On Tuesday 15 May 2007 00:15, Tom Eastep wrote: > Steven Jan Springl wrote: > > On Monday 14 May 2007 22:33, Tom Eastep wrote: > >> On Mon, 2007-05-14 at 22:15 +0100, Steven Jan Springl wrote: > >>> Tom > >>> > >>> With zone entry: > >>> > >>> vpn ipsec > >>> > >>> when I issue command: > >>> > >>> shorewall add eth0 vpn > >>> > >>> the following messages are generated: > >>> > >>> iptables v1.3.6: Couldn't load target > >>> `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object > >>> file: No such file or directory > >>> > >>> Try `iptables -h' or 'iptables --help' for more information. > >>> ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn > >>> iptables v1.3.6: Couldn't load target > >>> `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object > >>> file: No such file or directory > >>> > >>> Try `iptables -h' or 'iptables --help' for more information. > >>> ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn > >>> iptables v1.3.6: Couldn't load target > >>> `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object > >>> file: No such file or directory > >>> > >>> Try `iptables -h' or 'iptables --help' for more information. > >>> ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn > >>> iptables v1.3.6: Couldn't load target > >>> `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object > >>> file: No such file or directory > >>> > >>> Try `iptables -h' or 'iptables --help' for more information. > >>> ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn > >>> iptables v1.3.6: Couldn't load target > >>> `vpn_frwd':/lib/iptables/libipt_vpn_frwd.so: cannot open shared object > >>> file: No such file or directory > >>> > >>> Try `iptables -h' or 'iptables --help' for more information. > >>> ERROR: Can't add +eth0:0.0.0.0/0 to zone vpn > >> > >> I believe this is fixed in revision 6348. > >> > >> Thanks, Steven > >> > >> -Tom > > > > Tom > > > > Revision 6348 has fixed that problem, however there is another issue. > > > > It now seems that is only possible to add 1 dynamic entry. > > > > Zones entries: > > > > fw firewall > > lan ipv4 > > wan ipv4 > > dmz ipv4 > > tst ipv4 > > vpn ipsec > > > > Interfaces entries: > > > > lan eth0 > > wan eth1 > > dmz eth2 > > > > If I now issue the following commands: > > > > shorewall start > > shorewall add eth0 dmz (this works) > > shorewall add eth0 vpn (this produces the following messages) > > > > iptables: No chain/target/match by that name > > ERROR: Can't add eth0:0.0.0.0/0 to zone vpn > > > > Despite these messages eth0 has been added to both dmz and vpn zones > > in /var/lib/shorewall/zones. > > > > If I now change the order in which eth0 is added to zones dmz and vpn: > > > > shorewall clear > > shorewall start > > shorewall add eth0 vpn (this works) > > shorewall add eth0 dmz (this now fails with the same message as above) > > > > This problem seems to happen no matter which interfaces I try to add to > > any 2 or more zones. > > Wow -- that uncovered a can of worms. I think it's all sorted out in 6352. > > -Tom
Tom Yes, that seems to have fixed the problem. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
