Hi Tom,
I have upgraded to the latest version of Shorewall, but I am running into
an error which I did not see with the old version.
*#shorewall version *
*5.2.0.4*
#shorewall restart
Optimizing Ruleset...
Creating iptables-restore input...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Stopping Shorewall....
* ERROR: Unable to determine the routes through interface "eth5":
Firewall state not changed*
*/usr/share/shorewall/lib.common: line 93: 15598 Terminated
$SHOREWALL_SHELL $script $options $@*
Interface eth5 is configured for DHCP , but if does not have an ip.
eth5 Link encap:Ethernet HWaddr 00:50:56:a6:72:24
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
#cat /etc/shorewall/conntrack
#
# Shorewall version 4 - conntrack File
#
# For information about entries in this file, type man shorewall-conntrack
#
##############################################################################################################
?FORMAT 3
#ACTION SOURCE DESTINATION PROTO DEST
SOURCE USER/ SWITCH
# PORT(S)
PORT(S) GROUP
IPTABLES(CT --zone 0) eth4 -
IPTABLES(CT --zone 0):PO (0.0.0.0/0) eth4
IPTABLES(CT --zone 0) eth0 -
IPTABLES(CT --zone 0):PO (0.0.0.0/0) eth0
IPTABLES(CT --zone 1) eth3 -
IPTABLES(CT --zone 1):PO (0.0.0.0/0) eth3
IPTABLES(CT --zone 2) eth5 -
IPTABLES(CT --zone 2):PO (0.0.0.0/0) eth5
# cat /etc/shorewall/interfaces
#ZONE INTERFACE OPTIONS
lan eth4 detect tcpflags,nosmurfs,logmartians
lan eth0 detect tcpflags,nosmurfs,logmartians
inet eth3 detect tcpflags,nosmurfs,logmartians
inet eth5 detect tcpflags,nosmurfs,logmartians
Trying to understand why is the error seen with latest Shorewall and any
configuration that can help me clear the error.
Thanks,
Naveen
On Tue, Jul 17, 2018 at 8:43 AM, Tom Eastep <teas...@shorewall.net> wrote:
> On 07/16/2018 02:20 PM, Naveen Neelakanta wrote:
> > Hi Tom ,
> >
> > I tried adding the command, however, my Shorewall is unable to recognize
> > the iptables command. I get the below error, I am using the
> > version *4.6.0.3.*
> >
> > *IPTABLES(CT --zone 1) eth3 -*
> >
> > # shorewall restart
> >
> > Compiling...
> > Processing /etc/shorewall/params ...
> > Processing /etc/shorewall/shorewall.conf...
> > Loading Modules...
> > Compiling /etc/shorewall/zones...
> > Compiling /etc/shorewall/interfaces...
> > Compiling /etc/shorewall/hosts...
> > Determining Hosts in Zones...
> > Locating Action Files...
> > Compiling /etc/shorewall/policy...
> > Running /etc/shorewall/initdone...
> > Adding Anti-smurf Rules
> > Compiling TCP Flags filtering...
> > Compiling Kernel Route Filtering...
> > Compiling Martian Logging...
> > Compiling /etc/shorewall/masq...
> > Compiling MAC Filtration -- Phase 1...
> > Compiling /etc/shorewall/rules...
> > Compiling /etc/shorewall/conntrack...
> > *ERROR: Invalid conntrack ACTION ( IPTABLES(CT --zone 1) )
> > /etc/shorewall/conntrack (line 24)*
> >
>
> You are running a very old (and no longer supported) release. The only
> way to do what you want with that release is through commands in
> /etc/shorewall/start.
>
> -Tom
> --
> Tom Eastep \ Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.org \ understand
> \_______________________________________________
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
