| View previous topic :: View next topic |
| Author |
Message |
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
 Posted: Tue Jun 17, 2003 12:29 am Post subject: shorewall and pulling my hair out.... |
 |
|
ok, i have an ADSL USB Modem. I have it configured. I have a NIC eth0, the modem is ppp0, i start it using speedtouch initscript.
I think i configured everything right in /etc/shorewall i download the 2 inerface config files. I followed the howto here: http://www.shorewall.net/shorewall_setup_guide.htm
The hardest bit and i think where the problem is the kernel configuration. I think i got all the main bits loaded. I compiled them and compiled them as modules. I tried everything. Here's what i chose from this website:
http://www.shorewall.net/kernel.htm
It doesn't work.
So when i do: "/etc/init.d/shorewall start" i get this error:
| Quote: | mooktaking shorewall # /etc/init.d/shorewall start
* Starting firewall...
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_unregister_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_register_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_filter.o: unresolved symbol nf_unregister_hook
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_filter.o: unresolved symbol nf_register_hook
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack.o: unresolved symbol nf_unregister_hook
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack.o: unresolved symbol nf_unregister_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack.o: unresolved symbol ip_ct_attach
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack.o: unresolved symbol nf_register_hook
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack.o: unresolved symbol nf_register_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o: unresolved symbol ip_conntrack_helper_register_Rsmp_6987f3bb
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o: unresolved symbol ip_conntrack_expect_related_Rsmp_be753819
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o: unresolved symbol ip_conntrack_helper_unregister_Rsmp_e84ad763
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack_irc.o: unresolved symbol ip_conntrack_helper_register_Rsmp_6987f3bb
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack_irc.o: unresolved symbol ip_conntrack_expect_related_Rsmp_be753819
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_conntrack_irc.o: unresolved symbol ip_conntrack_helper_unregister_Rsmp_e84ad763
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol nf_unregister_hook
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_destroyed_Rsmp_4c7e16fb
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_route_me_harder
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_ct_find_helper_Rsmp_b15b86cb
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol invert_tuplepr_Rsmp_f2e2ab36
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_ct_gather_frags_Rsmp_7e988d22
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_get_Rsmp_6088f75a
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_lock_Rsmp_a0c1f2a7
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_tuple_taken_Rsmp_a1402979
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol nf_register_hook
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_module_Rsmp_b0361033
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_alter_reply_Rsmp_3cf4bddf
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_htable_size_Rsmp_8ef8af4c
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_ct_selective_cleanup_Rsmp_66fa3c2a
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol __ip_ct_find_proto_Rsmp_e4674f35
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_conntrack_change_expect_Rsmp_8f283b34
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_nat_setup_info_Rsmp_641b593f
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_nat_helper_register_Rsmp_0bb68963
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_ftp_lock_Rsmp_7c27ef4c
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_nat_mangle_tcp_packet_Rsmp_5fb913da
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_nat_helper_unregister_Rsmp_2092f3ea
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_irc.o: unresolved symbol ip_conntrack_change_expect_Rsmp_8f283b34
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_irc.o: unresolved symbol ip_irc_lock_Rsmp_33c7af49
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_irc.o: unresolved symbol ip_nat_setup_info_Rsmp_641b593f
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_irc.o: unresolved symbol ip_nat_helper_register_Rsmp_0bb68963
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_irc.o: unresolved symbol ip_nat_mangle_tcp_packet_Rsmp_5fb913da
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_nat_irc.o: unresolved symbol ip_nat_helper_unregister_Rsmp_2092f3ea
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_unregister_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_register_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_unregister_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_register_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.8: can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_unregister_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_register_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_unregister_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_register_sockopt
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
/sbin/runscript.sh: line 660: 3159 Terminated /sbin/shorewall start >/dev/null [ !! ]
|
So anyone got this working, please help.
I'm a n00b and need ALL the help i can get.
i'm trying to turn my server into a router/firewall. I think i got the configuration correct.
The only problem lys in module and kernel config.
Some tell me what i need to enable (compiled or as module).
Any help will be appreciated.
Thanks in advance.
PS: i've been working all afternoon and all night (3AM now, need sleep) gonna read this 2morow. gooooooddddnnnniiigggghhhttt ZZZzzzzzz
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
 |
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Tue Jun 17, 2003 8:41 pm Post subject: |
|
|
Anyone?
