vuurmuur icon indicating copy to clipboard operation
vuurmuur copied to clipboard

Published 20 hours ago verified publisher icon inliniac

vuurmuur fail to start on Debian 12

Open carlosmaug opened this issue 1 year ago • 5 comments

After upgrading to Debian 12 vuurmuur stop working.

uname -a Linux 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64 GNU/Linux

/etc/init.d/vuurmuur start
Starting firewall: Vuurmuur:
        Loading modules:        ip_tables iptable_filter iptable_mangle iptable_nat modprobe: FATAL: Module nf_conntrack_ipv4 not found in directory /lib/modules/6.1.0-9-amd64
nf_conntrack_ipv4 nf_conntrack_ftp nf_nat nf_nat_ftp 
        Loading Vuurmuur:       Error: checking for iptables-capabilities failed. Please see error.log.
FAILED, please check /var/log/vuurmuur/error.log.
        Loading Vuurmuur_log:   ok.
Starting firewall: Vuurmuur: done

cat /var/log/vuurmuur/error.log
06/26/2023 11:29:27 : PID 13615 : vuurmuur      : Error (-1): no iptables-support in the kernel: filter table missing (in: iptcap.c:624:vrmr_check_iptcaps)

cat /var/log/vuurmuur/debug.log
06/26/2023 11:31:33 : PID 14175 : vuurmuur      : [iptcap.c:287:iptcap_test_filter_rpfilter_match]: iptcap_delete_test_filter_chain failed, but error will be ignored
06/26/2023 11:31:33 : PID 14188 : vuurmuur_log  : [vuurmuur_log.c:306:main]: Setting up nflog
06/26/2023 11:31:33 : PID 14189 : vuurmuur_log  : [vuurmuur_ipc.c:66:ipc_setup]: Creating shared memory successfull: shm_id: 20.

cat /var/log/vuurmuur/vuurmuur.log
06/26/2023 11:34:11 : PID 14385 : vuurmuur      : Error (-1): no iptables-support in the kernel: filter table missing (in: iptcap.c:624:vrmr_check_iptcaps)
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: subscribed to nflog group 8
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Warning: can't set mnl socket timeout: Protocol not available (in: conntrack.c:274:conntrack_subscribe)
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading services...
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading services succesfull.
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading interfaces...
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading interfaces succesfull.
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading zones...
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading zones succesfull.
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Creating hash-table for the zones...
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Creating hash-table for the services...
06/26/2023 11:34:11 : PID 14399 : vuurmuur_log  : Info: Attaching to shared memory successfull.
06/26/2023 11:34:11 : PID 14399 : vuurmuur_log  : Info: Creating a semaphore success: 21
06/26/2023 11:34:11 : PID 14399 : vuurmuur_log  : Info: Initializing the semaphore successfull.

iptables-save 
# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jun 26 12:03:01 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PRE-VRMR-FORWARD - [0:0]
-A PRE-VRMR-FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Jun 26 12:03:01 2023
# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jun 26 12:03:01 2023
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Mon Jun 26 12:03:01 2023
# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jun 26 12:03:01 2023
*filter
:INPUT ACCEPT [227:18726]
:FORWARD ACCEPT [286:37207]
:OUTPUT ACCEPT [91:8163]
:f2b-postfix-sasl - [0:0]
COMMIT
# Completed on Mon Jun 26 12:03:01 2023
# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jun 26 12:03:01 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Jun 26 12:03:01 2023
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them

┌─────────────────────────────── Status ───────────────────────────────┐
│ One or more problems were detected in your current setup. Below is   │
│ a list.                                                              │
│                                                                      │
│ - No interfaces have shaping enabled. Please make sure that at       │
│ least one of the interfaces has shaping enabled (warn).              │
│                                                                      │
│ - No connection could be established with Vuurmuur. Please make      │
│ sure that it is running (fail).

carlosmaug avatar Jun 26 '23 09:06 carlosmaug