On 7/24/2018 1:38 AM, Naveen Neelakanta wrote: > Hi Tom, > > I have upgraded to the latest version of Shorewall, but I am running > into an error which I did not see with the old version. > > *#shorewall version * > *5.2.0.4* > > #shorewall restart > > Optimizing Ruleset... > Creating iptables-restore input... > Shorewall configuration compiled to /var/lib/shorewall/.restart > Stopping Shorewall.... > * ERROR: Unable to determine the routes through interface "eth5": > Firewall state not changed* > */usr/share/shorewall/lib.common: line 93: 15598 Terminated > $SHOREWALL_SHELL $script $options $@* > > Interface eth5 is configured for DHCP , but if does not have an ip. > > eth5 Link encap:Ethernet HWaddr 00:50:56:a6:72:24 > BROADCAST MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) > > #cat /etc/shorewall/conntrack > # > # Shorewall version 4 - conntrack File > # > # For information about entries in this file, type man shorewall-conntrack > # > ############################################################################################################## > ?FORMAT 3 > #ACTION SOURCE DESTINATION PROTO DEST > SOURCE USER/ SWITCH > # > PORT(S) PORT(S) GROUP > IPTABLES(CT --zone 0) eth4 - > IPTABLES(CT --zone 0):PO (0.0.0.0/0 <http://0.0.0.0/0>) eth4 > IPTABLES(CT --zone 0) eth0 - > IPTABLES(CT --zone 0):PO (0.0.0.0/0 <http://0.0.0.0/0>) eth0 > IPTABLES(CT --zone 1) eth3 - > IPTABLES(CT --zone 1):PO (0.0.0.0/0 <http://0.0.0.0/0>) eth3 > IPTABLES(CT --zone 2) eth5 - > IPTABLES(CT --zone 2):PO (0.0.0.0/0 <http://0.0.0.0/0>) eth5 > > > # cat /etc/shorewall/interfaces > #ZONE INTERFACE OPTIONS > lan eth4 detect tcpflags,nosmurfs,logmartians > lan eth0 detect tcpflags,nosmurfs,logmartians > inet eth3 detect tcpflags,nosmurfs,logmartians > inet eth5 detect tcpflags,nosmurfs,logmartians > > > Trying to understand why is the error seen with latest Shorewall and any > configuration that can help me clear the error. >
See if the 'optional' option in /etc/shorewall/interfaces helps. EG (format 2): "... eth5 dhcp,optional" http://shorewall.org/manpages/shorewall-interfaces.html Also did you run 'shorewall update'? -- Matthieu Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
