From: Joshua B. <l0...@ya...> - 2004-01-24 22:56:16
|
I installed some new kernel sources and I cant figure out whats happening here. I've been at this all day long. I can boot into my old kernel sources and Shorewall starts up fine. I boot into my new kernel sources with nearly identical kernel menu-configuration and Shorewall will not start. I don't think this is a Shorewall problem but I can't seem to pinpoint what I need to do to get Shorewall working again. Shorewall Works when using kernel sources 2.4.20-gentoo-r7 Doesn't with kenrel sources 2.4.22-gentoo-r5 with nearly identical kernel configs. I can verify that the Net-Filter portions are infact identical between the 2 kernel tree's. On bootup I see: Starting IP Tables /sbin/rc Invalid agrument line 526 1913 termintated sbin/shorewall start/dev/null I don'f find any usefull info on Shorewall or Google on this..that I can understand. root@fusion1 jbanks # shorewall version 1.4.7c ************************************************************************************* "Make a note of the error message that you see." root@fusion1 jbanks # shorewall start Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Starting Shorewall... Loading Modules... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Not available ******** This obviously isn't good. Determining Zones... Zones: net loc Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: eth0:0.0.0.0/0 Local Zone: eth1:0.0.0.0/0 Processing /etc/shorewall/init ... Deleting user chains... Setting up Accounting... Setting up User Sets... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Adding Common Rules Adding rules for DHCP IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/rules... Rule "ACCEPT fw net tcp 53" added. Rule "ACCEPT fw net udp 53" added. Rule "ACCEPT loc fw udp 53" added. Rule "ACCEPT loc fw tcp 22" added. Rule "ACCEPT loc fw icmp 8" added. Rule "ACCEPT net fw icmp 8" added. Rule "ACCEPT fw loc icmp 8" added. Rule "ACCEPT fw net icmp 8" added. Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy REJECT for fw to loc using chain all2all Policy DROP for net to fw using chain net2all Policy REJECT for loc to fw using chain all2all Policy ACCEPT for loc to net using chain loc2net Masqueraded Subnets and Hosts: iptables: Invalid argument ********************* Not sure if the above is causing this output?? Processing /etc/shorewall/stop ... Processing /etc/shorewall/stopped ... Terminated ************************************************************************ Here's the tail end of the /tmp/trace.. ++ echo eth0_masq + chain=eth0_masq + source=eth1 ++ get_routed_subnets eth1 ++ local address ++ local rest ++ ip route show dev eth1 ++ read address rest ++ '[' x192.168.2.0/24 = xdefault ']' ++ '[' 192.168.2.0/24 = 192.168.2.0 ']' ++ echo 192.168.2.0/24 ++ read address rest + subnets=192.168.2.0/24 + '[' -z 192.168.2.0/24 ']' + subnet=192.168.2.0/24 + '[' -n '' -a -n '' ']' + destination=0.0.0.0/0 + '[' -n '' ']' + destnet=-d 0.0.0.0/0 + '[' -n '' ']' + '[' -n 192.168.2.0/24 ']' + '[' -n '' ']' + addnatrule eth0_masq -s 192.168.2.0/24 -d 0.0.0.0/0 -j MASQUERADE + ensurenatchain eth0_masq + havenatchain eth0_masq + eval test '"$eth0_masq_nat_exists"' = Yes ++ test '' = Yes + createnatchain eth0_masq + run_iptables -t nat -N eth0_masq + iptables -t nat -N eth0_masq + eval eth0_masq_nat_exists=Yes ++ eth0_masq_nat_exists=Yes + run_iptables2 -t nat -A eth0_masq -s 192.168.2.0/24 -d 0.0.0.0/0 -j MASQUERADE + '[' 'x-t nat -A eth0_masq -s 192.168.2.0/24 -d 0.0.0.0/0 -j MASQUERADE' = 'x-t nat -A eth0_masq -s 192.168.2.0/24 -d 0.0.0. 0/0 -j MASQUERADE' ']' + run_iptables -t nat -A eth0_masq -s 192.168.2.0/24 -d 0.0.0.0/0 -j MASQUERADE + iptables -t nat -A eth0_masq -s 192.168.2.0/24 -d 0.0.0.0/0 -j MASQUERADE iptables: Invalid argument + '[' -z '' ']' + stop_firewall + set +x The only other thing that I haven't done is remerged "iproute". Doing that in 30 minutes. Any clues as to what is possibly going on here or how I can proceed? Is there any other needed info that will help in diagnosing what the problem is? I will send if need be.. I thought this was enough though.. Thanks, Joshua Banks __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ |