| View previous topic :: View next topic |
| Author |
Message |
Jijua
n00b
Joined: 26 Dec 2004
Posts: 30
Location: Milan, Italy
|
 Posted: Thu Nov 24, 2005 11:06 am Post subject: Guarddog e Iptables [RISOLTO] |
 |
|
Ciao a tutti!
Vorrei configurare delle regole firewall via Guarddog, ma quando tento di applicare (da root) le impostazioni ottengo:
| Code: | FATAL: Module ip_tables not found.
iptables v1.3.2: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. |
Ho compilato il kernel in modo che il packet filtering sia abilitato (non come modulo). Cosa devo fare?
Attendo delucidazioni 
CIAO
_________________
"Do you really think that the Moon exists just because we look at it?" - A. Einstein ad A. Pais
Last edited by Jijua on Sun Nov 27, 2005 11:31 am; edited 1 time in total |
|
| Back to top |
|
 |
makoomba
Bodhisattva
Joined: 03 Jun 2004
Posts: 1856
|
| Posted: Thu Nov 24, 2005 11:34 am Post subject: |
|
|
posta
| Code: | | gzcat /proc/config.gz | egrep 'IP_NF|IPTABLES' |
|
|
| Back to top |
|
|
Jijua
n00b
Joined: 26 Dec 2004
Posts: 30
Location: Milan, Italy
|
| Posted: Thu Nov 24, 2005 11:41 am Post subject: |
|
|
Ecco l'output del comando:
| Code: | $ gzcat /proc/config.gz | egrep 'IP_NF|IPTABLES'
# CONFIG_IP_NF_CONNTRACK is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_QUEUE is not set
# CONFIG_IP_NF_IPTABLES is not set
# CONFIG_IP_NF_ARPTABLES is not set
|
_________________
"Do you really think that the Moon exists just because we look at it?" - A. Einstein ad A. Pais |
|
| Back to top |
|
|
makoomba
Bodhisattva
Joined: 03 Jun 2004
Posts: 1856
|
| Posted: Thu Nov 24, 2005 11:48 am Post subject: |
|
|
| Code: | | CONFIG_IP_NF_IPTABLES is not set |
non hai abilitato il supporto ad iptables, devi riconfigurare il kernel |
|
| Back to top |
|
|
Jijua
n00b
Joined: 26 Dec 2004
Posts: 30
Location: Milan, Italy
|
| Posted: Thu Nov 24, 2005 12:30 pm Post subject: |
|
|
Hai ragione, sto ricompilando... 
Poi ci riprovo e faccio sapere se è ok!
_________________
"Do you really think that the Moon exists just because we look at it?" - A. Einstein ad A. Pais |
|
| Back to top |
|
|
Jijua
n00b
Joined: 26 Dec 2004
Posts: 30
Location: Milan, Italy
|
| Posted: Thu Nov 24, 2005 12:52 pm Post subject: |
|
|
Dunque, ho abilitato quello che mi hai detto:
| Code: | $ gzcat /proc/config.gz | egrep 'IP_NF|IPTABLES'
# CONFIG_IP_NF_CONNTRACK is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_LIMIT is not set
# CONFIG_IP_NF_MATCH_IPRANGE is not set
# CONFIG_IP_NF_MATCH_MAC is not set
# CONFIG_IP_NF_MATCH_PKTTYPE is not set
# CONFIG_IP_NF_MATCH_MARK is not set
# CONFIG_IP_NF_MATCH_MULTIPORT is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_RECENT is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_DSCP is not set
# CONFIG_IP_NF_MATCH_AH_ESP is not set
# CONFIG_IP_NF_MATCH_LENGTH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
# CONFIG_IP_NF_MATCH_TCPMSS is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
# CONFIG_IP_NF_FILTER is not set
# CONFIG_IP_NF_TARGET_LOG is not set
# CONFIG_IP_NF_TARGET_ULOG is not set
# CONFIG_IP_NF_TARGET_TCPMSS is not set
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set
|
ed ora ottengo il seguente messaggio da Guarddog:
| Code: | FATAL: Module ip_tables not found.
iptables v1.3.2: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. |
Cosa mi manca da fare?
