Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-25-2006, 04:43 AM
|
#1
|
Member
Registered: Sep 2005
Posts: 45
Rep:
|
invalid zone name error in shorewall even in sample file
hello guyz i have installed squid working well now installed shorewall and webmin also
when i run the (chek firewall) then it alwayz given error to me that invalid zone type although i followed the rule ... even this i put the sample shorewall 1 interface file ... for that its again giving error
....
few questions ... how to correct it ... "invalid zone error'
2nd is this (is this compulsary to run shorewall for 2 nic) if i have one can i use only one ...
thanks alot for replying but the major issue is the "invalid zone error" although i have now put sample file
plz help thnx
|
|
|
03-25-2006, 06:04 AM
|
#2
|
Senior Member
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020
Rep:
|
hi,
post the zone file.
Quote:
2nd is this (is this compulsary to run shorewall for 2 nic) if i have one can i use only one ...
|
For what purpose are you using two NIC's ??
regards
|
|
|
03-25-2006, 03:27 PM
|
#3
|
Member
Registered: Sep 2005
Posts: 45
Original Poster
Rep:
|
well ... i post the zone file here ...
2 nic i want to do this
... will get connection at interface 1 mean eth0 and will provide the net to the clients at interface 2(2nd nic) eth1
....
will post zone file soon ...
|
|
|
03-27-2006, 03:46 AM
|
#4
|
Member
Registered: Sep 2005
Posts: 45
Original Poster
Rep:
|
# This file determines your network zones. Columns are:
#
# ZONE Short name of the zone (5 Characters or less in length).
# The names "all" and "none" are reserved and may not be
# used as zone names.
# DISPLAY Display name of the zone
# COMMENTS Comments about the zone
#
# THE ORDER OF THE ENTRIES IN THIS FILE IS IMPORTANT IF YOU HAVE NESTED OR
# OVERLAPPING ZONES DEFINED THROUGH /etc/shorewall/hosts.
#
# See http://www.shorewall.net/Documentation.html#Nested
#
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local Networks
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
==============================================
Checking configuration ..
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Not available
IP range Match: Not available
Recent Match: Not available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Not available
CLASSIFY Target: Not available
Verifying Configuration...
Determining Zones...
ERROR: Invalid Zone Type: Net
.. an error was found in your firewall configuration!
|
|
|
03-27-2006, 04:02 AM
|
#5
|
LQ Guru
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522
Rep:
|
What zones have u defined in your interfaces file for shorewall???
regards
|
|
|
04-17-2006, 05:20 AM
|
#6
|
Member
Registered: Nov 2005
Distribution: CentOS
Posts: 154
Rep:
|
in your /etc/shorewall/zones file you need to change the second column for your net zone to ipv4 as the zone type.
zone name is net, zone type is ipv4
then type
service shorewall restart
at the command prompt
|
|
|
08-07-2007, 05:16 PM
|
#7
|
LQ Newbie
Registered: Aug 2007
Posts: 2
Rep:
|
One answer to an old question that is still happening
I got the invalid zone type error in shorewall. After much searching and testing, the problem was corrected by changing the entry in shorewall.conf showing IPSECFILE="zone" to IPSECFILE="".
Apparently in the process of upgrade to Ubuntu 7.04 a question asked produced this entry. Yet the webmin scripts assume the blank entry. and a different format for the zone file because of this entry. In other words the test scripts looked at the zone file format as if it had ipsec entries in it when the file did not have those entries or the format that would expect them.
Anyway that change solved the error for me -- after much testing.
|
|
|
08-08-2007, 03:23 PM
|
#8
|
Member
Registered: Jul 2007
Distribution: Ubuntu
Posts: 99
Rep:
|
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local Networks
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
Here you should only have two options when defining a zone. The name of the zone, for instance net as you have it. Then under TYPE which will be replacing DISPLAY as vbsaltydog suggested, it should just be ipv4. Try changing that, it should fix your error.
|
|
|
08-09-2007, 12:44 AM
|
#9
|
LQ Newbie
Registered: Aug 2007
Posts: 2
Rep:
|
My zone file
is just like mohsin-mm's posted above. It doesn't have a type column. It has a different format - apparently because of the IPSECFILE option setting. I had to change that setting in the shorewall.conf file and the type error went away and the firewall configuration checks out now.
Your solution would work too I am sure - but it is changing the format of the file. I am using webmin to configure - actually going back and forth between an editor and webmin. Webmin expects and presents the file in the format that appears with no type column.
Anyway - everything is working well now.
Thanks for your reply. I hope mohsin-mm got his problem solved from over a year ago. At least other folks following this thread will have some more information.
bkenn
|
|
|
All times are GMT -5. The time now is 12:56 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|