Summary: | net-firewall/shorewall-perl-4.2.11.1: Start fails on boot with masq (NAT) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Chris Ribble <chris> |
Component: | [OLD] Server | Assignee: | Tony Vroon (RETIRED) <chainsaw> |
Status: | RESOLVED TEST-REQUEST | ||
Severity: | major | CC: | burcheri.massimo+bugs-gentoo, chris, ian, netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Chris Ribble
2010-07-16 01:12:23 UTC
From http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.11/releasenotes.txt : "Shorewall 4.4.10 includes a new 'Shorewall Init' package." This should address your issue but requires emerging ~. This happened to me also. Additionally it took me nearly two hours to find the solution and describe it to the guy having physical access to the machine. Would it be possible to mark this package as unstable or even mask it? When installing a stable package I normally expect no errors like this or at least no errors which make a remote system completely unusable. From shorewall upgrade perspective their is no chance to find out about this error. The bug for me was related to net-firewall/shorewall-common-4.2.11-r1 net-firewall/shorewall-perl-4.2.11.1 I hit the same problem. A workaround is to replace the SOURCE interface name (second column) of /etc/shorewall/masq with a network address and netmask (e.g. 192.168.1.0/24). It's also possible to use a comma-separated list if you have several subnets that need masquerading. (In reply to comment #2) > This happened to me also. Additionally it took me nearly two hours to find the > solution and describe it to the guy having physical access to the machine. > > Would it be possible to mark this package as unstable or even mask it? When > installing a stable package I normally expect no errors like this or at least > no errors which make a remote system completely unusable. This would've been the right thing to do (and saved me a trip to the colo). I don't understand why after a critical regression is discovered nothing is done about it? Especially a regression with a firewall? > From shorewall upgrade perspective their is no chance to find out about this > error. Comes up pretty fast after a reboot. Does this problem still exist with the newer versions? |