1 |
John Jolet wrote: |
2 |
|
3 |
> Jerry wrote: |
4 |
> |
5 |
>> I am setting up gentoo on another computer and cannot get shorewall |
6 |
>> to start properly. I had used another version of shorewall previously |
7 |
>> but cannot get 3.0.4 to work. I have read and tried to follow the |
8 |
>> instruction in /usr/share/doc/shorewall-3.0.4/Samples/one-interface |
9 |
>> but no success. I have dialup modem, one other computer connected |
10 |
>> via eth0. If root runs 'which ip' the response is '/sbin/ip'. |
11 |
>> |
12 |
>> /etc/shorewall/zones: |
13 |
>> #ZONE TYPE OPTIONS IN |
14 |
>> OUT OPTIONS |
15 |
>> OPTIONS |
16 |
>> net ipv4 - |
17 |
>> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE |
18 |
>> |
19 |
>> /etc/shorewall/interfaces: |
20 |
>> #ZONE INTERFACE BROADCAST OPTIONS |
21 |
>> net ppp0 - |
22 |
>> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE |
23 |
>> |
24 |
>> /etc/shorewall/policy: |
25 |
>> #SOURCE DEST POLICY LOG LEVEL |
26 |
>> LIMIT:BURST |
27 |
>> $FW net ACCEPT |
28 |
>> net all DROP info |
29 |
>> # The FOLLOWING POLICY MUST BE LAST |
30 |
>> all all REJECT info |
31 |
>> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE |
32 |
>> |
33 |
>> /etc/shorewall/rules: has all rules commented out to try to make the |
34 |
>> startup as simple as possible. |
35 |
>> |
36 |
>> When I run shorewall start: |
37 |
>> |
38 |
>> root@backup:/etc/shorewall # shorewall start |
39 |
>> Loading /usr/share/shorewall/functions... |
40 |
>> Processing /etc/shorewall/params ... |
41 |
>> Processing /etc/shorewall/shorewall.conf... |
42 |
>> Loading Modules... |
43 |
>> Starting Shorewall... |
44 |
>> Initializing... |
45 |
>> Shorewall has detected the following iptables/netfilter capabilities: |
46 |
>> NAT: Not available |
47 |
>> Packet Mangling: Available |
48 |
>> Multi-port Match: Not available |
49 |
>> Connection Tracking Match: Not available |
50 |
>> Packet Type Match: Not available |
51 |
>> Policy Match: Not available |
52 |
>> Physdev Match: Not available |
53 |
>> IP range Match: Not available |
54 |
>> Recent Match: Not available |
55 |
>> Owner Match: Not available |
56 |
>> Ipset Match: Not available |
57 |
>> CONNMARK Target: Not available |
58 |
>> Connmark Match: Not available |
59 |
>> Raw Table: Available |
60 |
>> CLASSIFY Target: Not available |
61 |
>> Determining Zones... |
62 |
>> IPv4 Zones: net |
63 |
>> Firewall Zone: fw |
64 |
>> Validating interfaces file... |
65 |
>> Validating hosts file... |
66 |
>> Validating Policy file... |
67 |
>> Determining Hosts in Zones... |
68 |
>> net Zone: ppp0:0.0.0.0/0 |
69 |
>> Processing /etc/shorewall/init ... |
70 |
>> Pre-processing Actions... |
71 |
>> Pre-processing /usr/share/shorewall/action.Drop... |
72 |
>> ..Expanding Macro /usr/share/shorewall/macro.Auth... |
73 |
>> ..End Macro |
74 |
>> ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... |
75 |
>> ..End Macro |
76 |
>> ..Expanding Macro /usr/share/shorewall/macro.SMB... |
77 |
>> ..End Macro |
78 |
>> ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... |
79 |
>> ..End Macro |
80 |
>> ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... |
81 |
>> ..End Macro |
82 |
>> Pre-processing /usr/share/shorewall/action.Reject... |
83 |
>> Pre-processing /usr/share/shorewall/action.Limit... |
84 |
>> Deleting user chains... |
85 |
>> iptables: No chain/target/match by that name |
86 |
>> ERROR: Command "/sbin/iptables -A FORWARD -m state --state |
87 |
>> ESTABLISHED,RELATED -j ACCEPT" Failed |
88 |
>> Processing /etc/shorewall/stop ... |
89 |
>> iptables: No chain/target/match by that name |
90 |
>> iptables: No chain/target/match by that name |
91 |
>> IP Forwarding Enabled |
92 |
>> Processing /etc/shorewall/stopped ... |
93 |
>> Terminated |
94 |
>> |
95 |
>> root@backup:/etc/shorewall # shorewall status |
96 |
>> Shorewall-3.0.4 Status at backup - Thu May 18 16:30:45 UTC 2006 |
97 |
>> |
98 |
>> Shorewall is stopped |
99 |
>> State:Stopped (Thu May 18 16:28:59 UTC 2006) |
100 |
>> |
101 |
>> Now I cannot connect to the internet through the modem nor ssh to the |
102 |
>> other computer. I was able to do both before running shorewall start. |
103 |
>> |
104 |
>> root@backup:/etc/shorewall # /etc/init.d/iptables stop |
105 |
>> * Saving iptables state |
106 |
>> ... [ ok ] |
107 |
>> * Stopping firewall |
108 |
>> ... [ ok ] |
109 |
>> root@backup:/etc/shorewall # ssh main |
110 |
>> Password: |
111 |
>> |
112 |
>> Now I can ssh and connect to the internet. |
113 |
>> |
114 |
>> What am I doing wrong? Any advice appreciated. |
115 |
>> |
116 |
>> Jerry |
117 |
>> |
118 |
> to get your access back, issue "shorewall clear" |
119 |
> the problem on start is that you don't have those capabilities listed |
120 |
> activated in your kernel.... |
121 |
|
122 |
I figured out which capabilites I needed in the kernel and now shorewall |
123 |
starts without complaining. |
124 |
|
125 |
thanks john. |
126 |
|
127 |
jerry |
128 |
-- |
129 |
gentoo-user@g.o mailing list |