The firestarter.sh script never stops the firewall properly. It leaves the firestarter file in /var/lock/subsys and gentoo still thinks the firewall is running when it has already been shutdown. I need to zap the firestarter initscript and remove the firestarter file in /var/lock/subsys for it to start. I tracked the problem down to retval=$? in the stop_firewall function. It seems to return 3 all the time. If it returns 3, it doesn't remove the firestarter lock file and doesn't correctly stop the init script. When I changed retval=$? to retval=0 in the stop_firewall function, the initscript stopped and removed the necessary files to allow it to restart without having to be zapped. I'm going to assume that $? returns 0 when the above commands are successful so there is probably a problem with one of these commands: $IPT -F $IPT -X $IPT -Z $IPT -P INPUT ACCEPT $IPT -P FORWARD ACCEPT $IPT -P OUTPUT ACCEPT $IPT -t mangle -F 2>/dev/null $IPT -t mangle -X 2>/dev/null $IPT -t mangle -Z 2>/dev/null $IPT -t nat -F 2>/dev/null $IPT -t nat -X 2>/dev/null $IPT -t nat -Z 2>/dev/null
So which one is it? Can you run the commands manually and report which one is failing and why?
Just so I'm clear: $? returns zero if the above commands are successful? Would one of these commands fail if I didn't enable something in the kernel? I'm pretty sure I turned everything on for ip filtering.
Created attachment 102874 [details] Kernel Config 2.6.18-gentoo-r3
# CONFIG_IP_NF_NAT is not set That's probably the problem.
I recompiled my kernel with that setting and yes that looks like that was the problem. Thanks for pointing it out. :-)