[Shorewall-newbies] Can't start shorewall

James Brokaw hedgie at hedgie.com
Sun Feb 8 09:51:45 PST 2004

[Not subscribed to list, but reading from shorewall.net]

I've been running shorewall for quite some time, but since I got it
running once then left it alone, I'm going to consider myself a

My setup:  Mandrake 9.2 on a desktop, eth0 connects via a cable modem
to the Internet.  eth1 connects via crossover cable to a laptop that's
(sometimes) present on an internal 192.168.0.x network.  I've not
messed with Mandrake's built-in connection-sharing tool.

About two weeks ago, shorewall ceased loading.  I mucked about with
the config files and logs, but couldn't see any reason why it wouldn't
work.  I figured, what the heck, I needed to upgrade to 1.4.10 anyway,
so I removed my 1.4.08 install and all the config files, and installed
the latest version.  I installed the two-interfaces example, and I
still can't get shorewall to start.  /tmp/trace is mostly benign (I'll
post the whole thing if requested) but it ends thusly:

+ source=eth1
++ get_routed_subnets eth1
++ local address
++ local rest
++ ip route show dev eth1
++ read address rest
+ subnets=
+ '[' -z '' ']'
+ fatal_error 'Unable to determine the routes through interface eth1'
+ echo '   Error: Unable to determine the routes through interface eth1'
   Error: Unable to determine the routes through interface eth1
+ '[' start = check ']'
+ stop_firewall
+ set +x

IP addr show implies to me the problem is with eth1, not shorewall,
although I'm mystified how to solve it:

[root at md-wmnsmd-cuda2-c7b-63 shorewall]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet brd scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:03:47:dc:30:c4 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:a0:cc:3a:e2:0e brd ff:ff:ff:ff:ff:ff
[root at md-wmnsmd-cuda2-c7b-63 shorewall]# ip route show dev eth0  proto kernel  scope link  src dev lo  scope link
default via dev eth0

Any and all help appreciated!

