NAT addresses not being added

> I've started building a new firewall. When I run the script to install
> the rules and add the virtual IP, the virtual IPs are not being  
> added. I
> can see the lines in the script that are to add them, but see no  
> errors.
>
> Some points that might be pertinent:
>
> I am using the same FWBuilder that I am using for 3 other firewalls.
> Same settings, etc.
> The new firewall is a Centos 5 box, the older ones are Centos 3
> The "installed" IP address (X.Y.Z.192) on the particular NIC  that is
> not getting it's virtual IPs started has a netmask of X.Y.Z.128/32 and
> it is defined properly in the firewall script.
>
> I'm running version 2.0.12 of FW Builder. (We're switching providers  
> and
> will probably upgrade after the switch). Old but not ancient.
>
> Can anyone think of a reason any of the above criteria might prevent  
> the
> virtual IPs from being started when the firewall script is ran?
>
> Thanks in advance.
>
> Steve Campbell
>
>
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's  
> challenge
> Build the coolest Linux based applications with Moblin SDK & win  
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in  
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Fwbuilder-discussion mailing list
> Fwbuilder-discussion@...
> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
>

>
> A.B.C.D should the address to be added, eth0 is the name of the  
> interface.
>
> I am not clear on the address X.Y.Z.128/32.  What is this, is this  
> address of the object you use in the NAT rule and therefore the  
> address that needs to be added to the interface ?
>
> It sounds like the address which is configured on the interface is  
> X.Y.Z.192. What is the netmask ?
>  

> --vk
>
>
>
> On Aug 14, 2008, at 12:27 PM, Steve Campbell wrote:
>
>  
>> I've started building a new firewall. When I run the script to install
>> the rules and add the virtual IP, the virtual IPs are not being  
>> added. I
>> can see the lines in the script that are to add them, but see no  
>> errors.
>>
>> Some points that might be pertinent:
>>
>> I am using the same FWBuilder that I am using for 3 other firewalls.
>> Same settings, etc.
>> The new firewall is a Centos 5 box, the older ones are Centos 3
>> The "installed" IP address (X.Y.Z.192) on the particular NIC  that is
>> not getting it's virtual IPs started has a netmask of X.Y.Z.128/32 and
>> it is defined properly in the firewall script.
>>
>> I'm running version 2.0.12 of FW Builder. (We're switching providers  
>> and
>> will probably upgrade after the switch). Old but not ancient.
>>
>> Can anyone think of a reason any of the above criteria might prevent  
>> the
>> virtual IPs from being started when the firewall script is ran?
>>
>> Thanks in advance.
>>
>> Steve Campbell
>>
>>    

> Mr. Kurland,
>
> I have discovered more about the problem.
>
> A colleague discovered that if the NIC is disabled, addresses could be
> added. After trying to recreate the problem, I find that not only does
> the NIC need to be disabled, but also, no address can be assigned to  
> the
> NIC. At that point, IPs can be added with the add_addr function. Until
> the addresses are cleared, though, no addresses can be added or  
> changed.
>
> The latter condition (no addresses and inactive) seems to be the key.
> Another problem has emerged - when other NICs are to get IPs  
> assigned to
> them, the script is not seeing them as another NIC, hence the "va_num"
> variable is not getting reset. An example follows:
>
> First address is added to Nic 1  x.y.z.1 as eth0:FWB1
> Second address is added to Nic 1 x.y.z.2 as eth0:FWB2
> Third address is added to Nic 2 as z.y.x.1 as eth1:FWB3 <- should be
> eth1:FWB1
>
> The initial condition can be handled by not assigning addresses to the
> NICs upon bootup, but fails when the firewall is upgraded as the NICs
> now are active and have addresses.
>
> Thanks again,
>
> Steve
>
>
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's  
> challenge
> Build the coolest Linux based applications with Moblin SDK & win  
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in  
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Fwbuilder-discussion mailing list
> Fwbuilder-discussion@...
> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
>

