Grant wrote: >>> I get the following when trying to start shorewall: >>> >>> WARNING: Zone loc is empty >>> ERROR: Unable to determine the routes through interface "wlan0" >>> >>> My interfaces file has: >>> >>> loc wlan0 detect tcpflags,detectnets,nosmurfs >>> >>> Where do I need to look for my error? >> If you have that line in your interfaces file, then I suspect that: >> >> a) You are using shorewall-shell. > > I'm using Gentoo's /etc/init.d/shorewall.
Uh -- Please type 'shorewall version -a'. That command will tell you what version of Shorewall you are using and which Shorewall product (if you are running Shorewall 4.0 or 4.2). > >> b) That line is the last line in the file. >> c) The line is not terminated by a newline character. This causes the >> shell's 'read' built-in command to simply ignore the line. > > I re-wrote newline characters with the same result, and I do have the > commented DO NOT REMOVE line as the last line. > Does the prior line end in a comment with '\' as the last character on the line? Might be helpful if you would attached your /etc/shorewall/interfaces file. >> That's why all of the sample configuration files in older versions of >> Shorewall end in a line such as: >> >> #MUST BE LAST -- DO NOT REMOVE >> >> The ERROR (Unable to determine...) is caused by having a line such as >> this in /etc/shorewall/masq: >> >> ethX wlan0 >> >> This requires that wlan0 be up and configured when Shorewall starts. In >> particular, the command 'ip route ls dev wlan0' must succeed; if it does >> not, then you get the error you mention. > > I think something is wrong with my wlan0. I'm going to try and figure that > out. I agree. > >> In Shorewall 4.4, that entry in the masq file generates a WARNING. It is >> much preferred to replace wlan0 with the network served by wlan0 (e.g., >> 192.168.1.0/24) so that Shorewall will start even if routing is not >> configured on the interface. > > If my router's IP is 192.168.0.1, would I specify 192.168.0.0/24 as the > ADDRESS? Most likely. I suggest that you 'shorewall clear' then get communications established on your wireless network. That is a necessary first step before you try to run Shorewall. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
