headers
Andrew Zhoglo | 1 Dec 2010 13:17
Picon

Shorewall 4.4.15 error

Hello all!

I've got shorewall-4.4.15 installed and when i try restart, start, stop
or check it next error appear

linux:/etc/shorewall # shorewall trace check
Checking...
IN===> CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
Processing /etc/shorewall/params ...
   ERROR: Internal error in Shorewall::Config::get_params at
/usr/share/shorewall/Shorewall/Config.pm line 2912 at
/usr/share/shorewall/Shorewall/Config.pm line 811
	Shorewall::Config::fatal_error('Internal error in
Shorewall::Config::get_params at /usr/share...') called at
/usr/share/shorewall/Shorewall/Config.pm line 845
	Shorewall::Config::assert(0) called at
/usr/share/shorewall/Shorewall/Config.pm line 2912
	Shorewall::Config::get_params() called at
/usr/share/shorewall/Shorewall/Config.pm line 2935
	Shorewall::Config::get_configuration(0) called at
/usr/share/shorewall/Shorewall/Compiler.pm line 577
	Shorewall::Compiler::compiler('script', '', 'directory', '',
'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
/usr/share/shorewall/compiler.pl line 111

With shorewall-4.4.14 same configs work well. What is wrong?

------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
(Continue reading)

Permalink | Reply | 1 comment |
headers
Tom Eastep | 1 Dec 2010 15:27
Favicon

Re: Shorewall 4.4.15 error

On 12/1/10 4:17 AM, Andrew Zhoglo wrote:
> Hello all!
> 
> I've got shorewall-4.4.15 installed and when i try restart, start, stop
> or check it next error appear
> 
> linux:/etc/shorewall # shorewall trace check
> Checking...
> IN===> CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
> Processing /etc/shorewall/params ...
>    ERROR: Internal error in Shorewall::Config::get_params at
> /usr/share/shorewall/Shorewall/Config.pm line 2912 at
> /usr/share/shorewall/Shorewall/Config.pm line 811
> 	Shorewall::Config::fatal_error('Internal error in
> Shorewall::Config::get_params at /usr/share...') called at
> /usr/share/shorewall/Shorewall/Config.pm line 845
> 	Shorewall::Config::assert(0) called at
> /usr/share/shorewall/Shorewall/Config.pm line 2912
> 	Shorewall::Config::get_params() called at
> /usr/share/shorewall/Shorewall/Config.pm line 2935
> 	Shorewall::Config::get_configuration(0) called at
> /usr/share/shorewall/Shorewall/Compiler.pm line 577
> 	Shorewall::Compiler::compiler('script', '', 'directory', '',
> 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
> /usr/share/shorewall/compiler.pl line 111
> 
> With shorewall-4.4.14 same configs work well. What is wrong?

Please:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tom Eastep | 1 Dec 2010 16:20
Favicon

Re: Shorewall 4.4.15 error

On 12/01/2010 07:17 AM, Andrew Zhoglo wrote:
> Hello Tom!
> 
> 
> 01.12.2010 17:13, Tom Eastep пишет:
>> On 12/01/2010 06:47 AM, Andrew Zhoglo wrote:
>>> Hello Tom!
>>> Distro is opensuse-11.3 with last updates.
>>
>> Hello Andrew,
>>
>> What is the output of 'env'?

Andrew,

This is the problem:

mc=() {  . /usr/share/mc/mc-wrapper.sh
}

The Shorewall compiler is trying to parse the output of 'env' and is choking
on the above.

-Tom
--

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
(Continue reading)

Permalink | Reply | 1 comment |
headers
Tom Eastep | 1 Dec 2010 16:29
Favicon

Re: Shorewall 4.4.15 error


> 
> This is the problem:
> 
> mc=() {  . /usr/share/mc/mc-wrapper.sh
> }
> 
> The Shorewall compiler is trying to parse the output of 'env' and is choking
> on the above.

Here is a patch that turns the assertion into a warning message.

	patch /usr/share/shorewall/Shorewall/Config.pm < ENV.patch

-Tom
--

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 7a34688..41ae8cc 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
 <at>  <at>  -2909,7 +2909,7  <at>  <at>  sub get_params() {
 	    if ( /^(.*?)=(.*)$/ ) {
 		$params{$1} = $2 unless $1 eq '_';
 	    } else {
(Continue reading)

Permalink | Reply | 0 comments |
headers
Orlandinei Vujanski | 1 Dec 2010 18:32
Picon

Problem FORWARD VPN IPSEC

Good afternoon Tom,
I have problems to release an IPSEC VPN.
This generates the error below, how to resolve?

eth0 = loc
eth2 = net

Shorewall:FORWARD:DROP:IN=eth0 OUT=eth2 SRC=172.25.1.193 DST=200.228.200.90

 

