Re: Re: Long delay when shorewall/shorewall6 starts/stops

[Nate Bargmann <n0nb@n0nb.us>]

* On 2012 21 Aug 18:46 -0500, peasthope@shaw.ca wrote:
> From:	Nate Bargmann <n0nb@n0nb.us>
> Date:	Tue, 21 Aug 2012 16:22:15 -0500
> > Each machine is defined for its own fw zone.  I do not have a DMZ.  The
> > machines do sit behind a OpenWRT router with its firewall enabled.
> 
> Once everything is working, does "shorewall restart" give 
> the delay?

No, it does not.  I see in the /var/log/shorewall-init.log file that on each
machine a 1 minute delay occurs:

Aug 19 18:07:03 Creating iptables-restore input...
Aug 19 18:07:03 Shorewall configuration compiled to /var/lib/shorewall/.start
Aug 19 18:08:03 Starting Shorewall....
Aug 19 18:08:03 Initializing...
Aug 19 18:08:03 Processing /etc/shorewall/init ...
Aug 19 18:08:03 Processing /etc/shorewall/tcclear ...


But running manually there is no such delay:

Aug 21 17:29:07 Creating iptables-restore input...
Aug 21 17:29:07 Shorewall configuration compiled to /var/lib/shorewall/.start
Aug 21 17:29:07 Starting Shorewall....
Aug 21 17:29:07 Initializing...
Aug 21 17:29:07 Processing /etc/shorewall/init ...
Aug 21 17:29:07 Processing /etc/shorewall/tcclear ...


> The router issues an address to each machine by DHCP?

Yes, but I see this on the laptop no matter where I am, my network or
not, as I recall.

> One test is to temporarily connect the desktop machine directly 
> to the cable modem without the router.  Another test is 
> to set a static address for the desktop machine.  
> 
> Try various configurations until a clue surfaces.

Thanks for the ideas.  I'll also try Bob's suggestion as well.

- Nate >>

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Ham radio, Linux, bikes, and more: http://www.n0nb.us