Изпечатай

[eka]

Shorewall не се стартира при зареждането,но се стартира от "Контролния център" и от Конзола.

Код:

[root@localhost ~]# shorewall -vv restart
Compiling...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.8
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Flow Classifier: Not Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.38
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   TPROXY Target: Available
   Time Match: Available
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
   Interface "net eth0 detect" Validated
Determining Hosts in Zones...
   net (ipv4)
      eth0:0.0.0.0/0
   fw (firewall)
Preprocessing Action Files...
   Pre-processing /usr/share/shorewall/action.Drop...
    ..Expanding Macro /usr/share/shorewall/macro.Auth...
    ..End Macro /usr/share/shorewall/macro.Auth
    ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
    ..End Macro /usr/share/shorewall/macro.AllowICMPs
    ..Expanding Macro /usr/share/shorewall/macro.SMB...
    ..End Macro /usr/share/shorewall/macro.SMB
    ..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
    ..End Macro /usr/share/shorewall/macro.DropUPnP
    ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
    ..End Macro /usr/share/shorewall/macro.DropDNSrep
   Pre-processing /usr/share/shorewall/action.Reject...
    ..Expanding Macro /usr/share/shorewall/macro.Auth...
    ..End Macro /usr/share/shorewall/macro.Auth
    ..Expanding Macro /usr/share/shorewall/macro.SMB...
    ..End Macro /usr/share/shorewall/macro.SMB
Compiling /etc/shorewall/policy...
   Policy for fw to net is ACCEPT using chain fw2net
   Policy for net to fw is DROP using chain net2all
   Policy for net to fw is REJECT using chain all2all
   Policy for fw to net is REJECT using chain all2all
Processing /etc/shorewall/initdone...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
    Rule "ACCEPT net fw udp 137,138,139,445,1024:1100,5353,427 -" Compiled
    Rule "ACCEPT net fw tcp 137,138,139,445,1024:1100 -" Compiled
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Processing /usr/share/shorewall/action.Drop for chain Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Compiling MAC Filtration -- Phase 2...
Applying Policies...
   Policy DROP from net to fw using chain net2fw
   Policy ACCEPT from fw to net using chain fw2net
Generating Rule Matrix...
Optimizing Ruleset...
Creating iptables-restore input...
Compiling iptables-restore input for chain mangle:...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting Shorewall....
Initializing...
Loading Modules...
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
Processing /etc/shorewall/start ...
ipset v4.2: Kernel ip_set module is of protocol version 6.I'm of protocol version 4.
Please upgrade your kernel and/or ipset(8) utillity.
iptables v1.4.7: Set ifw_wl doesn't exist.

Try `iptables -h' or 'iptables --help' for more information.
ipset v4.2: Kernel ip_set module is of protocol version 6.I'm of protocol version 4.
Please upgrade your kernel and/or ipset(8) utillity.
iptables v1.4.7: Set ifw_bl doesn't exist.

Try `iptables -h' or 'iptables --help' for more information.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
iptables: Input/output error.
Processing /etc/shorewall/started ...
done.

Някои може ли да помогне?

[AMD]

На мен ми е интересно как shorewall в мандрива не се стартирал след като по подразбиране стартира.

А тези входно изходни грешки не са на много хубаво. Май ти трябва нов диск.

[tolostoi]

Направи ъпдейт на мандривата и пробвай пак, тези грешки които виждам може да са от правило, което не може да се изпълни на текущата версия на iptables, било то от некомпилирана функция на iptables или от друга която е променена или заменена с друга опция, пък shorewall не го знае това. Пише да обновиш ipset (като това може да е просто предупреждение, а не грешка)

Try `iptables -h' or 'iptables --help' for more information.
ipset v4.2: Kernel ip_set module is of protocol version 6.I'm of protocol version 4.
Please upgrade your kernel and/or ipset( utillity.
iptables v1.4.7: Set ifw_bl doesn't exist.

[eka]

Понеже имам и друг компютър със същата мандрива,пробвах с рестарт и на него.Даде същите съобщения,но разликата е че при него си се стартира със зареждането на системата а на другия не.Опитах и да добавя в rc.local един ред с които да я рестартирам

Код:

exec /sbin/shorewall restart

,но пак не се зарежда при стартирането.А ако изпълня от терминала ./rc.local се стартира макар и със същите грешки от горния пост.Мисля си че проблема е в init скриптовете но идея нямам къде точно и как да ги оправя.Колкото до ъпдейтите всичко е ок