On 11/21/2017 05:53 AM, Øyvind Lode wrote: > Hi Roberto, > > On 21 November 2017 at 12:40, Roberto C. Sánchez <robe...@connexer.com> wrote: >>> I even had to replace allow-hotplug with auto on all nics in >>> /etc/network/interfaces to have shorewall startup at boot. >> >> This is strange. I have not encountered this. Can you describe more >> details of your configuration so that I can understand this? > > I performed a clean/fresh install of stretch. > After install my /etc/network/interfaces looked like this (removed > loopback here in the email): > > # The primary network interface > allow-hotplug eno1 > iface eno1 inet dhcp > > After booting into my new installation I also added: > > # LAN interface > allow-hotplug eno2 > iface eno2 inet static > address 192.168.1.1 > netmask 255.255.255.0 > > I then configured shorewall and started my firewall with 'sudo shorewall > start' > Verified that everything was working as expected. > > Then i set startup=1 in /etc/default/shorewall and also verified that > STARTUP_ENABLED=YES in /etc/shorewall/shorewall.conf. > > I then rebooted my firewall to verify that it started up automatically. > However it did not start. > > I found that systemd script shorewall.service was disabled by running > 'systemctl is-enabled shorewall'. > The output of the command told me that the service was disabled, so I > enabled it by running: > > $ sudo systemctl enable shorewall.service > > Rebooted the firewall again but it still did not start automatically. > > Then I just for the fun of it replaced allow-hotplug with auto like this: > > # The primary network interface > auto eno1 > iface eno1 inet dhcp > > # LAN interface > auto eno2 > iface eno2 inet static > address 192.168.1.1 > netmask 255.255.255.0 > > Rebooted again and now shorewall started automatically when the > firewall boots up. > I found this a bit strange but now it works as expected. >
Do you recall what the output of 'systemctl status shorewall' was when Shorewall failed to start? -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users