vuurmuur fail to start on Debian 12 #44

carlosmaug · 2023-06-26T09:41:49Z

After upgrading to Debian 12 vuurmuur stop working.

uname -a
Linux 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64 GNU/Linux

/etc/init.d/vuurmuur start
Starting firewall: Vuurmuur:
        Loading modules:        ip_tables iptable_filter iptable_mangle iptable_nat modprobe: FATAL: Module nf_conntrack_ipv4 not found in directory /lib/modules/6.1.0-9-amd64
nf_conntrack_ipv4 nf_conntrack_ftp nf_nat nf_nat_ftp 
        Loading Vuurmuur:       Error: checking for iptables-capabilities failed. Please see error.log.
FAILED, please check /var/log/vuurmuur/error.log.
        Loading Vuurmuur_log:   ok.
Starting firewall: Vuurmuur: done

cat /var/log/vuurmuur/error.log
06/26/2023 11:29:27 : PID 13615 : vuurmuur      : Error (-1): no iptables-support in the kernel: filter table missing (in: iptcap.c:624:vrmr_check_iptcaps)

cat /var/log/vuurmuur/debug.log
06/26/2023 11:31:33 : PID 14175 : vuurmuur      : [iptcap.c:287:iptcap_test_filter_rpfilter_match]: iptcap_delete_test_filter_chain failed, but error will be ignored
06/26/2023 11:31:33 : PID 14188 : vuurmuur_log  : [vuurmuur_log.c:306:main]: Setting up nflog
06/26/2023 11:31:33 : PID 14189 : vuurmuur_log  : [vuurmuur_ipc.c:66:ipc_setup]: Creating shared memory successfull: shm_id: 20.

cat /var/log/vuurmuur/vuurmuur.log
06/26/2023 11:34:11 : PID 14385 : vuurmuur      : Error (-1): no iptables-support in the kernel: filter table missing (in: iptcap.c:624:vrmr_check_iptcaps)
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: subscribed to nflog group 8
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Warning: can't set mnl socket timeout: Protocol not available (in: conntrack.c:274:conntrack_subscribe)
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading services...
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading services succesfull.
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading interfaces...
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading interfaces succesfull.
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading zones...
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Loading zones succesfull.
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Creating hash-table for the zones...
06/26/2023 11:34:11 : PID 14398 : vuurmuur_log  : Info: Creating hash-table for the services...
06/26/2023 11:34:11 : PID 14399 : vuurmuur_log  : Info: Attaching to shared memory successfull.
06/26/2023 11:34:11 : PID 14399 : vuurmuur_log  : Info: Creating a semaphore success: 21
06/26/2023 11:34:11 : PID 14399 : vuurmuur_log  : Info: Initializing the semaphore successfull.

iptables-save 
# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jun 26 12:03:01 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PRE-VRMR-FORWARD - [0:0]
-A PRE-VRMR-FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Jun 26 12:03:01 2023
# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jun 26 12:03:01 2023
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Mon Jun 26 12:03:01 2023
# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jun 26 12:03:01 2023
*filter
:INPUT ACCEPT [227:18726]
:FORWARD ACCEPT [286:37207]
:OUTPUT ACCEPT [91:8163]
:f2b-postfix-sasl - [0:0]
COMMIT
# Completed on Mon Jun 26 12:03:01 2023
# Generated by iptables-save v1.8.9 (nf_tables) on Mon Jun 26 12:03:01 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Jun 26 12:03:01 2023
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them

┌─────────────────────────────── Status ───────────────────────────────┐
│ One or more problems were detected in your current setup. Below is   │
│ a list.                                                              │
│                                                                      │
│ - No interfaces have shaping enabled. Please make sure that at       │
│ least one of the interfaces has shaping enabled (warn).              │
│                                                                      │
│ - No connection could be established with Vuurmuur. Please make      │
│ sure that it is running (fail).

The text was updated successfully, but these errors were encountered:

inliniac · 2023-08-13T05:25:30Z

Hi, sorry for the late response. I didn't get a notification for this, I'm checking why.

I think this would possibly be fixed by 29835fa, are you able to check the git master?

inliniac · 2023-08-14T09:05:59Z

You could also try passing the -k option to vuurmuur, which will skip the capabilities checks.

carlosmaug · 2023-08-14T09:35:14Z

Hi The -k option did not work. I'm compiling the marter branch to test if it works Tnx for your help I will keep you imformed

…

________________________________ De: Victor Julien ***@***.***> Enviado: domingo, 13 de agosto de 2023 7:25 Para: inliniac/vuurmuur ***@***.***> Cc: Carlos Marin Ugalde ***@***.***>; Author ***@***.***> Asunto: Re: [inliniac/vuurmuur] vuurmuur fail to start on Debian 12 (Issue #44) Hi, sorry for the late response. I didn't get a notification for this, I'm checking why. I think this would possibly be fixed by 29835fa<29835fa>, are you able to check the git master? — Reply to this email directly, view it on GitHub<#44 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AC6OLP65HCEA6RN6CWMMMDDXVBQNJANCNFSM6AAAAAAZT4WPBY>. You are receiving this because you authored the thread.Message ID: ***@***.***>

inliniac · 2023-08-15T08:48:39Z

Ah I actually meant -t or --no-check, sorry.

carlosmaug · 2023-08-16T07:11:00Z

Hi With -t option seems to work fine Best regards

…

________________________________ De: Victor Julien ***@***.***> Enviado: martes, 15 de agosto de 2023 10:48 Para: inliniac/vuurmuur ***@***.***> Cc: Carlos Marin Ugalde ***@***.***>; Author ***@***.***> Asunto: Re: [inliniac/vuurmuur] vuurmuur fail to start on Debian 12 (Issue #44) Ah I actually meant -t or --no-check, sorry. — Reply to this email directly, view it on GitHub<#44 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AC6OLP525TJ22XTSHJ64S63XVMZXFANCNFSM6AAAAAAZT4WPBY>. You are receiving this because you authored the thread.Message ID: ***@***.***>

carlosmaug changed the title ~~vuurmuur nor working on Debian 12~~ vuurmuur fail to start on Debian 12 Jun 26, 2023

inliniac added the bug label Aug 13, 2023

inliniac added this to the 0.8.2 milestone Sep 4, 2023

inliniac self-assigned this Sep 4, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

vuurmuur fail to start on Debian 12 #44

vuurmuur fail to start on Debian 12 #44

carlosmaug commented Jun 26, 2023 •

edited

Loading

inliniac commented Aug 13, 2023

inliniac commented Aug 14, 2023

carlosmaug commented Aug 14, 2023 via email

inliniac commented Aug 15, 2023

carlosmaug commented Aug 16, 2023 via email

vuurmuur fail to start on Debian 12 #44

vuurmuur fail to start on Debian 12 #44

Comments

carlosmaug commented Jun 26, 2023 • edited Loading

inliniac commented Aug 13, 2023

inliniac commented Aug 14, 2023

carlosmaug commented Aug 14, 2023 via email

inliniac commented Aug 15, 2023

carlosmaug commented Aug 16, 2023 via email

carlosmaug commented Jun 26, 2023 •

edited

Loading