| View previous topic :: View next topic |
| Author |
Message |
potatoface
Guru
Joined: 18 Feb 2004
Posts: 542
Location: ::7F00:1
|
 Posted: Thu Feb 03, 2005 11:31 pm Post subject: IPKUNGFU ERROR at startup |
 |
|
hi,
i followed the gentoo linux home router guide to set up my machine as a router.
then i merged ipkungfu and edited the configuration files in /etc/ipkungfu/
when i start ipkungfu i get this
| Code: | * Starting ipkungfu...
/usr/sbin/ipkungfu: line 928: /proc/sys/net/ipv4/tcp_syncookies: No such file or directory
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name [ ok ] |
i dont know where to enable tcp_syncookies in my kernel config.
my /etc/ipkungfu/ipkungfu.conf looks like this:
| Code: | # Please read the README and FAQ for more information
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
EXT_NET="eth0"
#EXT_NET="eth1"
#EXT_NET="ppp0"
#INT_NET="eth0"
INT_NET="eth1"
#INT_NET="lo"
LOCAL_NET="192.168.0.0/255.255.255.0"
GATEWAY=1
ALLOWED_TCP_IN="21 22"
ALLOWED_UDP_IN=""
FORBIDDEN_PORTS="135 137 139"
BLOCK_PINGS=0
#SUSPECT="REJECT"
SUSPECT="DROP"
#KNOWN_BAD="REJECT"
KNOWN_BAD="DROP"
#PORT_SCAN="REJECT"
PORT_SCAN="DROP"
#GET_IP="NONE"
#GET_IP="AUTO"
GET_IP="62.178.76.140"
DONT_DROP_IDENTD=0
DISALLOW_PRIVATE=1
WAIT_SECONDS=0
FAILSAFE=0 |
any suggestions? 
_________________
The generation of random numbers is too important to be left to chance.
Adopt an unanswered post. |
|
| Back to top |
|
 |
nightblade
Guru
Joined: 20 Jul 2004
Posts: 368
Location: back from SE Asia
|
| Posted: Fri Feb 04, 2005 12:03 am Post subject: |
|
|
Never used ipkungfu, so I don't know what chain/rule it is looking for. However, the tcp_syncookies error is probably due to missing kernel support. Check that you have it enabled (Device Drivers -> Networking support -> Networking Options -> TCP Syncookies support).
_________________
In God we trust. All the others must provide a valid X.509 certificate |
|
| Back to top |
|
|
potatoface
Guru
Joined: 18 Feb 2004
Posts: 542
Location: ::7F00:1
|
| Posted: Fri Feb 04, 2005 12:05 am Post subject: |
|
|
i just found it, thanks nightblade
_________________
The generation of random numbers is too important to be left to chance.
Adopt an unanswered post. |
|
| Back to top |
|
|
potatoface
Guru
Joined: 18 Feb 2004
Posts: 542
Location: ::7F00:1
|
| Posted: Fri Feb 04, 2005 12:40 am Post subject: |
|
|
maybe these outputs help someone
cat /proc/net/ip_tables_names
cat /proc/net/ip_tables_matches
| Code: | comment
addrtype
realm
tcpmss
conntrack
state
ttl
length
esp
ah
dscp
ecn
recent
tos
owner
multiport
pkttype
iprange
mac
mark
sctp
hashlimit
limit
helper
tcp
udp
icmp |
_________________
The generation of random numbers is too important to be left to chance.
Adopt an unanswered post. |
|
| Back to top |
|
|
nightblade
Guru
Joined: 20 Jul 2004
Posts: 368
Location: back from SE Asia
|
| Posted: Fri Feb 04, 2005 2:12 pm Post subject: |
|
|
I had a very quick look to ipkungfu sources. Have you tried to insert some "echoes" in the main script in order to figure out exactly which rules trigger the error messages ?
_________________
In God we trust. All the others must provide a valid X.509 certificate |
|
| Back to top |
|
|
|
Networking & Security
