Re: [Shorewall-users] shorewall-lite start gives iptables-restore failure

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

John K. Hohm wrote:

> + run_iptables -A net2vhra -p tcp -d 10.1.1.100 --dport 80 -m conntrack=
 --ctorigdst 216.132.159.100 -j ACCEPT
> + [ -n  ]
> + /sbin/iptables -A net2vhra -p tcp -d 10.1.1.100 --dport 80 -m conntra=
ck --ctorigdst 216.132.159.100 -j ACCEPT
> iptables: Unknown error -1
> + [ 1 -ne 0 ]
> + error_message ERROR: Command "/sbin/iptables -A net2vhra -p tcp -d 10=
=2E1.1.100 --dport 80 -m conntrack --ctorigdst 216.132.159.100 -j ACCEPT"=
 Failed
> + echo    ERROR: Command "/sbin/iptables -A net2vhra -p tcp -d 10.1.1.1=
00 --dport 80 -m conntrack --ctorigdst 216.132.159.100 -j ACCEPT" Failed
>    ERROR: Command "/sbin/iptables -A net2vhra -p tcp -d 10.1.1.100 --dp=
ort 80 -m conntrack --ctorigdst 216.132.159.100 -j ACCEPT" Failed
> + stop_firewall
> + set +x
> Terminated

If you don't find anything helpful in your log, you might try changing

CONNTRACK_MATCH=3DYes

to

CONNTRACK_MATCH=3D

in your capabilities file.

-Tom
--=20
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ te...@sh...
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key