View previous topic :: View next topic |
Author |
Message |
bulki Guru
Joined: 25 Nov 2004 Posts: 529 Location: SiliconValley
|
Posted: Sun Apr 03, 2005 12:18 pm Post subject: [Shorewall] IPtable error... oublié qqch dans le kernel ? |
|
|
yop,
j'ai voulu installer shorewall comme firewall, j'ai une erreur qui se fait:
Code: | /etc/init.d/shorewall start
* Starting firewall ...
Warning: Zone loc is empty
Warning: Zone dmz is empty
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
/etc/init.d/shorewall: line 13: 8841 Terminated /sbin/shorewall start >/dev/ [ !! ]
|
Comme il trouve pas le module, je me dis que j'ai dû oublier de le mettre dans le kernel.
De plus:
Code: |
# modprobe ip_tables
FATAL: Module ip_tables not found.
|
Voila ce que j'ai dans mon kernel:
Quote: | # grep -i net .config
# Networking support
CONFIG_NET=y
# Networking options
# CONFIG_NETLINK_DEV is not set
# CONFIG_NET_KEY is not set
CONFIG_INET=y
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
# CONFIG_INET_TUNNEL is not set
# CONFIG_NETFILTER is not set
# CONFIG_DECNET is not set
# CONFIG_NET_DIVERT is not set
# CONFIG_ECONET is not set
# CONFIG_NET_SCHED is not set
# CONFIG_NET_CLS_ROUTE is not set
# Network testing
# CONFIG_NET_PKTGEN is not set
# CONFIG_NETPOLL is not set
# CONFIG_NET_POLL_CONTROLLER is not set
# CONFIG_IRNET is not set
CONFIG_NETDEVICES=y
# CONFIG_NET_SB1000 is not set
# ARCnet devices
# CONFIG_ARCNET is not set
# Ethernet (10 or 100Mbit)
CONFIG_NET_ETHERNET=y
# CONFIG_NET_VENDOR_3COM is not set
# CONFIG_NET_VENDOR_SMC is not set
# CONFIG_NET_VENDOR_RACAL is not set
# Tulip family network device support
CONFIG_NET_TULIP=y
# CONFIG_NET_ISA is not set
# CONFIG_NET_PCI is not set
# CONFIG_NET_POCKET is not set
# Ethernet (1000 Mbit)
# Ethernet (10000 Mbit)
CONFIG_NET_RADIO=y
# CONFIG_PCMCIA_NETWAVE is not set
CONFIG_NET_WIRELESS=y
# PCMCIA network device support
CONFIG_NET_PCMCIA=y
# CONFIG_PCMCIA_PCNET is not set
# CONFIG_PCMCIA_AXNET is not set
# CONFIG_NET_FC is not set
# CONFIG_NETCONSOLE is not set
# USB Network Adapters
# CONFIG_USB_USBNET is not set
# Network File Systems
|
Un tit coup de main svp
Thx |
|
Back to top |
|
|
manu.acl Guru
Joined: 29 Jan 2005 Posts: 426 Location: Paris
|
Posted: Sun Apr 03, 2005 1:14 pm Post subject: |
|
|
moi j'ai ça :
Code: | # lsmod
Module Size Used by
ipt_MASQUERADE 2944 1
iptable_mangle 2432 0
ipt_REJECT 5760 2
ipt_state 1664 97
iptable_filter 3200 1
ip_nat_ftp 4336 0
iptable_nat 22600 3 ipt_MASQUERADE,ip_nat_ftp
ip_tables 16896 6 ipt_MASQUERADE,iptable_mangle,ipt_REJECT,ipt_state,iptable_filter,iptable_nat
ip_conntrack_ftp 71472 1 ip_nat_ftp
ip_conntrack 40692 5 ipt_MASQUERADE,ipt_state,ip_nat_ftp,iptable_nat,ip_conntrack_ftp |
Pour ce qui est des modules à activer dans le kernel j'ai ça :
