| View previous topic :: View next topic |
| Author |
Message |
castra
Tux's lil' helper
Joined: 12 Aug 2003
Posts: 86
|
 Posted: Sun Dec 28, 2003 12:16 am Post subject: Kernel 2.6 and Shorewall |
 |
|
I just installed/added kernel 2.6 vanilla and got problems with
Shorewall. I used shorewall with all my 2.2.x and 2.4.x but
with 2.6 I get following error/output when starting:
| Quote: |
shorewall start --> as root
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Not available
Determining Zones...
Zones: net
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: eth0:0.0.0.0/0
Processing /etc/shorewall/init ...
Deleting user chains...
iptables: No chain/target/match by that name
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/stopped ...
Terminated
|
Then all trafic is stoped and nothing comes inn or out.
After I do shorewall clear all is back to normal but no firewall at all.
And tryed even from /etc/init.d/shorewall start
and this is the output
| Quote: |
/etc/init.d/shorewall start
* Starting firewall...
iptables: No chain/target/match by that name
/sbin/runscript.sh: line 526: 13888 Terminated /sbin/shorewall start >/dev/null [ !! ]
|
I tryed 2 versions of iptables but none of them works with 2.6
Any ideas ?? |
|
| Back to top |
|
 |
arkhan_jg
Apprentice
Joined: 18 Mar 2003
Posts: 199
Location: Dorset, UK
|
| Posted: Sun Dec 28, 2003 12:37 am Post subject: |
|
|
| Quote: | | Connection Tracking Match: Not available |
My guess would be that you're missing at least some connection tracking support in your kernel.
device drivers/networking support/networking options/network packet filtering/netfilter configuration/"connection tracking"
and "ip tables support"
In my case, I have all the options there compiled in (hell, you never know, I might need them).
I'm using 2.6.0-gentoo with iptables-1.2.9, and shorewall 1.4.8.
HTH!
_________________
make menuconfig not war |
|
| Back to top |
|
|
ikaro
Advocate
Joined: 14 Jul 2003
Posts: 2527
Location: Denmark
|
| Posted: Sun Dec 28, 2003 7:22 am Post subject: |
|
|
I use shorewall too on 2.6.0-mm1, works as good as in 2.4.
I also have all the Net code enabled as modules, and let the firewall load those it needs.
| Code: |
# IP: Netfilter Configuration
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
# CONFIG_IP_NF_NAT_LOCAL is not set
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
|
_________________
linux: #232767 |
|
| Back to top |
|
|
castra
Tux's lil' helper
Joined: 12 Aug 2003
Posts: 86
|
| Posted: Sun Dec 28, 2003 5:37 pm Post subject: |
|
|
Yes guys, you where right !
It was something with the stuff that I chose in kernel.
Most of them has been build inn and I changed that to modules.
After that rebooted with new kernel and shorewall worked with out errors.
I had all the stuff from before but not as modules...ODD
Thanks for the help ! |
|
| Back to top |
|
|
|
Networking & Security
