| 1 |
John Jolet wrote: |
| 2 |
|
| 3 |
> Jerry wrote: |
| 4 |
> |
| 5 |
>> I am setting up gentoo on another computer and cannot get shorewall |
| 6 |
>> to start properly. I had used another version of shorewall previously |
| 7 |
>> but cannot get 3.0.4 to work. I have read and tried to follow the |
| 8 |
>> instruction in /usr/share/doc/shorewall-3.0.4/Samples/one-interface |
| 9 |
>> but no success. I have dialup modem, one other computer connected |
| 10 |
>> via eth0. If root runs 'which ip' the response is '/sbin/ip'. |
| 11 |
>> |
| 12 |
>> /etc/shorewall/zones: |
| 13 |
>> #ZONE TYPE OPTIONS IN |
| 14 |
>> OUT OPTIONS |
| 15 |
>> OPTIONS |
| 16 |
>> net ipv4 - |
| 17 |
>> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE |
| 18 |
>> |
| 19 |
>> /etc/shorewall/interfaces: |
| 20 |
>> #ZONE INTERFACE BROADCAST OPTIONS |
| 21 |
>> net ppp0 - |
| 22 |
>> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE |
| 23 |
>> |
| 24 |
>> /etc/shorewall/policy: |
| 25 |
>> #SOURCE DEST POLICY LOG LEVEL |
| 26 |
>> LIMIT:BURST |
| 27 |
>> $FW net ACCEPT |
| 28 |
>> net all DROP info |
| 29 |
>> # The FOLLOWING POLICY MUST BE LAST |
| 30 |
>> all all REJECT info |
| 31 |
>> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE |
| 32 |
>> |
| 33 |
>> /etc/shorewall/rules: has all rules commented out to try to make the |
| 34 |
>> startup as simple as possible. |
| 35 |
>> |
| 36 |
>> When I run shorewall start: |
| 37 |
>> |
| 38 |
>> root@backup:/etc/shorewall # shorewall start |
| 39 |
>> Loading /usr/share/shorewall/functions... |
| 40 |
>> Processing /etc/shorewall/params ... |
| 41 |
>> Processing /etc/shorewall/shorewall.conf... |
| 42 |
>> Loading Modules... |
| 43 |
>> Starting Shorewall... |
| 44 |
>> Initializing... |
| 45 |
>> Shorewall has detected the following iptables/netfilter capabilities: |
| 46 |
>> NAT: Not available |
| 47 |
>> Packet Mangling: Available |
| 48 |
>> Multi-port Match: Not available |
| 49 |
>> Connection Tracking Match: Not available |
| 50 |
>> Packet Type Match: Not available |
| 51 |
>> Policy Match: Not available |
| 52 |
>> Physdev Match: Not available |
| 53 |
>> IP range Match: Not available |
| 54 |
>> Recent Match: Not available |
| 55 |
>> Owner Match: Not available |
| 56 |
>> Ipset Match: Not available |
| 57 |
>> CONNMARK Target: Not available |
| 58 |
>> Connmark Match: Not available |
| 59 |
>> Raw Table: Available |
| 60 |
>> CLASSIFY Target: Not available |
| 61 |
>> Determining Zones... |
| 62 |
>> IPv4 Zones: net |
| 63 |
>> Firewall Zone: fw |
| 64 |
>> Validating interfaces file... |
| 65 |
>> Validating hosts file... |
| 66 |
>> Validating Policy file... |
| 67 |
>> Determining Hosts in Zones... |
| 68 |
>> net Zone: ppp0:0.0.0.0/0 |
| 69 |
>> Processing /etc/shorewall/init ... |
| 70 |
>> Pre-processing Actions... |
| 71 |
>> Pre-processing /usr/share/shorewall/action.Drop... |
| 72 |
>> ..Expanding Macro /usr/share/shorewall/macro.Auth... |
| 73 |
>> ..End Macro |
| 74 |
>> ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... |
| 75 |
>> ..End Macro |
| 76 |
>> ..Expanding Macro /usr/share/shorewall/macro.SMB... |
| 77 |
>> ..End Macro |
| 78 |
>> ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... |
| 79 |
>> ..End Macro |
| 80 |
>> ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... |
| 81 |
>> ..End Macro |
| 82 |
>> Pre-processing /usr/share/shorewall/action.Reject... |
| 83 |
>> Pre-processing /usr/share/shorewall/action.Limit... |
| 84 |
>> Deleting user chains... |
| 85 |
>> iptables: No chain/target/match by that name |
| 86 |
>> ERROR: Command "/sbin/iptables -A FORWARD -m state --state |
| 87 |
>> ESTABLISHED,RELATED -j ACCEPT" Failed |
| 88 |
>> Processing /etc/shorewall/stop ... |
| 89 |
>> iptables: No chain/target/match by that name |
| 90 |
>> iptables: No chain/target/match by that name |
| 91 |
>> IP Forwarding Enabled |
| 92 |
>> Processing /etc/shorewall/stopped ... |
| 93 |
>> Terminated |
| 94 |
>> |
| 95 |
>> root@backup:/etc/shorewall # shorewall status |
| 96 |
>> Shorewall-3.0.4 Status at backup - Thu May 18 16:30:45 UTC 2006 |
| 97 |
>> |
| 98 |
>> Shorewall is stopped |
| 99 |
>> State:Stopped (Thu May 18 16:28:59 UTC 2006) |
| 100 |
>> |
| 101 |
>> Now I cannot connect to the internet through the modem nor ssh to the |
| 102 |
>> other computer. I was able to do both before running shorewall start. |
| 103 |
>> |
| 104 |
>> root@backup:/etc/shorewall # /etc/init.d/iptables stop |
| 105 |
>> * Saving iptables state |
| 106 |
>> ... [ ok ] |
| 107 |
>> * Stopping firewall |
| 108 |
>> ... [ ok ] |
| 109 |
>> root@backup:/etc/shorewall # ssh main |
| 110 |
>> Password: |
| 111 |
>> |
| 112 |
>> Now I can ssh and connect to the internet. |
| 113 |
>> |
| 114 |
>> What am I doing wrong? Any advice appreciated. |
| 115 |
>> |
| 116 |
>> Jerry |
| 117 |
>> |
| 118 |
> to get your access back, issue "shorewall clear" |
| 119 |
> the problem on start is that you don't have those capabilities listed |
| 120 |
> activated in your kernel.... |
| 121 |
|
| 122 |
I figured out which capabilites I needed in the kernel and now shorewall |
| 123 |
starts without complaining. |
| 124 |
|
| 125 |
thanks john. |
| 126 |
|
| 127 |
jerry |
| 128 |
-- |
| 129 |
gentoo-user@g.o mailing list |
Archives