCEPT from fire to wan using chain fire2wan
Policy ACCEPT from fire to lan using chain fire2lan
Policy CONTINUE from wan to walx using chain wan2walx
Policy REJECT from wan to wall using chain wan2wall
Policy REJECT from wan to fire using chain wan2fire
Policy ACCEPT from wan to wan using chain wan2wan
Policy ACCEPT from wan to lan using chain wan2lan
Policy REJECT from lan to wall using chain lan2wall
Policy ACCEPT from lan to fire using chain lan2fire
Policy ACCEPT from lan to wan using chain lan2wan
Policy ACCEPT from lan to lan using chain lan2lan
Compiling /etc/shorewall/accounting...
Generating Rule Matrix...
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Processing /etc/shorewall/params ...
Restarting Shorewall....
Initializing...
Loading Modules...
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
iptables-restore v1.3.5: Need TCP or UDP with port specification
Error occurred at line: 30
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
ERROR: iptables-restore Failed. Input is in
/var/lib/shorewall/.iptables-restore-input
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/tcclear ...
Running /sbin/iptables-restore...
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped ...
/sbin/shorewall: line 782: 5920 Terminated $SHOREWALL_SHELL
${VARDIR}/.restart $debugging restart------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