>
> I tested on CentOS 5.1 here and it works for me.
>
> could you run the firewall script with debug turned on ? You can
> either run it from shell prompt like this
>
> sh -x script.sh
>
> or turn debugging on in the firewall settings dialog, tab "Script
> options".
>
> this will generate a lot of output and I do not need all of it, the
> output related to the add_addr function should be closer to the
> beginning. If you can identify that part, clip it and send it to me.
> Otherwise just send the whole thing to me, but gzip it to make
> attachment reasonable.
>
> Thanks!
> --vk
>
>
> On Aug 15, 2008, at 6:30 AM, Steve Campbell wrote:
>
>> Mr. Kurland,
>>
>> I have discovered more about the problem.
>>
>> A colleague discovered that if the NIC is disabled, addresses could be
>> added. After trying to recreate the problem, I find that not only does
>> the NIC need to be disabled, but also, no address can be assigned to the
>> NIC. At that point, IPs can be added with the add_addr function. Until
>> the addresses are cleared, though, no addresses can be added or changed.
>>
>> The latter condition (no addresses and inactive) seems to be the key.
>> Another problem has emerged - when other NICs are to get IPs assigned to
>> them, the script is not seeing them as another NIC, hence the "va_num"
>> variable is not getting reset. An example follows:
>>
>> First address is added to Nic 1  x.y.z.1 as eth0:FWB1
>> Second address is added to Nic 1 x.y.z.2 as eth0:FWB2
>> Third address is added to Nic 2 as z.y.x.1 as eth1:FWB3 <- should be
>> eth1:FWB1
>>
>> The initial condition can be handled by not assigning addresses to the
>> NICs upon bootup, but fails when the firewall is upgraded as the NICs
>> now are active and have addresses.
>>
>> Thanks again,
>>
>> Steve
>>

>>
>>
>>
>> -------------------------------------------------------------------------
>>
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win
>> great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Fwbuilder-discussion mailing list
>> Fwbuilder-discussion@...
>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
>>
>
>

> Vadim Kurland ✎ wrote:
>  
>> I tested on CentOS 5.1 here and it works for me.
>>
>> could you run the firewall script with debug turned on ? You can
>> either run it from shell prompt like this
>>
>> sh -x script.sh
>>
>> or turn debugging on in the firewall settings dialog, tab "Script
>> options".
>>
>> this will generate a lot of output and I do not need all of it, the
>> output related to the add_addr function should be closer to the
>> beginning. If you can identify that part, clip it and send it to me.
>> Otherwise just send the whole thing to me, but gzip it to make
>> attachment reasonable.
>>
>> Thanks!
>> --vk
>>
>>
>> On Aug 15, 2008, at 6:30 AM, Steve Campbell wrote:
>>
>>    
>>> Mr. Kurland,
>>>
>>> I have discovered more about the problem.
>>>
>>> A colleague discovered that if the NIC is disabled, addresses could be
>>> added. After trying to recreate the problem, I find that not only does
>>> the NIC need to be disabled, but also, no address can be assigned to the
>>> NIC. At that point, IPs can be added with the add_addr function. Until
>>> the addresses are cleared, though, no addresses can be added or changed.
>>>
>>> The latter condition (no addresses and inactive) seems to be the key.
>>> Another problem has emerged - when other NICs are to get IPs assigned to
>>> them, the script is not seeing them as another NIC, hence the "va_num"
>>> variable is not getting reset. An example follows:
>>>
>>> First address is added to Nic 1  x.y.z.1 as eth0:FWB1
>>> Second address is added to Nic 1 x.y.z.2 as eth0:FWB2
>>> Third address is added to Nic 2 as z.y.x.1 as eth1:FWB3 <- should be
>>> eth1:FWB1
>>>
>>> The initial condition can be handled by not assigning addresses to the
>>> NICs upon bootup, but fails when the firewall is upgraded as the NICs
>>> now are active and have addresses.
>>>
>>> Thanks again,
>>>
>>> Steve
>>>
>>>      
>
> Just for the fun of it, I installed CentOS 3.7. It's not acting very
> nicely either, so you're right in thinking it's not the OS. Maybe hardware.
>
> I'm playing around with a different NIC right now, and as soon as I get
> somethng to ping it with, I'll let you know the results. It's not
> connected at the moment to any network.
>
> Steve
>  
>>>
>>> -------------------------------------------------------------------------
>>>
>>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>>> challenge
>>> Build the coolest Linux based applications with Moblin SDK & win
>>> great prizes
>>> Grand prize is a trip for two to an Open Source event anywhere in the
>>> world
>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>> _______________________________________________
>>> Fwbuilder-discussion mailing list
>>> Fwbuilder-discussion@...
>>> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
>>>
>>>