| 1 |
Jerry wrote: |
| 2 |
|
| 3 |
> I am setting up gentoo on another computer and cannot get shorewall |
| 4 |
> to start properly. I had used another version of shorewall previously |
| 5 |
> but cannot get 3.0.4 to work. I have read and tried to follow the |
| 6 |
> instruction in /usr/share/doc/shorewall-3.0.4/Samples/one-interface |
| 7 |
> but no success. I have dialup modem, one other computer connected via |
| 8 |
> eth0. If root runs 'which ip' the response is '/sbin/ip'. |
| 9 |
> |
| 10 |
> /etc/shorewall/zones: |
| 11 |
> #ZONE TYPE OPTIONS IN |
| 12 |
> OUT OPTIONS |
| 13 |
> OPTIONS |
| 14 |
> net ipv4 - |
| 15 |
> #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE |
| 16 |
> |
| 17 |
> /etc/shorewall/interfaces: |
| 18 |
> #ZONE INTERFACE BROADCAST OPTIONS |
| 19 |
> net ppp0 - |
| 20 |
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE |
| 21 |
> |
| 22 |
> /etc/shorewall/policy: |
| 23 |
> #SOURCE DEST POLICY LOG LEVEL |
| 24 |
> LIMIT:BURST |
| 25 |
> $FW net ACCEPT |
| 26 |
> net all DROP info |
| 27 |
> # The FOLLOWING POLICY MUST BE LAST |
| 28 |
> all all REJECT info |
| 29 |
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE |
| 30 |
> |
| 31 |
> /etc/shorewall/rules: has all rules commented out to try to make the |
| 32 |
> startup as simple as possible. |
| 33 |
> |
| 34 |
> When I run shorewall start: |
| 35 |
> |
| 36 |
> root@backup:/etc/shorewall # shorewall start |
| 37 |
> Loading /usr/share/shorewall/functions... |
| 38 |
> Processing /etc/shorewall/params ... |
| 39 |
> Processing /etc/shorewall/shorewall.conf... |
| 40 |
> Loading Modules... |
| 41 |
> Starting Shorewall... |
| 42 |
> Initializing... |
| 43 |
> Shorewall has detected the following iptables/netfilter capabilities: |
| 44 |
> NAT: Not available |
| 45 |
> Packet Mangling: Available |
| 46 |
> Multi-port Match: Not available |
| 47 |
> Connection Tracking Match: Not available |
| 48 |
> Packet Type Match: Not available |
| 49 |
> Policy Match: Not available |
| 50 |
> Physdev Match: Not available |
| 51 |
> IP range Match: Not available |
| 52 |
> Recent Match: Not available |
| 53 |
> Owner Match: Not available |
| 54 |
> Ipset Match: Not available |
| 55 |
> CONNMARK Target: Not available |
| 56 |
> Connmark Match: Not available |
| 57 |
> Raw Table: Available |
| 58 |
> CLASSIFY Target: Not available |
| 59 |
> Determining Zones... |
| 60 |
> IPv4 Zones: net |
| 61 |
> Firewall Zone: fw |
| 62 |
> Validating interfaces file... |
| 63 |
> Validating hosts file... |
| 64 |
> Validating Policy file... |
| 65 |
> Determining Hosts in Zones... |
| 66 |
> net Zone: ppp0:0.0.0.0/0 |
| 67 |
> Processing /etc/shorewall/init ... |
| 68 |
> Pre-processing Actions... |
| 69 |
> Pre-processing /usr/share/shorewall/action.Drop... |
| 70 |
> ..Expanding Macro /usr/share/shorewall/macro.Auth... |
| 71 |
> ..End Macro |
| 72 |
> ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... |
| 73 |
> ..End Macro |
| 74 |
> ..Expanding Macro /usr/share/shorewall/macro.SMB... |
| 75 |
> ..End Macro |
| 76 |
> ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... |
| 77 |
> ..End Macro |
| 78 |
> ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... |
| 79 |
> ..End Macro |
| 80 |
> Pre-processing /usr/share/shorewall/action.Reject... |
| 81 |
> Pre-processing /usr/share/shorewall/action.Limit... |
| 82 |
> Deleting user chains... |
| 83 |
> iptables: No chain/target/match by that name |
| 84 |
> ERROR: Command "/sbin/iptables -A FORWARD -m state --state |
| 85 |
> ESTABLISHED,RELATED -j ACCEPT" Failed |
| 86 |
> Processing /etc/shorewall/stop ... |
| 87 |
> iptables: No chain/target/match by that name |
| 88 |
> iptables: No chain/target/match by that name |
| 89 |
> IP Forwarding Enabled |
| 90 |
> Processing /etc/shorewall/stopped ... |
| 91 |
> Terminated |
| 92 |
> |
| 93 |
> root@backup:/etc/shorewall # shorewall status |
| 94 |
> Shorewall-3.0.4 Status at backup - Thu May 18 16:30:45 UTC 2006 |
| 95 |
> |
| 96 |
> Shorewall is stopped |
| 97 |
> State:Stopped (Thu May 18 16:28:59 UTC 2006) |
| 98 |
> |
| 99 |
> Now I cannot connect to the internet through the modem nor ssh to the |
| 100 |
> other computer. I was able to do both before running shorewall start. |
| 101 |
> |
| 102 |
> root@backup:/etc/shorewall # /etc/init.d/iptables stop |
| 103 |
> * Saving iptables state |
| 104 |
> ... [ ok ] |
| 105 |
> * Stopping firewall |
| 106 |
> ... [ ok ] |
| 107 |
> root@backup:/etc/shorewall # ssh main |
| 108 |
> Password: |
| 109 |
> |
| 110 |
> Now I can ssh and connect to the internet. |
| 111 |
> |
| 112 |
> What am I doing wrong? Any advice appreciated. |
| 113 |
> |
| 114 |
> Jerry |
| 115 |
> |
| 116 |
to get your access back, issue "shorewall clear" |
| 117 |
the problem on start is that you don't have those capabilities listed |
| 118 |
activated in your kernel.... |
| 119 |
-- |
| 120 |
gentoo-user@g.o mailing list |
Archives