On Monday 14 May 2007 22:33, Tom Eastep wrote:
> On Mon, 2007-05-14 at 22:15 +0100, Steven Jan Springl wrote:
> > Tom
> >
> > With zone entry:
> >
> > vpn ipsec
> >
> > when I issue command:
> >
> > shorewall add eth0 vpn
> >
> > the following messages are generated:
> >
> > iptables v1.3.6: Couldn't load target
> > `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object
> > file: No such file or directory
> >
> > Try `iptables -h' or 'iptables --help' for more information.
> > ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn
> > iptables v1.3.6: Couldn't load target
> > `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object
> > file: No such file or directory
> >
> > Try `iptables -h' or 'iptables --help' for more information.
> > ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn
> > iptables v1.3.6: Couldn't load target
> > `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object
> > file: No such file or directory
> >
> > Try `iptables -h' or 'iptables --help' for more information.
> > ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn
> > iptables v1.3.6: Couldn't load target
> > `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object
> > file: No such file or directory
> >
> > Try `iptables -h' or 'iptables --help' for more information.
> > ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn
> > iptables v1.3.6: Couldn't load target
> > `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object
> > file: No such file or directory
> >
> > Try `iptables -h' or 'iptables --help' for more information.
> > ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn
>
> I believe this is fixed in revision 6348.
>
> Thanks, Steven
>
> -Tom
Tom
Revision 6348 has fixed that problem, however there is another issue.
It now seems that is only possible to add 1 dynamic entry.
Zones entries:
fw firewall
lan ipv4
wan ipv4
dmz ipv4
tst ipv4
vpn ipsec
Interfaces entries:
lan eth0
wan eth1
dmz eth2
If I now issue the following commands:
shorewall start
shorewall add eth0 dmz (this works)
shorewall add eth0 vpn (this produces the following messages)
iptables: No chain/target/match by that name
ERROR: Can't add eth0:0.0.0.0/0 to zone vpn
Despite these messages eth0 has been added to both dmz and vpn zones
in /var/lib/shorewall/zones.
If I now change the order in which eth0 is added to zones dmz and vpn:
shorewall clear
shorewall start
shorewall add eth0 vpn (this works)
shorewall add eth0 dmz (this now fails with the same message as above)
This problem seems to happen no matter which interfaces I try to add to any 2
or more zones.
Steven.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
