On 09/22/2012 08:17 AM, Tom Eastep wrote: > On 09/22/2012 07:57 AM, Tom Eastep wrote: >> On 09/21/2012 07:57 PM, Tarqi Kazan wrote: >>> Wow, >>> >>> why so rude? I just try to help and to understand what's going on. >>> >>> So if it's autoloaded because of my config: >>> >>> I am not using snmp, sip or anything, so I haven't configured this. It's all >>> based on the 2 gateway example. I even don't know what's "Amanda". >>> >>> I also could have stopped to investigate after I found my problem, but I >>> thought it may be a good thing for you, that I dig deeper. If you don't like >>> that people trying contribute, simply close the mailing-list. >>> >> >> I apologize, Tarqi. I realized when I woke up this morning that you may >> be running into the changes I made to support kernel 3.5 and later. >> >> Let's go back to one of your previous posts: >> >>> I did the following: >>> - copied "helpers" to /etc/shorewall AND commented out the modules >>> - set strongwall.conf "AUTOHELPERS" to "No" >>> - set strongwall.conf "LOAD_HELPERS_ONLY" to "Yes" >>> - set strongwall.conf "HELPERS" to "" >>> >> >> Even with LOAD_HELPERS_ONLY=Yes, the compiler is unconditionally >> checking for the presence of all of the application helpers. It is >> checking by running iptables commands that will autoload each of the >> helper modules. >> >> You can avoid this behaviour by creating a capabilities file: >> >> shorewall show -f capabilities > /etc/shorewall/capabilities >> >> Now, if you reboot, only the modules that you actually use will be loaded. >> >> Back to your original problem, did you have AUTOHELPERS=No all along? >> With AUTOHELPERS=No on a 3.5 kernel, unless you have specifically >> modified /etc/shorewall/conntrack to associate the PPTP helper with TCP >> port 1729, the behaviour of the system should be the same as if you >> hadn't loaded the module at all. >> >> If it is not, then we need to investigate further. > > > Here is a lightly-tested patch that does not probe the helpers when > LOAD_HELPERS_ONLY=Yes.
I also noticed this morning that the released 'conntrack' files are incorrect; they specify 1729 as the PPTP control port rather than 1723. This prevents the PPTP helpers from working correctly on Kernel 3.5. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
