Hi All, I have recently done a live upgrade of vyatta to make sure everything was up to date. I saved the config.boot file just in case. After the reboot the loaded config was lost (not sure if this is by design on an upgrade). So I am now trying to load the config file from the ofr over tftp.
Now the first problem was this, it failed to parse the config file on a firewall rule (which worked before the upgrade) which was this. rule 9 { protocol: "tcp" action: "accept" log: "disable" destination { address: 192.168.10.2 port-number: 1723 } } it was complaining about the port number. So I removed this rule out of the config file and tried to reaload it with this version. protocols { ospf4 { router-id: 10.1.1.3 rfc1583-compatibility: false ip-router-alert: false area 0.0.0.0 { area-type: "normal" interface eth0 { link-type: "broadcast" address 172.20.1.253 { priority: 128 hello-interval: 10 router-dead-interval: 40 interface-cost: 1 retransmit-interval: 5 transit-delay: 1 passive: false disable: false } } interface lo { link-type: "broadcast" address 10.1.1.3 { priority: 128 hello-interval: 10 router-dead-interval: 40 interface-cost: 1 retransmit-interval: 5 transit-delay: 1 passive: false disable: false } } } export: "static-to-OSPF" } static { disable: false route 0.0.0.0/0 { next-hop: x.x.x.30 metric: 1 } } } policy { policy-statement "static-to-OSPF" { term 1 { from { protocol: "static" } then { action: "accept" } } } } interfaces { restore: false loopback lo { description: "" address 10.1.1.3 { prefix-length: 32 disable: false } } ethernet eth1 { disable: false discard: false description: "" hw-id: 00:50:56:a8:29:60 duplex: "auto" speed: "auto" address x.x.x.29 { prefix-length: 27 disable: false } address x.x.x.3 { prefix-length: 27 disable: false } address x.x.x.2 { prefix-length: 27 disable: false } firewall { in { name: "DMZ_IN" } } } ethernet eth0 { disable: false discard: false description: "" hw-id: 00:50:56:a8:34:ec duplex: "auto" speed: "auto" address 172.20.1.253 { prefix-length: 23 disable: false } vrrp { vrrp-group: 100 virtual-address: 172.20.1.254 authentication: "xxxxxx" advertise-interval: 1 preempt: true priority: 1 } } } service { nat { rule 2 { type: "source" inbound-interface: "eth0" outbound-interface: "eth1" protocols: "all" source { address: "172.20.0.1" } destination { network: "0.0.0.0/0" } outside-address { address: x.x.x.2 } } rule 3 { type: "destination" inbound-interface: "eth1" outbound-interface: "eth0" protocols: "all" source { network: "0.0.0.0/0" } destination { address: "x.x.x.2" } inside-address { address: 172.20.0.1 } } rule 4 { type: "source" inbound-interface: "eth0" outbound-interface: "eth1" protocols: "tcp" source { address: "192.168.10.5" } destination { network: "0.0.0.0/0" } outside-address { address: x.x.x.3 } } rule 5 { type: "destination" inbound-interface: "eth1" outbound-interface: "eth0" protocols: "tcp" source { network: "0.0.0.0/0" } destination { address: "x.x.x.3" port-number 25 } inside-address { address: 192.168.10.5 port-number: 25 } } rule 6 { type: "destination" inbound-interface: "eth1" outbound-interface: "eth0" protocols: "tcp" source { network: "0.0.0.0/0" } destination { address: "x.x.x.3" port-number 80 } inside-address { address: 192.168.10.5 port-number: 80 } } rule 7 { type: "destination" inbound-interface: "eth1" outbound-interface: "eth0" protocols: "tcp" source { network: "0.0.0.0/0" } destination { address: "x.x.x.3" port-name https } inside-address { address: 192.168.10.5 port-number: 443 } } rule 8 { type: "destination" inbound-interface: "eth1" outbound-interface: "eth0" protocols: "tcp" destination { address: "x.x.x.29" port-number 1723 } inside-address { address: 192.168.10.2 port-number: 1723 } } rule 9 { type: "source" inbound-interface: "eth0" outbound-interface: "eth1" protocols: "tcp" source { address: "192.168.10.2" port-number 1723 } outside-address { address: x.x.x.29 port-number: 1723 } } rule 10 { type: "destination" inbound-interface: "eth1" outbound-interface: "eth0" protocols: "gre" destination { address: "x.x.x.29" } inside-address { address: 192.168.10.2 } } rule 1023 { type: "masquerade" outbound-interface: "eth1" source { network: "192.168.10.0/23" } } rule 1024 { type: "masquerade" outbound-interface: "eth1" source { network: "172.20.0.0/23" } } } webgui { http-port: 80 https-port: 443 } } firewall { log-martians: "enable" send-redirects: "disable" receive-redirects: "disable" ip-src-route: "disable" broadcast-ping: "disable" syn-cookies: "enable" name "DMZ_IN" { description: "Input packet from public network into DMZ" rule 1 { protocol: "udp" action: "accept" log: "disable" source { port-name: "domain" } } rule 2 { protocol: "icmp" action: "accept" log: "disable" } rule 3 { protocol: "udp" action: "accept" log: "disable" destination { port-name: "domain" } } rule 4 { protocol: "tcp" action: "accept" log: "disable" source { port-name: "domain" } } rule 5 { protocol: "tcp" state { established: "enable" } action: "accept" log: "disable" } rule 6 { protocol: "tcp" action: "accept" log: "disable" destination { address: 192.168.10.5 port-name: "smtp" } } rule 7 { protocol: "tcp" action: "accept" log: "disable" destination { port-name: "http" } } rule 8 { protocol: "tcp" action: "accept" log: "disable" destination { port-name: "https" } } rule 9 { protocol: "gre" action: "accept" log: "disable" destination { address: 192.168.10.2 } } rule 10 { protocol: "tcp" action: "accept" log: "disable" destination { port-range { start: 20 stop: 21 } } } } } but it fails to load. the xorpsh process shot up to 100% cpu and did not load the config. The shell just sits there with [edit] showing and does not return me back to the shell. I have to press Ctrl-C to abort the operation. When I then exit configuration mode I get the message Finder disconnected. No Finder? Does anyone have any idea why this could be? Thanks _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users