Thanks 

------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
Permalink | Reply | 3 comments |
headers
Tom Eastep | 1 Dec 2010 18:37
Favicon

Re: Problem FORWARD VPN IPSEC

On 12/1/10 9:32 AM, Orlandinei Vujanski wrote:
> Good afternoon Tom,
> I have problems to release an IPSEC VPN.
> This generates the error below, how to resolve?
> 
> eth0 = loc
> eth2 = net
> 
> */_Shorewall:FORWARD:DROP:IN=eth0 OUT=eth2 SRC=172.25.1.193
> DST=200.228.200.90_/*

It looks like you have not followed the instructions in
http://www.shorewall.net/IPSEC-2.6.html. Without proper documentation,
we can't possibly help you further. Please see
http://www.shorewall.net/support.htm#Guidelines.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________


------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
Permalink | Reply | 2 comments |
headers
Orlandinei Vujanski | 1 Dec 2010 19:19
Picon

Re: Problem FORWARD VPN IPSEC

Not thinking about ipsec, but only in error. How can I resolve this error FORWARD local network to the Internet?

Thanks

 

 


2010/12/1 Tom Eastep <teastep <at> shorewall.net>
On 12/1/10 9:32 AM, Orlandinei Vujanski wrote:
> Good afternoon Tom,
> I have problems to release an IPSEC VPN.
> This generates the error below, how to resolve?
>
> eth0 = loc
> eth2 = net
>
> */_Shorewall:FORWARD:DROP:IN=eth0 OUT=eth2 SRC=172.25.1.193
> DST=200.228.200.90_/*

It looks like you have not followed the instructions in
http://www.shorewall.net/IPSEC-2.6.html. Without proper documentation,
we can't possibly help you further. Please see
http://www.shorewall.net/support.htm#Guidelines.

-Tom
--
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________


------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
Permalink | Reply | 1 comment |
headers
Tom Eastep | 1 Dec 2010 19:52
Favicon

Re: Problem FORWARD VPN IPSEC

On 12/1/10 10:19 AM, Orlandinei Vujanski wrote:
> Not thinking about ipsec, but only in error. How can I resolve this
> error FORWARD local network to the Internet?

See shorewall FAQ 17. When traffic is dropped in the FORWARD, INPUT or
OUTPUT chain, it means that either the source IP or the destination IP
is not in any defined zone (see the output of 'shorewall show zones').
Note that this can be a result of an IPSEC tunnel being configured on
the Shorewall box and the forwarded traffic having gone through the tunnel!

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________


------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
Permalink | Reply | 0 comments |
headers
Orlandinei Vujanski | 1 Dec 2010 19:55
Picon

Help

How to put the following rules in shorewall?
 
iptables -I INPUT -d 172.25.5.192/28 -j ACCEPT

iptables -I OUTPUT -d 172.25.5.192/28 -j ACCEPT

iptables -I FORWARD -d 172.25.5.192/28 -j ACCEPT

 

iptables -I INPUT -s 172.25.5.192/28 -j ACCEPT

iptables -I OUTPUT -s 172.25.5.192/28 -j ACCEPT

iptables -I FORWARD -s 172.25.5.192/28 -j ACCEPT

 

thanks

------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
Permalink | Reply | 5 comments |
headers
Tom Eastep | 1 Dec 2010 20:27
Favicon

Re: Help

On 12/1/10 10:55 AM, Orlandinei Vujanski wrote:
> How to put the following rules in shorewall?
>  
> iptables -I INPUT -d 172.25.5.192/28 <http://172.25.5.192/28> -j ACCEPT
> 
> iptables -I OUTPUT -d 172.25.5.192/28 <http://172.25.5.192/28> -j ACCEPT
> 
> iptables -I FORWARD -d 172.25.5.192/28 <http://172.25.5.192/28> -j ACCEPT
> 
>  
> 
> iptables -I INPUT -s 172.25.5.192/28 <http://172.25.5.192/28> -j ACCEPT
> 
> iptables -I OUTPUT -s 172.25.5.192/28 <http://172.25.5.192/28> -j ACCEPT
> 
> iptables -I FORWARD -s 172.25.5.192/28 <http://172.25.5.192/28> -j ACCEPT

1) Uninstall Shorewall.
2) Type those commands at a root shell prompt.

If you followed the proper Shorewall QuickStart Guide
(http://www.shorewall.net/shorewall_quickstart_guide.htm -- you probably
want the two-interface version), then you should have a firewall that
will not produce the log messages that you are seeing. Given that you
*are* seeing those messages, you have done something wrong. If you will
forward us the documentation we ask for (THE OUTPUT OF 'shorewall
dump'!!!!!!!!!), we will try to help you. Otherwise, you are just
wasting your time and ours.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________


------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
Permalink | Reply | 4 comments |

Gmane