On 1/27/2015 5:28 PM, [email protected] wrote: > I took that as my queue to really start paying attention to what's changing > and not. > > EVERY time I compile, there's no error on the admin system. It appears to > push to the target. > > Every time I compile & push, the timestamps on the files in the target's > /var/lib/shorewall-lite/* are changing accordingly. > > But, NOT every time there's a change in timestamp are the changes actually > getting there. Just an unmodified old version -- with a new timestamp. > > Repeating the compile & push a number of times -- took as many as 10 times to > get these ping fixes to take this last time -- seems to fix the problem. > > That makes no sense to me.
Nor to me, but I've seen similar behavior with scp in the past when pushing changes to Shorewall source files. > > As a test I cleaned the /var/lib/shorewall-lite folder on the target, and > re-compiled & re-pushed on the admin. > > Now -- so far -- it works each and every time. > > I have now > > shorewall show vpn2lan > Shorewall 4.6.6.1 Chain vpn2lan at ganymede.ZZZZZZ.ZZZ - Tue Jan 27 20:23:31 > EST 2015 > > Chain vpn2lan (1 references) > pkts bytes target prot opt in out source > destination > 2 168 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 > ctstate RELATED,ESTABLISHED /* @@@ > /usr/share/shorewall/macro.Ping:13 @@@ */ > 1 84 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 > icmptype 8 /* @@@ /usr/share/shorewall/macro.Ping:13 @@@ */ > 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 > /* @@@ /etc/shorewall/ganymede.ZZZZZZ.ZZZ/IPv4/policy:16 @@@ */ > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 > /* @@@ /etc/shorewall/ganymede.ZZZZZZ.ZZZ/IPv4/policy:16 @@@ */ > LOG flags 0 level 6 prefix "Shorewall:vpn2lan:REJECT " > 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 > [goto] /* @@@ /etc/shorewall/ganymede.ZZZZZZ.ZZZ/IPv4/policy:16 > @@@ */ > > And I can ping > > SVR1 > ping 192.168.2.7 > > like I'd intended in the first place. > > I've no idea what in the target dir would prevent updates randomnly, and that > would then go away with a clean target dir. > Nor do I. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
