[Voyage-linux] Shorewall Read Only /var/lib/shorewall/ problem
Chris Morley
(spam-protected)
Wed Mar 12 21:53:06 HKT 2008
Hi Wayne,
Thanks for the fast reply.
I did try that already, i created the symbolic link following the readme. I tried the following:
#remountrw #mv /var/lib/shorewal /ro/var/lib/shorewall #ln -s /rw//var/lib/shorewall /var/lib/shorewall#remountro
The problem is whenever i went #shorewall start, it would say files already exist. Would appreciate any guideance on the above, im sure i am making a mistake as i dont understand the above. I presume anything in /ro gets copied to the root file system, and anything in /rw/ allows the directory to be written to in the root file system? Again not so sure so would appreciate a little explanation if anyone has time. In fact i am interested in the whole rw/ro setup so links for my reading on how it all works would be appreciated.Regarding the speed issue I have also tried arnos iptables script, that apt-get installed fine and no issues with RO directories. Would that be as secure? I chose Shorewall over Arnos script as it seemed to have more features but it is quite a lot more involved. I do plan to use OpenVPN also to link sites so Shorewall would be better imho. I am running on 1GHz boxes, i would hope Shorewall wouldnt slow it down that much on a reasonably powerful dedicated box?Many thanks for the help its very much appreciated, been pulling my hair out all day!
Regards,
Chris
Subject: RE: [Voyage-linux] Shorewall Read Only /var/lib/shorewall/ problemDate: Wed, 12 Mar 2008 13:03:08 +0000From: wayne.lee at link-connect.comTo: voyage-linux at voyage.hkCC:
Chris
I also noticed when using shorewall it did slow down the throughput of the data.
I can get double the amount without shorewall, the test was done on a old version of shorewall and voyage and I have not retested recently.
From: voyage-linux-bounces+wayne.lee=link-connect.com at list.voyage.hk [mailto:voyage-linux-bounces+wayne.lee=link-connect.com at list.voyage.hk] On Behalf Of Chris MorleySent: 12 March 2008 12:50To: voyage-linux at voyage.hkSubject: [Voyage-linux] Shorewall Read Only /var/lib/shorewall/ problem
Hi, I am trying to get shorewall running and whilst it installs from apt-get fine, i am having issues with the Read only file system. Shorewall seems to write the compiled scripts into /var/lib/shorewall. When i run remountrw there is no problem, however with remountro hitting 'shorewall start' in the shell gives a whole raft of errors:Compiling.../usr/share/shorewall/functions: line 1704: /var/lib/shorewall/.modulesdir: Read-only file systemcp: cannot remove `/var/lib/shorewall/.modules': Read-only file system[..snip..]/var/lib/shorewall/.start: line 1046: /var/lib/shorewall/chains: Read-only file system/var/lib/shorewall/.start: line 1048: /var/lib/shorewall/nat: Read-only file system/var/lib/shorewall/.start: line 1050: /var/lib/shorewall/proxyarp: Read-only file system/var/lib/shorewall/.start: line 1052: /var/lib/shorewall/zones: Read-only file system/var/lib/shorewall/.start: line 1065: /var/lib/shorewall/restarted: Read-only file systemProcessing /etc/shorewall/start .../usr/share/shorewall/functions: line 2368: /var/lib/shorewall/state: Read-only file systemProcessing /etc/shorewall/started ...cp: cannot remove `/var/lib/shorewall/.restore': Read-only file systemdone. Is there any way that this /var/lib/shorewall/ directory can be made rw? Or perhaps even plain old ramdisk is ok, but consist of a default set of files upon boot? Would appreciate insights if the two options above are possible. The other option is for me to change the init.d/shorewall scripts to remountrw and remountro around the start and stop parts, but i would prefer the solution above and it would also help me learn about voyage linux which rocks :) Many thanks in advance, Chris
Everything in one place. All new Windows Live!
_________________________________________________________________
Telly addicts unite!
http://www.searchgamesbox.com/tvtown.shtml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.voyage.hk/pipermail/voyage-linux/attachments/20080312/10db3f47/attachment.html>
More information about the Voyage-linux
mailing list