Modify

Opened 7 years ago

Closed 4 years ago

Last modified 4 years ago

#8738 closed defect (wontfix)

Firewall not loaded on boot r25094

Reported by: JavaWithMarcus <marcus@…> Owned by: developers
Priority: low Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: Cc:

Description

Hi,

Running r25094 on TP-Link 1043ND. It don't know if something have to do with it but i'm running with block-extroot, 6in4 (HE.net), openvpn.

After reboot system logs complains about devices not found and firewall is not loaded.

After firewall restart everything is working correctly again. I've searched and found these kind of errors some time and it's always about timing on the network interfaces.

A /etc/init.d/firwall start doesn't work as it complains that firewall is already loaded. A restart works..

I've solved it by doing a firewall restart in rc.local

Thank you.

Attachments (1)

syslog.txt (15.8 KB) - added by JavaWithMarcus <marcus@…> 7 years ago.
System log

Download all attachments as: .zip

Change History (10)

comment:1 Changed 7 years ago by JavaWithMarcus <marcus@…>

Here is the firewall part of the system log after a reboot. I see now for the first time that it also says Firwall already loaded. Maybe the init.d and the hotplug are interfering each other

Jan 27 10:10:12 Router user.debug kernel: eth0.2: no IPv6 routers present
Jan 27 10:10:12 Router user.debug kernel: br-lan: no IPv6 routers present
Jan 27 10:10:12 Router user.info firewall: adding wan (eth0.2) to zone wan
Jan 27 10:10:13 Router user.err kernel: ath: Failed to stop TX DMA in 100 msec after killing last frame
Jan 27 10:10:13 Router user.err kernel: ath: Failed to stop TX DMA in 100 msec after killing last frame
Jan 27 10:11:03 Router user.notice rdate: Synced with cudns.cit.cornell.edu
Jan 27 10:11:03 Router user.err kernel: ath: Failed to stop TX DMA in 100 msec after killing last frame
Jan 27 10:11:03 Router user.err kernel: ath: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x42000020
Jan 27 10:11:03 Router user.err kernel: ath: Could not stop RX, we could be confusing the DMA engine when we start RX up
Jan 27 10:11:03 Router user.err kernel: ath: DMA failed to stop in 10 ms AR_CR=0x00000024 AR_DIAG_SW=0x42000020
Jan 27 10:11:04 Router user.notice 6in4-update: Updated tunnel #89621 endpoint to 82.75.160.156
Jan 27 10:11:04 Router user.info kernel: device wlan0 left promiscuous mode
Jan 27 10:11:04 Router user.info kernel: br-lan: port 2(wlan0) entering disabled state
Jan 27 10:11:04 Router user.info kernel: device wlan0 entered promiscuous mode
Jan 27 10:11:04 Router user.info kernel: br-lan: port 2(wlan0) entering forwarding state
Jan 27 10:11:05 Router user.info kernel: 6in4-henet: Disabled Privacy Extensions
Jan 27 10:11:06 Router user.info sysinit: firewall already loaded
Jan 27 10:11:07 Router user.notice rdate: No usable time server for henet found
Jan 27 10:11:07 Router user.notice rdate: No usable time server for guest found
Jan 27 10:11:07 Router user.info firewall: adding henet (6in4-henet) to zone ipv6
Jan 27 10:11:07 Router user.info firewall: adding guest (wlan1) to zone guests
Jan 27 10:11:08 Router user.info dropbear[1644]: Running in background
Jan 27 10:11:08 Router user.info sysinit: iptables: No chain/target/match by that name.
Jan 27 10:11:08 Router user.info sysinit: ip6tables: No chain/target/match by that name.
Jan 27 10:11:08 Router user.info sysinit: iptables: No chain/target/match by that name.
Jan 27 10:11:08 Router user.info sysinit: ip6tables: No chain/target/match by that name.
Jan 27 10:11:08 Router user.info sysinit: iptables: No chain/target/match by that name.
Jan 27 10:11:08 Router user.info sysinit: ip6tables: No chain/target/match by that name.
Jan 27 10:11:08 Router user.info sysinit: iptables: No chain/target/match by that name.
Jan 27 10:11:08 Router user.info sysinit: ip6tables: No chain/target/match by that name.
Jan 27 10:11:08 Router user.info sysinit: iptables v1.4.10: Couldn't load target `reject':File not found
Jan 27 10:11:08 Router user.info sysinit: Try `iptables -h' or 'iptables --help' for more information.
Jan 27 10:11:08 Router user.info sysinit: ip6tables v1.4.10: Couldn't load target `reject':File not found
Jan 27 10:11:08 Router user.info sysinit: Try `ip6tables -h' or 'ip6tables --help' for more information.
Jan 27 10:11:08 Router user.info sysinit: iptables v1.4.10: Couldn't load target `reject':File not found
Jan 27 10:11:08 Router user.info sysinit: Try `iptables -h' or 'iptables --help' for more information.
Jan 27 10:11:08 Router user.info sysinit: ip6tables v1.4.10: Couldn't load target `reject':File not found
Jan 27 10:11:08 Router user.info sysinit: Try `ip6tables -h' or 'ip6tables --help' for more information.
Jan 27 10:11:08 Router user.info sysinit: iptables: No chain/target/match by that name.
Jan 27 10:11:09 Router user.info sysinit: ip6tables: No chain/target/match by that name.
Jan 27 10:11:09 Router user.info sysinit: iptables v1.4.10: Couldn't load target `zone_guests':File not found
Jan 27 10:11:09 Router user.info sysinit: Try `iptables -h' or 'iptables --help' for more information.
Jan 27 10:11:09 Router user.info sysinit: ip6tables v1.4.10: Couldn't load target `zone_guests':File not found
Jan 27 10:11:09 Router user.info sysinit: Try `ip6tables -h' or 'ip6tables --help' for more information.
Jan 27 10:11:09 Router user.info sysinit: iptables v1.4.10: Couldn't load target `zone_guests_forward':File not found
Jan 27 10:11:09 Router user.info sysinit: Try `iptables -h' or 'iptables --help' for more information.
Jan 27 10:11:09 Router user.info sysinit: ip6tables v1.4.10: Couldn't load target `zone_guests_forward':File not found
Jan 27 10:11:09 Router user.info sysinit: Try `ip6tables -h' or 'ip6tables --help' for more information.
Jan 27 10:11:09 Router user.info sysinit: iptables v1.4.10: Couldn't load target `zone_guests_prerouting':File not found
Jan 27 10:11:09 Router user.info sysinit: Try `iptables -h' or 'iptables --help' for more information.
Jan 27 10:11:09 Router user.info sysinit: iptables v1.4.10: Couldn't load target `zone_guests_notrack':File not found
Jan 27 10:11:09 Router user.info sysinit: Try `iptables -h' or 'iptables --help' for more information.
Jan 27 10:11:09 Router user.info sysinit: ip6tables v1.4.10: Couldn't load target `zone_guests_notrack':File not found
Jan 27 10:11:09 Router user.info sysinit: Try `ip6tables -h' or 'ip6tables --help' for more information.
Jan 27 10:11:09 Router user.info sysinit: iptables v1.4.10: Couldn't load target `zone_guests_nat':File not found
Jan 27 10:11:09 Router user.info sysinit: Try `iptables -h' or 'iptables --help' for more information.