Please 
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
Donut
n00b
Joined: 27 Apr 2003
Posts: 40
|
| Posted: Tue Jun 17, 2003 9:22 pm Post subject: |
|
|
I too am running a gateway machine using the speedtouch usb device (btinternet) plus shorewall for the firewal based on a 2 interface config and have it working ok. Here's some info....
Kernel config settings
Note: Reason is in brackets, some options are for NON-INCLUSION (eg SMP, /dev/pts). Nearly all settings are compiled into the kernel rather than modules. Not all the firewall options may be necessary.
| Code: |
Processor type and features --->
[ ] Symetric multi-processing support (SPEEDTOUCH)
General Setup --->
PCI Hotplug Support --->
<*> Suport for PCI Hotplug (SPEEDTOUCH)
Networking Options --->
[*] Network packet filtering (replaces ipchains) (FIREWALL)
[*] Socket Filtering (FIREWALL)
[*] Asynchronous Transfer Mode (ATM) (SPEEDTOUCH)
IP: Netfilter Configuration --->
<*> Connection tracking (reqd for masq/nat) (FIREWALL)
<*> FTP protocol support (FIREWALL)
<*> IP tables support (reqd for filt/msq/nat) (FIREWALL)
<*> Limit match support (FIREWALL)
<*> MAC address support (FIREWALL)
<*> Packet Type match support (FIREWALL)
<*> Netfilter mark match support (FIREWALL)
<*> Multiple port match support (FIREWALL)
<*> TOS match support (FIREWALL)
<*> ECN match support (FIREWALL)
<*> DSCP match support (FIREWALL)
<*> AH/ESP match support (FIREWALL)
<*> LENGTH match support (FIREWALL)
<*> TTL match support (FIREWALL)
<*> tcpmss match support (FIREWALL)
<*> Helper match support (FIREWALL)
<*> Connection state match support (FIREWALL)
<*> Connection tracking match support (FIREWALL)
<*> Packet filtering (FIREWALL)
<*> REJECT target support (FIREWALL)
<*> Full NAT (FIREWALL)
<*> MASQUERADE target support (FIREWALL)
<*> REDIRECT target support (FIREWALL)
<*> Packet mangling (FIREWALL)
<*> TOS target support (FIREWALL)
<*> ECN target support (FIREWALL)
<*> DSCP target support (FIREWALL)
<*> MARK target support (FIREWALL)
<*> LOG target support (FIREWALL)
<*> ULOG target support (FIREWALL)
<*> TCPMSS target support (FIREWALL)
ATA/IDE/MFM/RLL support --->
IDE, ATA and ATAPI Block Devices --->
<M> SCSI emulation support (SPEEDTOUCH)
SCSI support -->
<*> SCSI disk support (SPEEDTOUCH)
<*> SCSI generic support (SPEEDTOUCH)
Network device support --->
<*> PPP (point-to-point protocol) support (SPEEDTOUCH)
<*> PPP support for async serial ports (SPEEDTOUCH)
<*> PPP support for sync tty ports (SPEEDTOUCH)
<*> PPP Deflate Compression (SPEEDTOUCH)
<*> PPP BSD-Compress compression (SPEEDTOUCH)
<*> PPP Over ATM (SPEEDTOUCH)
Character devices --->
[*] Non-standard serial port support (SPEEDTOUCH)
<*> HDLC line discipline support (SPEEDTOUCH)
File systems --->
[ ] /dev/pts file system for Unix98 PTYs (SPEEDTOUCH)
USB Support --->
[*] Preliminary USB device filesystem (SPEEDTOUCH)
<*> UHCI Alternate Driver (JE) support (SPEEDTOUCH)
|
In my /etc/init.d/shorewall script I have the following
| Code: |
depend() {
need net speedtouch
provide firewall
}
|
Also, to enable shorewall to use a ppp interface properly, make sure you have the following in the file '/etc/shorewall/shorewall.conf'...
I can send you my speedtouch and shorewall config files directly if it helps - let me know via private message.
Hope this helps
Paul |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Tue Jun 17, 2003 11:26 pm Post subject: |
|
|
I did everything upthere ^^.
I have my modem working fine, except for the fact that it starts way after apache does. Its working perfectly, this can be solved very easily.
the error i get after "shorewall start" is:
| Quote: | mooktaking shorewall # shorewall start
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Starting Shorewall...
Loading Modules...
Initializing...
Determining Zones...
Zones: net loc
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: ppp0:0.0.0.0/0
Local Zone: eth0:0.0.0.0/0
Processing /etc/shorewall/init ...
modprobe: Can't locate module ip_tables
iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Processing /etc/shorewall/stop ...
modprobe: Can't locate module ip_tables
iptables v1.2.8: can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_tables
iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_tables
iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Processing /etc/shorewall/stopped ...
Terminated
|
Not sure what the problem is.
I've commented out all the modprobe commands in /etc/shorewall/modules.
It just refuses to except the fact that its all compiled in.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Tue Jun 17, 2003 11:28 pm Post subject: |
|
|
Also this time i didn't emrge iptables.
I'll try it again with iptables installed.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Tue Jun 17, 2003 11:33 pm Post subject: |
|
|
naah, not working either.
Same error.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
Donut
n00b
Joined: 27 Apr 2003
Posts: 40
|
| Posted: Wed Jun 18, 2003 6:22 am Post subject: |
|
|
You don't happen to have ipchains (CONFIG_IP_NF_COMPAT_IPCHAINS) included as well do you because if this gets loaded I think its modules conflict with the iptables modules and the iptables modules refuse to load?
Paul |
|
| Back to top |
|
|
Xaignar
Apprentice
Joined: 11 Jun 2003
Posts: 153
Location: Denmark
|
| Posted: Wed Jun 18, 2003 7:22 am Post subject: |
|
|
I've had this a lot when I was using the stable kernels (2.4.x) and when I finally got it working I didn't touch the network config anymore. 
IIRC, one of the fixes to this was to "make clean && make mrproper" (remember to backup your .config file), but I think you will find more information if you search the forum for iptable problems.
I've since switched to 2.5.x I havent had a problem after that. 
Anyway, in case it might be useful, here is my .config file. I also use Shorewall btw. |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Wed Jun 18, 2003 9:37 am Post subject: |
|
|
| Donut wrote: | You don't happen to have ipchains (CONFIG_IP_NF_COMPAT_IPCHAINS) included as well do you because if this gets loaded I think its modules conflict with the iptables modules and the iptables modules refuse to load?
Paul |
I don't think so. I couldn't find that in the .config and also i did exactly what you did upthere ^^
Xaignar: i usually compile like this:
| Quote: |
make dep && make clean bzImage modules modules_install && mount /boot && cp /usr/src/linux/arch/i386/boot/bzImage /boot/bzImage && reboot
|
I will try mrproper and recompile the kernel.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Wed Jun 18, 2003 11:24 am Post subject: |
|
|
Nope.
Again it didn't work. exactly the same error.
I should also say that all this i've been doing is over ssh. if it makes any difference.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
Xaignar
Apprentice
Joined: 11 Jun 2003
Posts: 153
Location: Denmark
|
| Posted: Wed Jun 18, 2003 12:20 pm Post subject: |
|
|
| Try posting your .config |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Wed Jun 18, 2003 4:20 pm Post subject: |
|
|
i recompiled the kernel with Donut's recommendations and it still doesn't work.
I get this error:
| Quote: | mooktaking root # shorewall start
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Starting Shorewall...
Initializing...
Determining Zones...
Zones: net loc
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: ppp0:0.0.0.0/0
Local Zone: eth0:0.0.0.0/0
Processing /etc/shorewall/init ...
modprobe: Can't locate module ip_tables
iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Processing /etc/shorewall/stop ...
modprobe: Can't locate module ip_tables
iptables v1.2.8: can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_tables
iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_tables
iptables v1.2.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Processing /etc/shorewall/stopped ...
Terminated
|
also. Do i need to do "/etc/init.d/iptables" before doing "shorewall start"?
i just don't understand why it refuses to work.
 
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
drizzt
Guru
Joined: 21 Jul 2002
Posts: 428
|
| Posted: Fri Jun 20, 2003 11:54 pm Post subject: |
|
|
One suggestion - try to use kernel 2.4.19 series for routers. I got massive problems with iptables and 2.4.20. THis might help.
_________________
People don't have to earn my respect. I offer my respect to them, but be careful to lose my respect... |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Sat Jun 21, 2003 11:34 am Post subject: |
|
|
OK, that advice is now a bit late.
I gave up and install smoothwall. It erased my WHOLE HD and installed it.
I didn't mind. Becuase it was my solution to the problem.
except its not the solution.
Its a GREAT firewall, and thats all it is.
I can't install anything else becuase they didn't provide no compilers.
no ftp, webmai, imap, its all gone.
Gonna replace smoothwall with ClarkConnect.
I think thats my solution. downlading right now and gonna try out tonight.
if it doesn't work. Gonna slap gentoo back on and try again, this time 2.4.19
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
drizzt
Guru
Joined: 21 Jul 2002
Posts: 428
|
| Posted: Sat Jun 21, 2003 11:48 am Post subject: |
|
|
Sorry, just went through the forums.
If you decide to go back to Gentoo I will be happy to help you !
Just write me an E-Mail: bryx@gmx.net
_________________
People don't have to earn my respect. I offer my respect to them, but be careful to lose my respect... |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Sat Jun 21, 2003 11:49 am Post subject: |
|
|
Yeh, i would love that.
Its not your fault
i didn't loose anything vital anyway.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Tue Jun 24, 2003 6:41 pm Post subject: |
|
|
OK, OK.
I tried all the gateway specific distro's.
The one that came closest to what i wanted was ClarkConnect.
But i've reinstalled Gentoo now.
I installed vanilla-sources this time. 2.4.21.
Now i got routiing working.
Its great.
Except i have one little problem.
My ISP gives the namserver automaticly. i know what they are.
But put them in /etc/resolve.conf of my gateway. Except when i connect using the client PC, and put the gateways IP as my nameserver it doesn't work.
I have to configure each PC with the namserver IP my ISP gave to me.
How do i fix this?
I also have this error when trying to start shorewall, it starts fine, but i get this error:
| Quote: | mooktaking shorewall # /etc/init.d/shorewall start
* Could not get dependency info for "shorewall"!
* Could not get dependency info for "shorewall"!
* Starting firewall... [ ok ]
mooktaking shorewall #
|
i looked at the script. It looks just like the other scripts, not sure why it doesn't work.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
devon
l33t
Joined: 23 Jun 2003
Posts: 943
|
| Posted: Tue Jun 24, 2003 6:56 pm Post subject: |
|
|
| Quote: |
My ISP gives the namserver automaticly. i know what they are.
But put them in /etc/resolve.conf of my gateway. Except when i connect using the client PC, and put the gateways IP as my nameserver it doesn't work.
I have to configure each PC with the namserver IP my ISP gave to me.
|
You will have to run DNS on your gateway server if you want to do it that way. FWIW, I have a similar setup (FreeBSD firewall versus Gentoo) and I use my ISP's DNS servers on my client PCs rather than run DNS on my BSD firewall. Works fine.
If you do decide to run DNS, I suggest checking out this thread. |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Tue Jun 24, 2003 7:45 pm Post subject: |
|
|
I've used smoothwall and ClarkConnect.
How do they imple namserver?
is it also using Bind (or equivilant)?
I heard Bind is a pain to setup.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
paul138
Guru
Joined: 09 Aug 2002
Posts: 370
Location: Ottawa, ON
|
| Posted: Wed Jun 25, 2003 1:28 am Post subject: |
|
|
| MooktaKiNG wrote: |
But put them in /etc/resolve.conf of my gateway. Except when i connect using the client PC, and put the gateways IP as my nameserver it doesn't work. |
You simply put your ISP's nameserver in your client's /etc/resolve.conf like so:
| Code: |
nameserver xxx.xxx.xxx.xxx
nameserver yyy.yyy.yyy.yyy
|
Even though you're using a RFC1918 network, you can still use the outside DNS servers. Simply putting your gateway's IP address will not work without a DNS daemon running on it. If you must, I recommend djbdns or pdnsd. Both are available in portage.
| Quote: | mooktaking shorewall # /etc/init.d/shorewall start
* Could not get dependency info for "shorewall"!
* Could not get dependency info for "shorewall"!
* Starting firewall... [ ok ]
mooktaking shorewall #
|
That just seems to be a bug that's going around when you use unstable (ACCEPT_KEYWORDS="~x86"). I could be wrong. But it'll work just fine.
-P
_________________
Talk is cheap because supply always exceeds demand. |
|
| Back to top |
|
|
paul138
Guru
Joined: 09 Aug 2002
Posts: 370
Location: Ottawa, ON
|
| Posted: Wed Jun 25, 2003 1:32 am Post subject: |
|
|
| MooktaKiNG wrote: | I've used smoothwall and ClarkConnect.
How do they imple namserver?
is it also using Bind (or equivilant)?
I heard Bind is a pain to setup. |
Bind is not for beginners (and a bit overkill for a few machines). If you want simple, use pdnsd. It's very easy and stable.
Dont forget to add rules in shorewall's rules file:
| Code: |
# For local connections to caching DNS server
ACCEPT loc fw udp 53
# So firewall can talk to external DNS servers
ACCEPT fw net udp 53
|
And you prob do not want this in shorewall's policy file.
But then again, I'm just paranoid.
Cheers!
_________________
Talk is cheap because supply always exceeds demand. |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Fri Jun 27, 2003 5:13 pm Post subject: |
|
|
| paul138 wrote: | | MooktaKiNG wrote: | I've used smoothwall and ClarkConnect.
How do they imple namserver?
is it also using Bind (or equivilant)?
I heard Bind is a pain to setup. |
Bind is not for beginners (and a bit overkill for a few machines). If you want simple, use pdnsd. It's very easy and stable.
Dont forget to add rules in shorewall's rules file:
| Code: |
# For local connections to caching DNS server
ACCEPT loc fw udp 53
# So firewall can talk to external DNS servers
ACCEPT fw net udp 53
|
And you prob do not want this in shorewall's policy file.
But then again, I'm just paranoid.
Cheers! |
Thank You Very Much!!!
That was EXACTLY what i was looking for.
I wasn't looking for a proper DNS server. I just wanted something that would foreward dns requests to my ISP's server. That was exactly what i wanted
Here's what i have installed and is working perfectly right now:
- SquirrelMail (Bayesian SpamAssassin)
- Fetchmail
- Gotmail
- Procmail
- Postfix
- Courier-IMAP (+ SSL)
- Apache (PHP + SSL etc)
- Shorewall Firewall (with Iptables)
- MySQL Server
- pDNSd
- Samba
- Snort IDS
- Squid proxy Server (Transparent)
- SSHd Server
- Webmin
All on a Speedtouch USB ADSL Modem. With dynamic connection, which i update using ddclient, and using one 10Mbit Hub connected to two PC's
And those are the ones i can think of right now
In the near future:
- Rsync server (for LAN use only)
- Distfile share
- Virus Scanner
- DHCP Server (maybe, this one isn't that important)
I am VERY happy with my home gateway/router.
Thanks to everyone who helped.
I might in the near future write a howto for this.
I mean not everyone has a seperate machine for each server (firewall, router, proxy )
I love this setup.
Especially the proxy. It works nicely.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router
Last edited by MooktaKiNG on Fri Jun 27, 2003 5:18 pm; edited 2 times in total |
|
| Back to top |
|
|
paul138
Guru
Joined: 09 Aug 2002
Posts: 370
Location: Ottawa, ON
|
| Posted: Fri Jun 27, 2003 5:16 pm Post subject: |
|
|
Glad to see you're happy with the caching DNS server.
I've set so many of these things up that it hurts my head to count them.
Have fun!
-P
_________________
Talk is cheap because supply always exceeds demand. |
|
| Back to top |
|
|
MooktaKiNG
Guru
Joined: 11 Nov 2002
Posts: 326
Location: London, UK
|
| Posted: Fri Jun 27, 2003 5:20 pm Post subject: |
|
|
| paul138 wrote: | Glad to see you're happy with the caching DNS server.
I've set so many of these things up that it hurts my head to count them.
Have fun!
-P |
Do you know of a good virus scanner?
for emails (using procmail preferably) and for scanning the system.
_________________
http://www.mooktakim.com
Athlon XP 2001, Giga-Byte GA-7VRXP MB, 640Mb DDR RAM 333MHz, MSI Geforce 4800SE 128Mb DDR, 40x12x48 Liteon CDRW drive, Flower Cooler, ADSL Router |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
