Hi Joe, I'm not sure which version you are upgrading to but since you mentioned xorpsh, I am assuming VC3?
If so, the issue is probably the : and "" on the firewall port-number and port-name nodes. If you edit your config.boot file and remove the : and "" from the port-name and port-number settings in the firewall portion of your config, you should be able to load the config in the new version. See the following Bugzilla reports for more information: https://bugzilla.vyatta.com/show_bug.cgi?id=2573 https://bugzilla.vyatta.com/show_bug.cgi?id=2637 Thank you, Robyn Joe Pub wrote: > Hi All, > > I have recently done a live upgrade of vyatta to make sure everything > was up to date. I saved the config.boot file just in case. After the > reboot the loaded config was lost (not sure if this is by design on an > upgrade). So I am now trying to load the config file from the ofr > over tftp. > > Now the first problem was this, it failed to parse the config file on > a firewall rule (which worked before the upgrade) > > which was this. > > rule 9 { > protocol: "tcp" > action: "accept" > log: "disable" > destination { > address: 192.168.10.2 > port-number: 1723 > } > } > > it was complaining about the port number. So I removed this rule out > of the config file and tried to reaload it with this version. > > protocols { > ospf4 { > router-id: 10.1.1.3 > rfc1583-compatibility: false > ip-router-alert: false > area 0.0.0.0 { > area-type: "normal" > interface eth0 { > link-type: "broadcast" > address 172.20.1.253 { > priority: 128 > hello-interval: 10 > router-dead-interval: 40 > interface-cost: 1 > retransmit-interval: 5 > transit-delay: 1 > passive: false > disable: false > } > } > interface lo { > link-type: "broadcast" > address 10.1.1.3 { > priority: 128 > hello-interval: 10 > router-dead-interval: 40 > interface-cost: 1 > retransmit-interval: 5 > transit-delay: 1 > passive: false > disable: false > } > } > } > export: "static-to-OSPF" > } > static { > disable: false > route 0.0.0.0/0 { > next-hop: x.x.x.30 > metric: 1 > } > } > } > policy { > policy-statement "static-to-OSPF" { > term 1 { > from { > protocol: "static" > } > then { > action: "accept" > } > } > } > } > interfaces { > restore: false > loopback lo { > description: "" > address 10.1.1.3 { > prefix-length: 32 > disable: false > } > } > ethernet eth1 { > disable: false > discard: false > description: "" > hw-id: 00:50:56:a8:29:60 > duplex: "auto" > speed: "auto" > address x.x.x.29 { > prefix-length: 27 > disable: false > } > address x.x.x.3 { > prefix-length: 27 > disable: false > } > address x.x.x.2 { > prefix-length: 27 > disable: false > } > firewall { > in { > name: "DMZ_IN" > } > } > } > ethernet eth0 { > disable: false > discard: false > description: "" > hw-id: 00:50:56:a8:34:ec > duplex: "auto" > speed: "auto" > address 172.20.1.253 { > prefix-length: 23 > disable: false > } > vrrp { > vrrp-group: 100 > virtual-address: 172.20.1.254 > authentication: "xxxxxx" > advertise-interval: 1 > preempt: true > priority: 1 > } > } > } > service { > nat { > rule 2 { > type: "source" > inbound-interface: "eth0" > outbound-interface: "eth1" > protocols: "all" > source { > address: "172.20.0.1" > } > destination { > network: "0.0.0.0/0" > } > outside-address { > address: x.x.x.2 > } > } > rule 3 { > type: "destination" > inbound-interface: "eth1" > outbound-interface: "eth0" > protocols: "all" > source { > network: "0.0.0.0/0" > } > destination { > address: "x.x.x.2" > } > inside-address { > address: 172.20.0.1 > } > } > rule 4 { > type: "source" > inbound-interface: "eth0" > outbound-interface: "eth1" > protocols: "tcp" > source { > address: "192.168.10.5" > } > destination { > network: "0.0.0.0/0" > } > outside-address { > address: x.x.x.3 > } > } > rule 5 { > type: "destination" > inbound-interface: "eth1" > outbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "x.x.x.3" > port-number 25 > } > inside-address { > address: 192.168.10.5 > port-number: 25 > } > } > rule 6 { > type: "destination" > inbound-interface: "eth1" > outbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "x.x.x.3" > port-number 80 > } > inside-address { > address: 192.168.10.5 > port-number: 80 > } > } > rule 7 { > type: "destination" > inbound-interface: "eth1" > outbound-interface: "eth0" > protocols: "tcp" > source { > network: "0.0.0.0/0" > } > destination { > address: "x.x.x.3" > port-name https > } > inside-address { > address: 192.168.10.5 > port-number: 443 > } > } > rule 8 { > type: "destination" > inbound-interface: "eth1" > outbound-interface: "eth0" > protocols: "tcp" > destination { > address: "x.x.x.29" > port-number 1723 > } > inside-address { > address: 192.168.10.2 > port-number: 1723 > } > } > rule 9 { > type: "source" > inbound-interface: "eth0" > outbound-interface: "eth1" > protocols: "tcp" > source { > address: "192.168.10.2" > port-number 1723 > } > outside-address { > address: x.x.x.29 > port-number: 1723 > } > } > rule 10 { > type: "destination" > inbound-interface: "eth1" > outbound-interface: "eth0" > protocols: "gre" > destination { > address: "x.x.x.29" > } > inside-address { > address: 192.168.10.2 > } > } > rule 1023 { > type: "masquerade" > outbound-interface: "eth1" > source { > network: "192.168.10.0/23" > } > } > rule 1024 { > type: "masquerade" > outbound-interface: "eth1" > source { > network: "172.20.0.0/23" > } > } > } > webgui { > http-port: 80 > https-port: 443 > } > } > firewall { > log-martians: "enable" > send-redirects: "disable" > receive-redirects: "disable" > ip-src-route: "disable" > broadcast-ping: "disable" > syn-cookies: "enable" > name "DMZ_IN" { > description: "Input packet from public network into DMZ" > rule 1 { > protocol: "udp" > action: "accept" > log: "disable" > source { > port-name: "domain" > } > } > rule 2 { > protocol: "icmp" > action: "accept" > log: "disable" > } > rule 3 { > protocol: "udp" > action: "accept" > log: "disable" > destination { > port-name: "domain" > } > } > rule 4 { > protocol: "tcp" > action: "accept" > log: "disable" > source { > port-name: "domain" > } > } > rule 5 { > protocol: "tcp" > state { > established: "enable" > } > action: "accept" > log: "disable" > } > rule 6 { > protocol: "tcp" > action: "accept" > log: "disable" > destination { > address: 192.168.10.5 > port-name: "smtp" > } > } > rule 7 { > protocol: "tcp" > action: "accept" > log: "disable" > destination { > port-name: "http" > } > } > rule 8 { > protocol: "tcp" > action: "accept" > log: "disable" > destination { > port-name: "https" > } > } > rule 9 { > protocol: "gre" > action: "accept" > log: "disable" > destination { > address: 192.168.10.2 > } > } > rule 10 { > protocol: "tcp" > action: "accept" > log: "disable" > destination { > port-range { > start: 20 > stop: 21 > } > } > } > } > } > > > but it fails to load. the xorpsh process shot up to 100% cpu and did > not load the config. The shell just sits there with [edit] showing > and does not return me back to the shell. I have to press Ctrl-C to > abort the operation. When I then exit configuration mode I get the > message > > Finder disconnected. No Finder? > > Does anyone have any idea why this could be? > Thanks > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
