Grant wrote: >>>>> I get the following when trying to start shorewall: >>>>> >>>>> WARNING: Zone loc is empty >>>>> ERROR: Unable to determine the routes through interface "wlan0" >>>>> >>>>> My interfaces file has: >>>>> >>>>> loc wlan0 detect tcpflags,detectnets,nosmurfs >>>>> >>>>> Where do I need to look for my error? > > I'm having another crack at this. > >>>> If you have that line in your interfaces file, then I suspect that: >>>> >>>> a) You are using shorewall-shell. >>> I'm using Gentoo's /etc/init.d/shorewall. >> Uh -- Please type 'shorewall version -a'. That command will tell you >> what version of Shorewall you are using and which Shorewall product (if >> you are running Shorewall 4.0 or 4.2). > > # shorewall version -a > 3.4.8 >
I really recommend that you upgrade. 3.4.8 was the last 3.x release and, as such, is based on Shorewall-shell. It is slow and buggy. >>>> b) That line is the last line in the file. >>>> c) The line is not terminated by a newline character. This causes the >>>> shell's 'read' built-in command to simply ignore the line. >>> I re-wrote newline characters with the same result, and I do have the >>> commented DO NOT REMOVE line as the last line. >>> >> Does the prior line end in a comment with '\' as the last character on >> the line? Might be helpful if you would attached your >> /etc/shorewall/interfaces file. > > #ZONE INTERFACE BROADCAST OPTIONS > net eth0 detect > tcpflags,routefilter,nosmurfs,logmartians > loc wlan0 detect tcpflags,detectnets,nosmurfs > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > >>>> That's why all of the sample configuration files in older versions of >>>> Shorewall end in a line such as: >>>> >>>> #MUST BE LAST -- DO NOT REMOVE >>>> >>>> The ERROR (Unable to determine...) is caused by having a line such as >>>> this in /etc/shorewall/masq: >>>> >>>> ethX wlan0 >>>> >>>> This requires that wlan0 be up and configured when Shorewall starts. In >>>> particular, the command 'ip route ls dev wlan0' must succeed; if it does >>>> not, then you get the error you mention. > > # ip route ls dev wlan0 > # /etc/init.d/shorewall restart > * Restarting firewall ... > WARNING: Zone loc is empty > Shorewall is not running > ERROR: Unable to determine the routes through interface "wlan0" You appear to have no IP configuration on wlan0 yet you have defined it as an interface to Shorewall and have specified 'detectnets'. I recommend that you: a) Configure the interface; and b) Don't use 'detectnets' in your configuration; that option doesn't exist in later versions of the product. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
