1 |
Jerry wrote: |
2 |
|
3 |
> I am setting up gentoo on another computer and cannot get shorewall |
4 |
> to start properly. I had used another version of shorewall previously |
5 |
> but cannot get 3.0.4 to work. I have read and tried to follow the |
6 |
> instruction in /usr/share/doc/shorewall-3.0.4/Samples/one-interface |
7 |
> but no success. I have dialup modem, one other computer connected via |
8 |
> eth0. If root runs 'which ip' the response is '/sbin/ip'. |
9 |
> |
10 |
> /etc/shorewall/zones: |
11 |
> #ZONE TYPE OPTIONS IN |
12 |
> OUT OPTIONS |
13 |
> OPTIONS |
14 |
> net ipv4 - |
15 |
> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE |
16 |
> |
17 |
> /etc/shorewall/interfaces: |
18 |
> #ZONE INTERFACE BROADCAST OPTIONS |
19 |
> net ppp0 - |
20 |
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE |
21 |
> |
22 |
> /etc/shorewall/policy: |
23 |
> #SOURCE DEST POLICY LOG LEVEL |
24 |
> LIMIT:BURST |
25 |
> $FW net ACCEPT |
26 |
> net all DROP info |
27 |
> # The FOLLOWING POLICY MUST BE LAST |
28 |
> all all REJECT info |
29 |
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE |
30 |
> |
31 |
> /etc/shorewall/rules: has all rules commented out to try to make the |
32 |
> startup as simple as possible. |
33 |
> |
34 |
> When I run shorewall start: |
35 |
> |
36 |
> root@backup:/etc/shorewall # shorewall start |
37 |
> Loading /usr/share/shorewall/functions... |
38 |
> Processing /etc/shorewall/params ... |
39 |
> Processing /etc/shorewall/shorewall.conf... |
40 |
> Loading Modules... |
41 |
> Starting Shorewall... |
42 |
> Initializing... |
43 |
> Shorewall has detected the following iptables/netfilter capabilities: |
44 |
> NAT: Not available |
45 |
> Packet Mangling: Available |
46 |
> Multi-port Match: Not available |
47 |
> Connection Tracking Match: Not available |
48 |
> Packet Type Match: Not available |
49 |
> Policy Match: Not available |
50 |
> Physdev Match: Not available |
51 |
> IP range Match: Not available |
52 |
> Recent Match: Not available |
53 |
> Owner Match: Not available |
54 |
> Ipset Match: Not available |
55 |
> CONNMARK Target: Not available |
56 |
> Connmark Match: Not available |
57 |
> Raw Table: Available |
58 |
> CLASSIFY Target: Not available |
59 |
> Determining Zones... |
60 |
> IPv4 Zones: net |
61 |
> Firewall Zone: fw |
62 |
> Validating interfaces file... |
63 |
> Validating hosts file... |
64 |
> Validating Policy file... |
65 |
> Determining Hosts in Zones... |
66 |
> net Zone: ppp0:0.0.0.0/0 |
67 |
> Processing /etc/shorewall/init ... |
68 |
> Pre-processing Actions... |
69 |
> Pre-processing /usr/share/shorewall/action.Drop... |
70 |
> ..Expanding Macro /usr/share/shorewall/macro.Auth... |
71 |
> ..End Macro |
72 |
> ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... |
73 |
> ..End Macro |
74 |
> ..Expanding Macro /usr/share/shorewall/macro.SMB... |
75 |
> ..End Macro |
76 |
> ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... |
77 |
> ..End Macro |
78 |
> ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... |
79 |
> ..End Macro |
80 |
> Pre-processing /usr/share/shorewall/action.Reject... |
81 |
> Pre-processing /usr/share/shorewall/action.Limit... |
82 |
> Deleting user chains... |
83 |
> iptables: No chain/target/match by that name |
84 |
> ERROR: Command "/sbin/iptables -A FORWARD -m state --state |
85 |
> ESTABLISHED,RELATED -j ACCEPT" Failed |
86 |
> Processing /etc/shorewall/stop ... |
87 |
> iptables: No chain/target/match by that name |
88 |
> iptables: No chain/target/match by that name |
89 |
> IP Forwarding Enabled |
90 |
> Processing /etc/shorewall/stopped ... |
91 |
> Terminated |
92 |
> |
93 |
> root@backup:/etc/shorewall # shorewall status |
94 |
> Shorewall-3.0.4 Status at backup - Thu May 18 16:30:45 UTC 2006 |
95 |
> |
96 |
> Shorewall is stopped |
97 |
> State:Stopped (Thu May 18 16:28:59 UTC 2006) |
98 |
> |
99 |
> Now I cannot connect to the internet through the modem nor ssh to the |
100 |
> other computer. I was able to do both before running shorewall start. |
101 |
> |
102 |
> root@backup:/etc/shorewall # /etc/init.d/iptables stop |
103 |
> * Saving iptables state |
104 |
> ... [ ok ] |
105 |
> * Stopping firewall |
106 |
> ... [ ok ] |
107 |
> root@backup:/etc/shorewall # ssh main |
108 |
> Password: |
109 |
> |
110 |
> Now I can ssh and connect to the internet. |
111 |
> |
112 |
> What am I doing wrong? Any advice appreciated. |
113 |
> |
114 |
> Jerry |
115 |
> |
116 |
to get your access back, issue "shorewall clear" |
117 |
the problem on start is that you don't have those capabilities listed |
118 |
activated in your kernel.... |
119 |
-- |
120 |
gentoo-user@g.o mailing list |