| 1 |
I am setting up gentoo on another computer and cannot get shorewall to |
| 2 |
start properly. I had used another version of shorewall previously but |
| 3 |
cannot get 3.0.4 to work. I have read and tried to follow the |
| 4 |
instruction in /usr/share/doc/shorewall-3.0.4/Samples/one-interface but |
| 5 |
no success. I have dialup modem, one other computer connected via eth0. |
| 6 |
If root runs 'which ip' the response is '/sbin/ip'. |
| 7 |
|
| 8 |
/etc/shorewall/zones: |
| 9 |
#ZONE TYPE OPTIONS IN |
| 10 |
OUT OPTIONS OPTIONS |
| 11 |
net ipv4 - |
| 12 |
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE |
| 13 |
|
| 14 |
/etc/shorewall/interfaces: |
| 15 |
#ZONE INTERFACE BROADCAST OPTIONS |
| 16 |
net ppp0 - |
| 17 |
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE |
| 18 |
|
| 19 |
/etc/shorewall/policy: |
| 20 |
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST |
| 21 |
$FW net ACCEPT |
| 22 |
net all DROP info |
| 23 |
# The FOLLOWING POLICY MUST BE LAST |
| 24 |
all all REJECT info |
| 25 |
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE |
| 26 |
|
| 27 |
/etc/shorewall/rules: has all rules commented out to try to make the |
| 28 |
startup as simple as possible. |
| 29 |
|
| 30 |
When I run shorewall start: |
| 31 |
|
| 32 |
root@backup:/etc/shorewall # shorewall start |
| 33 |
Loading /usr/share/shorewall/functions... |
| 34 |
Processing /etc/shorewall/params ... |
| 35 |
Processing /etc/shorewall/shorewall.conf... |
| 36 |
Loading Modules... |
| 37 |
Starting Shorewall... |
| 38 |
Initializing... |
| 39 |
Shorewall has detected the following iptables/netfilter capabilities: |
| 40 |
NAT: Not available |
| 41 |
Packet Mangling: Available |
| 42 |
Multi-port Match: Not available |
| 43 |
Connection Tracking Match: Not available |
| 44 |
Packet Type Match: Not available |
| 45 |
Policy Match: Not available |
| 46 |
Physdev Match: Not available |
| 47 |
IP range Match: Not available |
| 48 |
Recent Match: Not available |
| 49 |
Owner Match: Not available |
| 50 |
Ipset Match: Not available |
| 51 |
CONNMARK Target: Not available |
| 52 |
Connmark Match: Not available |
| 53 |
Raw Table: Available |
| 54 |
CLASSIFY Target: Not available |
| 55 |
Determining Zones... |
| 56 |
IPv4 Zones: net |
| 57 |
Firewall Zone: fw |
| 58 |
Validating interfaces file... |
| 59 |
Validating hosts file... |
| 60 |
Validating Policy file... |
| 61 |
Determining Hosts in Zones... |
| 62 |
net Zone: ppp0:0.0.0.0/0 |
| 63 |
Processing /etc/shorewall/init ... |
| 64 |
Pre-processing Actions... |
| 65 |
Pre-processing /usr/share/shorewall/action.Drop... |
| 66 |
..Expanding Macro /usr/share/shorewall/macro.Auth... |
| 67 |
..End Macro |
| 68 |
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... |
| 69 |
..End Macro |
| 70 |
..Expanding Macro /usr/share/shorewall/macro.SMB... |
| 71 |
..End Macro |
| 72 |
..Expanding Macro /usr/share/shorewall/macro.DropUPnP... |
| 73 |
..End Macro |
| 74 |
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... |
| 75 |
..End Macro |
| 76 |
Pre-processing /usr/share/shorewall/action.Reject... |
| 77 |
Pre-processing /usr/share/shorewall/action.Limit... |
| 78 |
Deleting user chains... |
| 79 |
iptables: No chain/target/match by that name |
| 80 |
ERROR: Command "/sbin/iptables -A FORWARD -m state --state |
| 81 |
ESTABLISHED,RELATED -j ACCEPT" Failed |
| 82 |
Processing /etc/shorewall/stop ... |
| 83 |
iptables: No chain/target/match by that name |
| 84 |
iptables: No chain/target/match by that name |
| 85 |
IP Forwarding Enabled |
| 86 |
Processing /etc/shorewall/stopped ... |
| 87 |
Terminated |
| 88 |
|
| 89 |
root@backup:/etc/shorewall # shorewall status |
| 90 |
Shorewall-3.0.4 Status at backup - Thu May 18 16:30:45 UTC 2006 |
| 91 |
|
| 92 |
Shorewall is stopped |
| 93 |
State:Stopped (Thu May 18 16:28:59 UTC 2006) |
| 94 |
|
| 95 |
Now I cannot connect to the internet through the modem nor ssh to the |
| 96 |
other computer. I was able to do both before running shorewall start. |
| 97 |
|
| 98 |
root@backup:/etc/shorewall # /etc/init.d/iptables stop |
| 99 |
* Saving iptables state |
| 100 |
... [ ok ] |
| 101 |
* Stopping firewall |
| 102 |
... [ ok ] |
| 103 |
root@backup:/etc/shorewall # ssh main |
| 104 |
Password: |
| 105 |
|
| 106 |
Now I can ssh and connect to the internet. |
| 107 |
|
| 108 |
What am I doing wrong? Any advice appreciated. |
| 109 |
|
| 110 |
Jerry |
| 111 |
|
| 112 |
-- |
| 113 |
gentoo-user@g.o mailing list |
Archives