Announcement

Collapse
No announcement yet.

Shorewall: Error on boot [fixed]

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Shorewall: Error on boot [fixed]

    Hello.
    I have a little problem getting Shorewall to start at boot. It gives the following error in shorewall-init.log:
    Code:
    23:29:41 Setting up Masquerading/SNAT...
 ERROR: Unable to determine the routes through interface "eth0"
23:29:41 IP Forwarding Enabled
Terminated
    My /etc/shorewall/masq looks like this:
    Code:
    ###############################################################################
#INTERFACE		SOURCE		ADDRESS		PROTO	PORT(S)	IPSEC	MARK
wlan0          eth0
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
    (the interfaces are correct, internet from wireless -> wired network)

    I have read that the error message says the interface is not brought up, but it should be. I do it manually in rc.local:
    Code:
    #!/bin/sh -e
#
# rc.local
#

ifup eth0
/etc/init.d/dhcp3-server restart
/etc/init.d/nfs-user-server start
/usr/sbin/hostapd /etc/hostapd/hostapd.conf
/sbin/shorewall start

exit 0
    Does anyone have an idea about what's going on?

    Shorewall version 4.0.12-1
    Tags: None
    • Top
    • Bottom
    #2
    Re: Shorewall: Error on boot

    Sounds like your problem is that rc.local is executed after the Shorewall init script at boot time. Rather than trying to execute rc.local before Shorewall init script I'd try to configure the network by way of /etc/network/interfaces.
    • Top
    • Bottom

    Comment

      #3
      Re: Shorewall: Error on boot

      Well, I do configure the interface in /etc/network/interfaces and then I put it up in rc.local. And Shorewall is not executed before rc.local. It is executed last in rc.local. And this is what I think is weird, because eth0 should be up before shorewall is executed in rc.local.

      Anyone who knows what the problem might be?
      • Top
      • Bottom

      Comment

        #4
        Re: Shorewall: Error on boot

        Before rc.local is reached the system should have brought up the interfaces in /etc/network/interfaces so your ifup eth0 is not needed and should generate a message that it is already up. Ifup will also run the dhcpcd so that is not needed and may screw your network.

        I do not use shorewall but most firewalls have their own init scripts. Why are you adding it to rc.local?

        The system has numbers assigned to the scripts in /etc/rc2.d to control hte order in which things are done and it should also be starting you NFS system.

        You seem to be trying to recreate much of the init system in rc.local. Have you disabled the system somehow so that you need to do this?

        • Top
        • Bottom

        Comment

          #5
          Re: Shorewall: Error on boot

          Thank you for the answer! Now I removed everything from rc.local and managed to get eth0 up from /etc/network/interfaces. And both shorewall and dhcpd etc. works fine now! So thank you both for the tips!

          My only problem now is that I think wpa_supplicant is started after hostapd because when I boot Linux the network is without encryption, but if I then restart hostapd then I get my wpa2 encryption! So, do you know how to get wpa_supplicant to start before hostapd? Or do you have any other suggestions?
          • Top
          • Bottom

          Comment

            #6
            Re: Shorewall: Error on boot

            I doubt that you need hostapd at all. wpa-supplicant supplicant can deal with wpa and wpa2 encryption and you can configure it in /etc/network/interfaces. Make sure you have wlan0 in the auto line
            auto lo eth0 wlan0

            then something like
            allow-hotplug wlan0
            iface wlan0 inet dhcp
            wpa-ssid ESSID
            wpa-psk passphrase

            should work. You can use additional lines like
            dns-nameservers 192.168.0.3 192.168.0.100
            metric 100
            if need be.
            • Top
            • Bottom

            Comment

              #7
              Re: Shorewall: Error on boot

              hostapd is a wireless network deamon to host a access point, and that's what I'm using it for. If I only was to connect to a router then I could have done it through /etc/network/interfaces. But I need hostapd and if think wpa_supplicant needs to be started before the hostapd deamon. Do you know how to do that? Or sombody else?
              • Top
              • Bottom

              Comment

                #8
                Re: Shorewall: Error on boot

                I know almost nothing about hostapd but it does have an init script that is started with a position of 20 in /etc/rc2.d. I expect that you do not want your entry in /etc/rc.local.

                The init script references /etc/default/hostapd, which contains
                # Uncomment the following line to run hostapd on startup
                # WARNING! Depending on your configuration,
                # you may lose access via your wireless interface.
                #
                #RUN_DAEMON="yes"

                That is probably what you want. It also points to /etc/hostapd/hostapd.conf which is a rather large highly commented file that you probably need to be familiar with.
                • Top
                • Bottom

                Comment

                  #9
                  Re: Shorewall: Error on boot

                  Hi!
                  Now it all works fine! I found two sollutions to my problem.
                  1. To add a line "hostapd /etc/hostapd/hostapd.conf" to /etc/network/interfaces (under correct iface expression)
                  2. To edit /etc/default/hostapd as mando_hacker said. I also had to enable hostapd in BootUp-Manager. I don't know it this had been necessary if I hadn't installed BootUp-manager.

                  So thanks for the help, guys!
                  • Top
                  • Bottom

                  Comment

                  Previous template Next
                  Working...
                  X