| 1 |
hallo erstmal, |
| 2 |
nachdem ich meine workstation von suse auf gentoo umgestellt hab und super |
| 3 |
zufrieden bin, ist jetzt der server dran. klappt auch alles super. nur die |
| 4 |
firewall kann ich nicht zum laufen bringen. die firewall soll n paar dienste |
| 5 |
nach aussen frei geben und das lan ins internet maskieren. nachdem ich 2 tage |
| 6 |
lang gegoogelt und auf www.shorewall.net verbracht hab sieht es so aus, als |
| 7 |
ob etwas im kernel fehlt. ich hab aber schon alles einkompilliert und als |
| 8 |
modul gebaut, was irgentwie mit netzwerk zu tun hat und auch schon |
| 9 |
die .config datei nach dem beispiel auf www.shorewall.net verändert. immer |
| 10 |
die gleiche fehlermeldung. vielleicht hat ja jemand von euch ne idee - ich |
| 11 |
weiß nicht mehr weiter. |
| 12 |
|
| 13 |
so, butter bei die fische: |
| 14 |
|
| 15 |
versionen: |
| 16 |
kernel: |
| 17 |
2.6.8-gentoo-r1 |
| 18 |
|
| 19 |
iptables: |
| 20 |
v1.2.11 |
| 21 |
|
| 22 |
shorewall: |
| 23 |
2.0.4 |
| 24 |
|
| 25 |
startmeldung: |
| 26 |
Loading /usr/share/shorewall/functions... |
| 27 |
Processing /etc/shorewall/params ... |
| 28 |
Processing /etc/shorewall/shorewall.conf... |
| 29 |
Loading Modules... |
| 30 |
Starting Shorewall... |
| 31 |
Initializing... |
| 32 |
Shorewall has detected the following iptables/netfilter capabilities: |
| 33 |
NAT: Not available |
| 34 |
Packet Mangling: Not available |
| 35 |
Multi-port Match: Available |
| 36 |
Connection Tracking Match: Not available |
| 37 |
Determining Zones... |
| 38 |
Zones: net loc |
| 39 |
Validating interfaces file... |
| 40 |
Validating hosts file... |
| 41 |
Validating Policy file... |
| 42 |
Determining Hosts in Zones... |
| 43 |
Net Zone: ppp0:0.0.0.0/0 |
| 44 |
Local Zone: eth1:0.0.0.0/0 |
| 45 |
Processing /etc/shorewall/init ... |
| 46 |
Deleting user chains... |
| 47 |
iptables: No chain/target/match by that name |
| 48 |
Processing /etc/shorewall/stop ... |
| 49 |
iptables: No chain/target/match by that name |
| 50 |
iptables: No chain/target/match by that name |
| 51 |
IP Forwarding Enabled |
| 52 |
Processing /etc/shorewall/stopped ... |
| 53 |
Terminated |
| 54 |
|
| 55 |
meine interfaces: |
| 56 |
net ppp0 - routefilter,norfc1918,tcpflags |
| 57 |
loc eth1 detect tcpflags |
| 58 |
|
| 59 |
policy: |
| 60 |
loc net ACCEPT |
| 61 |
loc fw ACCEPT |
| 62 |
fw net ACCEPT |
| 63 |
net all DROP info |
| 64 |
all all REJECT info |
| 65 |
|
| 66 |
rules: |
| 67 |
ACCEPT net fw tcp 80 |
| 68 |
ACCEPT net fw udp 80 |
| 69 |
ACCEPT net fw tcp 20 |
| 70 |
ACCEPT net fw tcp 21 |
| 71 |
ACCEPT net fw tcp 22 |
| 72 |
ACCEPT net fw udp 22 |
| 73 |
|
| 74 |
zones: |
| 75 |
net Net Internet |
| 76 |
loc Local Local Networks |
| 77 |
|
| 78 |
.config-auszug (kommt so von www.shorewall.net): |
| 79 |
# |
| 80 |
# Networking options |
| 81 |
# |
| 82 |
CONFIG_PACKET=y |
| 83 |
