From: Tom E. <te...@sh...> - 2007-10-05 19:44:34
|
John K. Hohm wrote: > + run_iptables -A net2vhra -p tcp -d 10.1.1.100 --dport 80 -m conntrack= --ctorigdst 216.132.159.100 -j ACCEPT > + [ -n ] > + /sbin/iptables -A net2vhra -p tcp -d 10.1.1.100 --dport 80 -m conntra= ck --ctorigdst 216.132.159.100 -j ACCEPT > iptables: Unknown error -1 > + [ 1 -ne 0 ] > + error_message ERROR: Command "/sbin/iptables -A net2vhra -p tcp -d 10= =2E1.1.100 --dport 80 -m conntrack --ctorigdst 216.132.159.100 -j ACCEPT"= Failed > + echo ERROR: Command "/sbin/iptables -A net2vhra -p tcp -d 10.1.1.1= 00 --dport 80 -m conntrack --ctorigdst 216.132.159.100 -j ACCEPT" Failed > ERROR: Command "/sbin/iptables -A net2vhra -p tcp -d 10.1.1.100 --dp= ort 80 -m conntrack --ctorigdst 216.132.159.100 -j ACCEPT" Failed > + stop_firewall > + set +x > Terminated If you don't find anything helpful in your log, you might try changing CONNTRACK_MATCH=3DYes to CONNTRACK_MATCH=3D in your capabilities file. -Tom --=20 Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |