Ryan Tandy wrote:
Jerry wrote:
[EMAIL PROTECTED]:/etc/shorewall # shorewall start
Any particular reason why you're running that instead of
/etc/init.d/shorewall start?
Thats is what the docs suggested as the start command.
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Not available
Packet Mangling: Available
Multi-port Match: Not available
Connection Tracking Match: Not available
Packet Type Match: Not available
Policy Match: Not available
Physdev Match: Not available
IP range Match: Not available
Recent Match: Not available
Owner Match: Not available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Available
CLASSIFY Target: Not available
Hmmm... looks like you're missing a few fairly necessary components.
Might want to add a bit more to your iptables configuration in your
kernel config, or have some fun with modprobe.
I rebuilt the kernel with more iptables modules and shorewall works fine.
iptables: No chain/target/match by that name
ERROR: Command "/sbin/iptables -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT" Failed
This is caused by the line "Connection Tracking Match: Not available"
- you need to build in to your kernel or modprobe the conntrack module.
Now I cannot connect to the internet through the modem nor ssh to the
other computer. I was able to do both before running shorewall start.
shorewall clear or /etc/init.d/shorewall clear
[EMAIL PROTECTED]:/etc/shorewall # /etc/init.d/iptables stop
* Saving iptables state
... [ ok ]
* Stopping firewall
... [ ok ]
You don't need to have iptables running for shorewall to work (I know
I don't).
delta ~ # /etc/init.d/shorewall status
* status: started
delta ~ # /etc/init.d/iptables status
* status: stopped
HTH.
Ryan
Thanks for the help ryan.
jerry
--
gentoo-user@gentoo.org mailing list
