On 7/29/19 4:11 AM, Mahashakti89 wrote:
> Hi,
>
> Shorewall won't start .... I am running Debian Sid. Could need some
> help.
> I used the documentation > examples > two-interfaces to set up the
> firewall.
>
> 1.On start I get following error message : Starting Shorewall....
> Initializing...
> Setting up Route Filtering...
> Setting up Martian Logging...
> Setting up Accept Source Routing...
> Preparing iptables-restore input...
> Running /sbin/iptables-restore --wait 60...
> iptables-restore v1.8.3 (nf_tables):
> line 5: CHAIN_UPDATE failed (Operation not supported): chain PREROUTING
> line 6: CHAIN_UPDATE failed (Operation not supported): chain OUTPUT
> ERROR: iptables-restore Failed. Input is
> in /var/lib/shorewall/.iptables-restore-input Preparing
> iptables-restore input... Running /sbin/iptables-restore --wait 60...
> iptables-restore v1.8.3 (nf_tables):
> line 5: CHAIN_UPDATE failed (Operation not supported): chain PREROUTING
> line 6: CHAIN_UPDATE failed (Operation not supported): chain OUTPUT
> ERROR: /sbin/iptables-restore --wait 60 Failed.
> IPv4 Forwarding Enabled
> Terminated
> zsh: exit 143 sudo shorewall start
>
> 2.So I used :
>
> iptables-legacy -t nat -v -L -n --line-number
> Chain PREROUTING (policy ACCEPT 152 packets, 8722 bytes)
> num pkts bytes target prot opt in out
> source destination
>
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> num pkts bytes target prot opt in out
> source destination
>
> Chain OUTPUT (policy ACCEPT 2507 packets, 153K bytes)
> num pkts bytes target prot opt in out
> source destination
>
> Chain POSTROUTING (policy ACCEPT 2507 packets, 153K bytes)
> num pkts bytes target prot opt in out
> source destination
>
>
> 3.I wanted to delete PREROUTING and OUTPUT rules using :
>
> iptables-legacy -t nat -D POSTROUTING {number-here}
>
> but it won't work I have no rule number to use
>
>
> Hope you understand my english.
> Could need some help
>
> mahashakti89Try switching to the legacy iptables backend. Example: root@testing:/usr/share/doc/iptables# update-alternatives --config iptables There are 2 choices for the alternative iptables (providing /usr/sbin/iptables). Selection Path Priority Status ------------------------------------------------------------ * 0 /usr/sbin/iptables-nft 20 auto mode 1 /usr/sbin/iptables-legacy 10 manual mode 2 /usr/sbin/iptables-nft 20 manual mode Press <enter> to keep the current choice[*], or type selection number: 1 update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode root@testing:/usr/share/doc/iptables# If that works, please send me (privately) a tarball of your /etc/shorewall directory. Thanks, -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