# CONFIG_PACKET_MMAP is not set |
| 84 |
# CONFIG_NETLINK_DEV is not set |
| 85 |
CONFIG_NETFILTER=y |
| 86 |
# CONFIG_NETFILTER_DEBUG is not set |
| 87 |
CONFIG_FILTER=y |
| 88 |
CONFIG_UNIX=y |
| 89 |
CONFIG_INET=y |
| 90 |
CONFIG_IP_MULTICAST=y |
| 91 |
CONFIG_IP_ADVANCED_ROUTER=y |
| 92 |
CONFIG_IP_MULTIPLE_TABLES=y |
| 93 |
CONFIG_IP_ROUTE_FWMARK=y |
| 94 |
CONFIG_IP_ROUTE_NAT=y |
| 95 |
CONFIG_IP_ROUTE_MULTIPATH=y |
| 96 |
CONFIG_IP_ROUTE_TOS=y |
| 97 |
CONFIG_IP_ROUTE_VERBOSE=y |
| 98 |
# CONFIG_IP_ROUTE_LARGE_TABLES is not set |
| 99 |
# CONFIG_IP_PNP is not set |
| 100 |
CONFIG_NET_IPIP=y |
| 101 |
CONFIG_NET_IPGRE=y |
| 102 |
# CONFIG_NET_IPGRE_BROADCAST is not set |
| 103 |
# CONFIG_IP_MROUTE is not set |
| 104 |
# CONFIG_ARPD is not set |
| 105 |
CONFIG_INET_ECN=y |
| 106 |
CONFIG_SYN_COOKIES=y |
| 107 |
|
| 108 |
# |
| 109 |
# IP: Netfilter Configuration |
| 110 |
# |
| 111 |
CONFIG_IP_NF_CONNTRACK=m |
| 112 |
CONFIG_IP_NF_FTP=m |
| 113 |
CONFIG_IP_NF_AMANDA=m |
| 114 |
CONFIG_IP_NF_TFTP=m |
| 115 |
# CONFIG_IP_NF_IRC is not set |
| 116 |
# CONFIG_IP_NF_QUEUE is not set |
| 117 |
CONFIG_IP_NF_IPTABLES=m |
| 118 |
CONFIG_IP_NF_MATCH_LIMIT=m |
| 119 |
CONFIG_IP_NF_MATCH_MAC=m |
| 120 |
CONFIG_IP_NF_MATCH_PKTTYPE=m |
| 121 |
CONFIG_IP_NF_MATCH_MARK=m |
| 122 |
CONFIG_IP_NF_MATCH_MULTIPORT=m |
| 123 |
CONFIG_IP_NF_MATCH_TOS=m |
| 124 |
CONFIG_IP_NF_MATCH_ECN=m |
| 125 |
CONFIG_IP_NF_MATCH_DSCP=m |
| 126 |
CONFIG_IP_NF_MATCH_AH_ESP=m |
| 127 |
CONFIG_IP_NF_MATCH_LENGTH=m |
| 128 |
# CONFIG_IP_NF_MATCH_TTL is not set |
| 129 |
CONFIG_IP_NF_MATCH_TCPMSS=m |
| 130 |
CONFIG_IP_NF_MATCH_HELPER=m |
| 131 |
CONFIG_IP_NF_MATCH_STATE=m |
| 132 |
CONFIG_IP_NF_MATCH_CONNTRACK=m |
| 133 |
CONFIG_IP_NF_MATCH_UNCLEAN=m |
| 134 |
# CONFIG_IP_NF_MATCH_OWNER is not set |
| 135 |
CONFIG_IP_NF_FILTER=m |
| 136 |
CONFIG_IP_NF_TARGET_REJECT=m |
| 137 |
# CONFIG_IP_NF_TARGET_MIRROR is not set |
| 138 |
CONFIG_IP_NF_NAT=m |
| 139 |
CONFIG_IP_NF_NAT_NEEDED=y |
| 140 |
CONFIG_IP_NF_TARGET_MASQUERADE=m |
| 141 |
CONFIG_IP_NF_TARGET_REDIRECT=m |
| 142 |
CONFIG_IP_NF_NAT_AMANDA=m |
| 143 |
CONFIG_IP_NF_NAT_LOCAL=y |
| 144 |
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set |
| 145 |
CONFIG_IP_NF_NAT_FTP=m |
| 146 |
CONFIG_IP_NF_NAT_TFTP=m |
| 147 |
CONFIG_IP_NF_MANGLE=m |
| 148 |
CONFIG_IP_NF_TARGET_TOS=m |
| 149 |
CONFIG_IP_NF_TARGET_ECN=m |
| 150 |
CONFIG_IP_NF_TARGET_DSCP=m |
| 151 |
CONFIG_IP_NF_TARGET_MARK=m |
| 152 |
CONFIG_IP_NF_TARGET_LOG=m |
| 153 |
CONFIG_IP_NF_TARGET_ULOG=m |
| 154 |
CONFIG_IP_NF_TARGET_TCPMSS=m |
| 155 |
CONFIG_IP_NF_ARPTABLES=m |
| 156 |
CONFIG_IP_NF_ARPFILTER=m |
| 157 |
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set |
| 158 |
# CONFIG_IP_NF_COMPAT_IPFWADM is not set |
| 159 |
|
| 160 |
vielen dank schon mal, |
| 161 |
|
| 162 |
svenna |
| 163 |
|
| 164 |
|
| 165 |
-- |
| 166 |
gentoo-user-de@g.o mailing list |
Archives