[Firewall] Something about v1.9.2j

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Thu Mar 4 10:11:42 CET 2010


Weird. Mind sending the complete output of 
"/usr/local/sbin/arno-iptables-firewall start" (showing the problem)?

Dmitry wrote:
> Fw started after... well I didn't bring down interfaces.. its a working 
> server. I wanted to upgrade as seamless as possible, noone even noticed 
> it.. I didn't bring down interfaces, nor did I reboot this machine..
> I ran uninstall script, and installed a new one, made changes to config 
> and just restarted fw (/etc/init.d/arno-iptables-firewall restart) 
> that's all.
> 
> I forgot to mention that there are in indeed interfaces that not exist 
> yet... like ppp0, ppp1, ppp3.....ppp10.  so, its normal script 
> behavior.. but not about those ifaces I was talking about (eth0, eth1, 
> eth2 - these are always up, and ppp25 will not appear if eth0 is down 
> for example)
> 
> 
> Arno van Amersfoort пишет:
>> This all looks ok. No worries about the UNKNOWN things. But again: I 
>> think your problem is the fact that your firewall is started before 
>> the network interfaces are brought up. I recently changed this in the 
>> install-script, so re-running it should fix the problem....
>>
>> a.
>>
>> Dmitry wrote:
>>>
>>> Here's my 'ip link show':
>>>
>>> where eth0 is my ISP's LAN (external net), eth1 is my LAN (internal 
>>> net), eth2 is DMZ (my wlan) and ppp25 is internet (via eth0, external)
>>>
>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
>>> state UNKNOWN qlen 1000 link/ether 00:80:48:4e:28:27 brd 
>>> ff:ff:ff:ff:ff:ff
>>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
>>> state UNKNOWN qlen 1000 link/ether 00:80:48:4e:27:fb brd 
>>> ff:ff:ff:ff:ff:ff
>>> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
>>> state UNKNOWN qlen 1000 link/ether 00:50:fc:c1:5e:00 brd 
>>> ff:ff:ff:ff:ff:ff
>>> 229: ppp25: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1460 qdisc 
>>> pfifo_fast state UNKNOWN qlen 3 link/ppp
>>>
>>> Weird. Link state "UNKNOWN" I don't get it...why? any help will be 
>>> appreciated.. I think some module is missing... its been running like 
>>> this for almost 4 or 5 years xD
>>>
>>> I'm running GNU/Linux Debian Lenny 5.0 (2.6.26-2-686).
>>>
>>>
>>> Arno van Amersfoort пишет:
>>>> Thanks for reporting the uninstall bug. I've fixed it.
>>>>
>>>> About the non existing interface errors. Mind posting the output of 
>>>> "ip link show" ?
>>>>
>>>> Are you sure the firewall is started AFTER the network has been 
>>>> brought up?
>>>>
>>>> And about the space/comma thing in variables. Most of the time both 
>>>> work. Rule of the thumb is that space seperation should be used when 
>>>> you want to group certain rules when using eg. interface 
>>>> restrictions (which most ppl don't). For variables only takes 
>>>> interfaces both spaces & commas are fine.
>>>>
>>>> a.
>>>>
>>>>
>>>> Dmitry wrote:
>>>>> Ok, I've upgraded from v1.9.2a to the latest build..
>>>>>
>>>>> Uninstall.sh has mistaken Y/N answers.. so No = Yes, and Yes = 
>>>>> No... Do you want to uninstall? I press Y, and script takes it as No.
>>>>>
>>>>>
>>>>> and when I run the script I see this:
>>>>>
>>>>> *************
>>>>> Arno's Iptables Firewall Script v1.9.2j
>>>>> ------------------------------------------------------------------------------- 
>>>>>
>>>>> Sanity checks passed...OK
>>>>> NOTE: External interface eth0 does NOT exist (yet?)
>>>>> NOTE: External interface ppp25 does NOT exist (yet?)
>>>>> NOTE: Internal interface eth1 does NOT exist (yet?)
>>>>> NOTE: DMZ interface eth2 does NOT exist (yet?)
>>>>>
>>>>> *************
>>>>>
>>>>> But all those interfaces are up and running. Everything is working 
>>>>> well, but it's a little bit confusing...
>>>>>
>>>>> And a question, sometimes it says (in comments) that multiple 
>>>>> interfaces should be space separated and sometimes comma 
>>>>> separated... which separation method should I use?
>>>>>
>>>>> Thank you.
>>>>>
>>>>> Sincerely yours,
>>>>> Dmitry.
>>>>>
>>>>> _______________________________________________
>>>>> Firewall mailing list
>>>>> Firewall at rocky.eld.leidenuniv.nl
>>>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>>>> http://rocky.eld.leidenuniv.nl
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list