NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] "bad file number" after installing sp4



Firewall-1 has several loading stages. After the kernel module is loaded, at run level 2, the S00fwbootd script is executed which among other things pushes the firewall over

the interfaces that it recognized as firewall-able based on the /etc/fw.boot/ifdev list. At run level 2 init also executes two relatively simple scripts, S69-cppreinet and S69zcppostinet,

that make sure S69inet does not turn on IP forwarding.

At run level 3 the S95firewall1 executes, which simply runs $FWDIR/bin/fwstart. You might want to look at some of the customization you have done and make sure your firewall

loads appropriately at the various stages.

 

If you are using StoneBeat you might want to look at the StoneBeat startup scripts and make sure if brings up your interfaces correctly.

 

Also, there is a Release notes doc that explains what the service pack does. Please read it carefully to get acquainted with the information in it.

If you are really curious about what exactly it does you can go through the pre- and post- install scripts and the pkgmap(s). It shouldn’t take you more than a few minutes.

 

George

 

-----Original Message-----
From: Johan Henell (TIM) [mailto:[email protected]]
Sent: Monday, July 16, 2001 1:40 PM
To: '[email protected]'
Subject: RE: [FW1] "bad file number" after installing sp4

 

I've solved  (ok.. worked around...) this and as the support for checkpoint is that crap I'd like to share the info with interested people.

 

No, the etc/fwboot/ifdev file was 100% ok.

 

I used one of these hardening scripts, in my case yassp, before installing fw-1. After this I there's no trouble with the original installation of fw-1, but SP4 fails. It gives no error message or any kind of helpful information. FW-1 simply do not start. I did not take sufficient time to investigate exactly how but it's at least in the pre- and/or postpatch script.

 

For example I found out that the correct startup file were not copied to /etc/rc2.d and the installation did not process all of the postpatch script - it left some temporary files in /etc/init.d.

 

Solution: Don't use any hardening scripts on fw-1 boxes, do it by hand.

 

Alternative solution: Install another firewall-product. One that comes with install and support documentation/help for service packs.

 

 

BR /J

 

 

 

-----Original Message-----
From: Ron Atkinson [mailto:[email protected]]
Sent: Wednesday, July 11, 2001 2:45 PM
To: Johan Henell (TIM)
Subject: Re: [FW1] "bad file number" after installing sp4

You said that you verified the /etc/fw.boot/ifdev file, but does it really contain everything that was in it before the service pack install? Any additions that were done after installing the firewall software, such as new interfaces for StoneBeat FullCluster or other products, tend to get wiped out when patches are installed. A default FireWall-1 file is put in place.

I'm the one that actual sent the /etc/fw.boot/ifdev file info to the phoneboy site, but for some reason he didn't seem to include the reason to check for this file and what to actually look for.

good luck to ya

Ron
 
 

"Johan Henell (TIM)" wrote:

 

After applying SP4 (I redid it after failing because of too large directory name - if that have anything to do with it) fw1 (v4.1 on solaris sparc 2.7) fails to install the security policy. The message is:

....
...
Compiled OK

....
Downloading on localhost succeded.

Installing security policy on
Has only loopback (lo) interface, aborting.
Failed to load security policy. Bad file number.
Installing security policy on localhost failed.

* I tried uninstalling the service pack, but no change.
* When doing "fw ctl iflist" it only lists the loopback interface.
* The license seems to be ok.
* I tried the things in one FAQ I found on www.phoneboy.com: "fw ctl uninstall/install", dumb terminal file, verifiying /etc/init.d/firewall1 exists and verified /etc/fw.boot/ifdev. Well.. everything except "cpconfig -install".

What to do except reinstalling (if I lose the policy it doesn't matter, I can always redo it)
Any help would be appreciated.

BR /J



_____________________________________________________________________

IMPORTANT NOTICES:

This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful.


Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail.


BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system.





 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.