[FW1] Problems with fwstop and fwstart

Tue, 11 Jul 2000 09:07:12 -0700 


After upgrading the management console of our firewalls, a very curious thing 
happened: whenever the firewall is stopped and restarted, it attempts to kill the 
firewall processes using invalid pid numbers. It then uninstalls the rulebase and 
reports the firewall as stopped. Once fwstart is used to restart the firewall, it of 
course reports failures of the fwd and fwm processes and then attempts to reload the 
rulebase, which fails.

The commands and error logs look like this (IP's and hostnames have been changed):

thefirewall# ./fwstop
Cannot kill fwd pid 345: No such process
Cannot kill snmpd pid 351: No such process
Cannot kill fwm pid 353: No such process

Uninstalling Security Policy from all.all@thefirewall
Done.
thefirewall# ./fwstart
FireWall-1: Starting fwd
FireWall-1: Starting snmpd
snmpd: Opening port(s): 161 Cannot bind: Address already in use
260 Cannot bind: Address already in use

SNMPD: No Ports available. Aborting
FireWall-1:  Starting fwm (Remote Management Server)
fwm: Can't establish service: Address already in use
FireWall-1: failed to start fwm

FireWall-1: Fetching Security Policy from 192.168.1.1 localhost
Trying to fetch Security Policy from 192.168.1.1:

Installing Security Policy TurnerRuleset on all.all@thefirewall
Failed to Load Security Policy: Invalid argument
Fetching Security Policy from 192.168.1.1 failed
Trying to fetch Security Policy from localhost:

Installing Security Policy TurnerRuleset on all.all@thefirewall
Failed to Load Security Policy: Invalid argument
Fetching Security Policy from localhost failed
Cannot fetch Security Policy from 192.168.1.1 localhost
FireWall-1 started

The firewall is a Sun Ultra 2 running Solaris 2.6 and Firewall-1 v 4.1 SP1. It was 
recently upgraded from Firewall-1 v4.0 SP5 using pkgadd. The packages added were the 
firewall software, GUI and load agent. The values listed in fwm.pid, snmpd.pid and 
fwd.pid are the >correct< values for the running processes, the values chosen by the 
script vary every time it's tried.

Any ideas on what and where to look would be greatly appreciated, as well as possible 
causes.

[-]+[-]+[-]+[-]+[-]+[-]+[-]+[-]+[-]
Kevin Brooks
System & Network Security
Turner Broadcasting System, Inc.
Direct: (404) 827-1922
Nextel: (404) 597-8367
Email: [EMAIL PROTECTED]
[-]+[-]+[-]+[-]+[-]+[-]+[-]+[-]+[-]


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to