On 7/26/2014 9:41 AM, sur...@emailengine.net wrote: >> This is way too late in the trace. >> >> Does 'shorewall-lite status -i' show tun1 as disabled? If so, type: > > yes it does > >> shorewall-lite enable tun1
What was the output of this command? >> shorewall-lite restart > > still fails as above > >> If that doesn't work, you need to look much earlier in the trace for >> 'interface_is_usable tun1'. > > quite the puzzle! for me anyway. > > > ... > ++ sed -r 's/(@.*)?:$//' > + for interface in '$(find_all_interfaces1)' > + case "$interface" in > + for interface in '$(find_all_interfaces1)' > + case "$interface" in > + for interface in '$(find_all_interfaces1)' > + case "$interface" in > + for interface in '$(find_all_interfaces1)' > + case "$interface" in > + for interface in '$(find_all_interfaces1)' > + case "$interface" in > + interface_is_usable tun1 > + local status > + status=0 > + '[' tun1 '!=' lo ']' > + interface_is_up tun1 > ++ /sbin/ip -4 link list dev tun1 > ++ grep -e '[<,]UP[,>]' > + '[' -n '15: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 > qdisc pfifo_fast state UP mode DEFAULT group default qlen 100' ']' > ++ find_first_interface_address_if_any tun1 > ++ '[' 4 -eq 4 ']' > +++ /sbin/ip -f inet addr show tun1 > +++ grep 'inet .* global' > +++ head -n1 > ++ addr=' inet 10.0.0.2/24 brd 10.0.0.255 scope global tun1' > ++ '[' -n ' inet 10.0.0.2/24 brd 10.0.0.255 scope global tun1' ']' > ++ echo inet 10.0.0.2/24 brd 10.0.0.255 scope global tun1 > ++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//' > + '[' 10.0.0.2 '!=' 0.0.0.0 ']' > + '[' restart = enable ']' > + run_isusable_exit tun1 > + local status > + status=0 > + '[' -f /var/lib/shorewall-lite/tun1.status ']' > ++ cat /var/lib/shorewall-lite/tun1.status > + status=1 > + return 1 > + status=1 > + return 1 > + define_firewall > + progress_message2 Initializing... > + local timestamp > ... > > checking > > cat /var/lib/shorewall-lite/tun1.status > 1 > > > it looks like it thinks it's up No -- it is down. In the shell, 0 is good and non-zero is bad. So if tun1.status has a one it it, the interface is disabled. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