_________________
"Do you really think that the Moon exists just because we look at it?" - A. Einstein ad A. Pais |
|
| Back to top |
|
|
makoomba
Bodhisattva
Joined: 03 Jun 2004
Posts: 1856
|
| Posted: Thu Nov 24, 2005 1:28 pm Post subject: |
|
|
| Code: | | CONFIG_IP_NF_FILTER |
non essere troppo "parsimonioso", abilita un pò di opzioni (come moduli)
altrimenti devi ricompilare il kernel ogni volta |
|
| Back to top |
|
|
Jijua
n00b
Joined: 26 Dec 2004
Posts: 30
Location: Milan, Italy
|
| Posted: Sun Nov 27, 2005 11:30 am Post subject: |
|
|
Beh, non è questione di essere parsimonioso, è solo che se li abilito come moduli poi non so come ricavare i loro nomi per poterli caricare quando mi è necessario 
So che con un
dovrei ricavare la lista, ma poi come li collego alle voci che ho abilitato nel kernel? Dal solo nome?
Detto questo, ora credo di aver abilitato tutto quello che serve sotto packet filtering e tutto funziona alla grande!!
Posso usare Guarddog per editare le regole firewall e come da grc.com ora ho tutte le porte stealthed.
Grazie mille!!
_________________
"Do you really think that the Moon exists just because we look at it?" - A. Einstein ad A. Pais |
|
| Back to top |
|
|
Luca89
Advocate
Joined: 27 Apr 2005
Posts: 2107
Location: Agrigento (Italy)
|
| Posted: Sun Nov 27, 2005 11:37 am Post subject: |
|
|
| Quote: | Detto questo, ora credo di aver abilitato tutto quello che serve sotto packet filtering e tutto funziona alla grande!!
Posso usare Guarddog per editare le regole firewall e come da grc.com ora ho tutte le porte stealthed.
Grazie mille!! |
Faresti meglio a specificare quali moduli hai inserito, così chi in futuro avrà lo stesso tuo problema potrà risolvere più facilmente. Per quanto riguarda i moduli navigando con menuconfig l'help che ti spiega a cosa serve un determinato modulo ti dice anche come verrà chiamato.
_________________
Running Fast! |
|
| Back to top |
|
|
Jijua
n00b
Joined: 26 Dec 2004
Posts: 30
Location: Milan, Italy
|
| Posted: Sun Nov 27, 2005 11:42 am Post subject: |
|
|
Posto qui per futuro (anche mio) utilizzo:
| Code: | # gzcat /proc/config.gz | egrep 'IP_NF|IPTABLES'
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CT_PROTO_SCTP=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
CONFIG_IP_NF_TFTP=y
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
# CONFIG_IP_NF_MATCH_TOS is not set
CONFIG_IP_NF_MATCH_RECENT=y
# CONFIG_IP_NF_MATCH_ECN is not set
CONFIG_IP_NF_MATCH_DSCP=y
# CONFIG_IP_NF_MATCH_AH_ESP is not set
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_MATCH_REALM=y
CONFIG_IP_NF_MATCH_SCTP=y
CONFIG_IP_NF_MATCH_COMMENT=y
CONFIG_IP_NF_MATCH_CONNMARK=y
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
# CONFIG_IP_NF_TARGET_ULOG is not set
CONFIG_IP_NF_TARGET_TCPMSS=y
# CONFIG_IP_NF_NAT is not set
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
CONFIG_IP_NF_RAW=y
CONFIG_IP_NF_TARGET_NOTRACK=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
# CONFIG_IP_NF_ARP_MANGLE is not set
|
CIAO
_________________
"Do you really think that the Moon exists just because we look at it?" - A. Einstein ad A. Pais |
|
| Back to top |
|
|
|
Forum italiano (Italian) 
