Re: [Shorewall-users] Shorewall not starting

Sat, 29 Jul 2023 11:34:26 -0700 

On 7/29/23 15:25, Philip Le Riche via Shorewall-users wrote:
As before, this is running under Linux Mint (Ubuntu-based), and this time I installed Shorewall from the standard repository for the distro (perhaps that was my mistake?) It's failing to start on boot even though I have STARTUP_ENABLED=Yes in my shorewall.conf. 



What output do you get if you do 'systemctl status shorewall'?


I thought it was related to the fact that sshd and apache2 are also 
failing to start. This is because not all interfaces aren't up by the 
time their startup scripts run. This, in turn, seems to be because the 
16 IP address aliases on the school net NIC (NATted to local IPs of the 
Raspberry Pis) are apparently taking around 25 seconds to initialise. 
(Originally, I set these up manually but I'm now letting Shorewall do it 
by setting ADD_IP_ALIASES=Yes, now Shorewall is taking 25 seconds to 
start.)



However, I now think that's a separate problem (perhaps I could add 
/usr/share/shorewall/wait4ifup to their startup scripts) since nothing 
appears in /var/log/shorewall.init until I manually start Shorewall.




Is 'shorewall.init' a typo?


Also, I was surprised to find that /etc/systemd/system/shorewall.service 
didn't exist.



Are there any more diagnostics or fixes I can try before I try 
uninstalling shorewall as installed from the repository and reinstalling 
it using the tarball from shorewall.net? And should I include 
shorewall-init? (The network switch to which the Pis re connected might 
be switched off at the time the firewall is booted.)





You could try [1] to see if it could help you solve the race condition 
issue.


Using 'optional'[2]  might also help.


I would first try to get Shorewall going before adding shorewall-init 
into the mix!




[1] 
https://www.freedesktop.org/software/systemd/man/systemd-networkd-wait-online.service.html

[2]  https://shorewall.org/manpages/shorewall-interfaces.html

--
Matt Darfeuille <m...@shorewall.org>
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org



_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to