John Jolet wrote:
Jerry wrote:
I am setting up gentoo on another computer and cannot get shorewall
to start properly. I had used another version of shorewall previously
but cannot get 3.0.4 to work. I have read and tried to follow the
instruction in /usr/share/doc/shorewall-3.0.4/Samples/one-interface
but no success. I have dialup modem, one other computer connected
via eth0. If root runs 'which ip' the response is '/sbin/ip'.
/etc/shorewall/zones:
#ZONE TYPE OPTIONS IN
OUT OPTIONS
OPTIONS
net ipv4 -
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
/etc/shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 -
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/policy:
#SOURCE DEST POLICY LOG LEVEL
LIMIT:BURST
$FW net ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
/etc/shorewall/rules: has all rules commented out to try to make the
startup as simple as possible.
When I run shorewall start:
[EMAIL PROTECTED]:/etc/shorewall # shorewall start
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Not available
Packet Mangling: Available
Multi-port Match: Not available
Connection Tracking Match: Not available
Packet Type Match: Not available
Policy Match: Not available
Physdev Match: Not available
IP range Match: Not available
Recent Match: Not available
Owner Match: Not available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Available
CLASSIFY Target: Not available
Determining Zones...
IPv4 Zones: net
Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
net Zone: ppp0:0.0.0.0/0
Processing /etc/shorewall/init ...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Pre-processing /usr/share/shorewall/action.Reject...
Pre-processing /usr/share/shorewall/action.Limit...
Deleting user chains...
iptables: No chain/target/match by that name
ERROR: Command "/sbin/iptables -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT" Failed
Processing /etc/shorewall/stop ...
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
Terminated
[EMAIL PROTECTED]:/etc/shorewall # shorewall status
Shorewall-3.0.4 Status at backup - Thu May 18 16:30:45 UTC 2006
Shorewall is stopped
State:Stopped (Thu May 18 16:28:59 UTC 2006)
Now I cannot connect to the internet through the modem nor ssh to the
other computer. I was able to do both before running shorewall start.
[EMAIL PROTECTED]:/etc/shorewall # /etc/init.d/iptables stop
* Saving iptables state
... [ ok ]
* Stopping firewall
... [ ok ]
[EMAIL PROTECTED]:/etc/shorewall # ssh main
Password:
Now I can ssh and connect to the internet.
What am I doing wrong? Any advice appreciated.
Jerry
to get your access back, issue "shorewall clear"
the problem on start is that you don't have those capabilities listed
activated in your kernel....
I figured out which capabilites I needed in the kernel and now shorewall
starts without complaining.
thanks john.
jerry
--
gentoo-user@gentoo.org mailing list