Code: | CONFIG_PACKET=m
CONFIG_NETFILTER=m
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_MATCH_MAC=m |
|
|
Back to top |
|
|
..::EmergE::.. n00b
Joined: 17 Feb 2005 Posts: 21
|
Posted: Sun Apr 03, 2005 1:20 pm Post subject: |
|
|
I. Déjà, t'as installé shorewall mais t'as certainement oublié de le configurer ...
Deux solutions:
1/ Tu édites les fichiers /etc/shorewall/policy, /etc/shorewall/rules, /etc/shorewall/interfaces ...
2/ Plus simple, tu dld lexemple one-interface.tgz (afin de ne rien avoir à configurer): http://www1.shorewall.net/pub/shorewall/Samples/
puis, tu décompresses l'archive tar -zxvf one-interface.tgz et tu fais cp interfaces/* /etc/shorewall
Attention! n'oublie pas de vérifier que le fichier /etc/shorewall/interfaces indique bien la bonne interface. Par exemple, pour une connexion pppoe, tu dois avoir:
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 detect norfc1918,...
Après avoir vérifié que ça fonctionne bien, tu peux lancer shorewall à chaque démarrage du pc en faisant:
rc-update add shorewall default
II. Corrige la configuration de ton kernel (en t'inspirant de l'emple ci-dessus, par exemple )
Last edited by ..::EmergE::.. on Sun Apr 03, 2005 1:24 pm; edited 1 time in total |
|
Back to top |
|
|
manu.acl Guru
Joined: 29 Jan 2005 Posts: 426 Location: Paris
|
Posted: Sun Apr 03, 2005 1:22 pm Post subject: |
|
|
Ça a l'air vachement compliqué pour installer shorewall
Pourquoi ne pas utiliser iptables directement dans un script shell ? |
|
Back to top |
|
|
..::EmergE::.. n00b
Joined: 17 Feb 2005 Posts: 21
|
Posted: Sun Apr 03, 2005 1:25 pm Post subject: |
|
|
manu.acl wrote: | Ça a l'air vachement compliqué pour installer shorewall
Pourquoi ne pas utiliser iptables directement dans un script shell ? |
Non, c'est très simple ... à condition d'avoir lu ça http://www.shorewall.net/standalone_fr.html |
|
Back to top |
|
|
manu.acl Guru
Joined: 29 Jan 2005 Posts: 426 Location: Paris
|
Posted: Sun Apr 03, 2005 2:20 pm Post subject: |
|
|
Si j'ai bien compris la configuration de shorewall se fait aussi dans un fichier texte ?
Pourquoi interfacer une syntaxe par une autre pour obtenir le même résultat ? |
|
Back to top |
|
|
..::EmergE::.. n00b
Joined: 17 Feb 2005 Posts: 21
|
Posted: Sun Apr 03, 2005 5:42 pm Post subject: |
|
|
manu.acl wrote: | Si j'ai bien compris la configuration de shorewall se fait aussi dans un fichier texte ?
Pourquoi interfacer une syntaxe par une autre pour obtenir le même résultat ? |
Je suis pas sûr de bien avoir compris ta question ...
Si mes souvenirs sont bons, il me semble que lorsque tu installes shorewall, il y a bien des fichiers de configuration mais, ils contiennent seulement des exemples ... ce qui est logique à mon sens vu qu'il y a des tas de manières d'utiliser un firewall ... Pour simplifier la vie de ceux qui ne veulent pas perdre leurs temps à essayer de le configurer par leurs propres moyens, il y a néanmoins la possibilité d'utiliser des configurations types, à chacun d'installer celle qui correspond au mieux à ses besoins. C'est ce que je lui ai proposé de faire en l'invitant à dld standalone, qui est la configuration qui convient à la majorité des utilisateurs "moyens" ... |
|
Back to top |
|
|
|