[Firewall] Something about v1.9.2j

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Wed Mar 3 13:46:11 CET 2010


This all looks ok. No worries about the UNKNOWN things. But again: I 
think your problem is the fact that your firewall is started before the 
network interfaces are brought up. I recently changed this in the 
install-script, so re-running it should fix the problem....

a.

Dmitry wrote:
> 
> Here's my 'ip link show':
> 
> where eth0 is my ISP's LAN (external net), eth1 is my LAN (internal 
> net), eth2 is DMZ (my wlan) and ppp25 is internet (via eth0, external)
> 
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> state UNKNOWN qlen 1000 link/ether 00:80:48:4e:28:27 brd ff:ff:ff:ff:ff:ff
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> state UNKNOWN qlen 1000 link/ether 00:80:48:4e:27:fb brd ff:ff:ff:ff:ff:ff
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> state UNKNOWN qlen 1000 link/ether 00:50:fc:c1:5e:00 brd ff:ff:ff:ff:ff:ff
> 229: ppp25: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1460 qdisc 
> pfifo_fast state UNKNOWN qlen 3 link/ppp
> 
> Weird. Link state "UNKNOWN" I don't get it...why? any help will be 
> appreciated.. I think some module is missing... its been running like 
> this for almost 4 or 5 years xD
> 
> I'm running GNU/Linux Debian Lenny 5.0 (2.6.26-2-686).
> 
> 
> Arno van Amersfoort пишет:
>> Thanks for reporting the uninstall bug. I've fixed it.
>>
>> About the non existing interface errors. Mind posting the output of 
>> "ip link show" ?
>>
>> Are you sure the firewall is started AFTER the network has been 
>> brought up?
>>
>> And about the space/comma thing in variables. Most of the time both 
>> work. Rule of the thumb is that space seperation should be used when 
>> you want to group certain rules when using eg. interface restrictions 
>> (which most ppl don't). For variables only takes interfaces both 
>> spaces & commas are fine.
>>
>> a.
>>
>>
>> Dmitry wrote:
>>> Ok, I've upgraded from v1.9.2a to the latest build..
>>>
>>> Uninstall.sh has mistaken Y/N answers.. so No = Yes, and Yes = No... 
>>> Do you want to uninstall? I press Y, and script takes it as No.
>>>
>>>
>>> and when I run the script I see this:
>>>
>>> *************
>>> Arno's Iptables Firewall Script v1.9.2j
>>> ------------------------------------------------------------------------------- 
>>>
>>> Sanity checks passed...OK
>>> NOTE: External interface eth0 does NOT exist (yet?)
>>> NOTE: External interface ppp25 does NOT exist (yet?)
>>> NOTE: Internal interface eth1 does NOT exist (yet?)
>>> NOTE: DMZ interface eth2 does NOT exist (yet?)
>>>
>>> *************
>>>
>>> But all those interfaces are up and running. Everything is working 
>>> well, but it's a little bit confusing...
>>>
>>> And a question, sometimes it says (in comments) that multiple 
>>> interfaces should be space separated and sometimes comma separated... 
>>> which separation method should I use?
>>>
>>> Thank you.
>>>
>>> Sincerely yours,
>>> Dmitry.
>>>
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>>
>>
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list