Changed 7 years ago by JavaWithMarcus <marcus@…>

System log

comment:2 Changed 6 years ago by osasco@…

I have the same problem in 31249 (TPlink1043ND).

After a pivot overlay, I got the message "user.info sysinit: firewall already loaded" on boot.

My workaround: I've commented out these lines from /lib/firewall/core.sh:

# fw_is_loaded && {
# echo "firewall already loaded" >&2
# exit 1
# }

And now it's working fine. I don't know if it have something to do with removing /var symlink...

comment:3 Changed 6 years ago by nbd

  • Resolution set to worksforme
  • Status changed from new to closed

yes, removing the /var symlink is likely to cause such issues

comment:4 Changed 4 years ago by iamgrief@…

  • Resolution worksforme deleted
  • Status changed from closed to reopened

I have not removed the var symlink but created a real directory with that name on the external hdd drive and I have the same problem.

comment:5 Changed 4 years ago by jow

  • Resolution set to wontfix
  • Status changed from reopened to closed

Same issue, /var must not be persistent on OpenWrt. If you want it to be persistent you have to write a boot script that takes care of clearing it up.

comment:6 Changed 4 years ago by iamgrief@…

It is not completely correct that UCI stores files which in fact must be cleared every reboot in the /var/state directory as "State information should generally remain valid after a reboot" (see http://savs.hcc.edu.tw/~chuavv/fhs/fhs-5.11.html). But as this directory contains few files only related to UCI, I simply created symlink from /var/state to /tmp to solve the issue. This solution is elegant enough for me as it doesn't require additional scripting. It is better to avoid complication where it is possible, isn't it? I will not reopen the issue, but I still believe that UCI must explicitly use /tmp/state instead of /var/state

comment:7 Changed 4 years ago by iamgrief@…

Just want to add that it's of course OK to use default /var->/tmp mapping as, for example /var/log dir will increase its size constantly what is unacceptable for devices with small amount of memory available. But you should also understand that there are a lot of people who made an ex-root, so they might want logs and other var data not be cleared with every reboot. So even when /var and /tmp are actually the same directory, the right name anyway must be choosen everywhere.

comment:8 Changed 4 years ago by jow

You do not need to convince me, both latest AA branch and trunk use /var/run for firewall state but AA 12.09 will not get changed retroactively, so there's nothing left to argue about actually.

comment:9 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.