Gentoo Forums :: View topic - another shorewall setup problem

another shorewall setup problem

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

m@o
Apprentice

Joined: 25 Nov 2003
Posts: 184
Location: /eu/at/grz

Posted: Fri Oct 27, 2006 10:34 pm Post subject: another shorewall setup problem

hello!

has been two years since my last successful setup of shorewall this was version 2.0 then...
now we have 3.0 and i just can't port it to the other machine.

i have the following problem: it seems that iptables do not work properly...

thats what i get

Code:

# shorewall start
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Not available
Packet Type Match: Not available
Policy Match: Not available
Physdev Match: Not available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Available
CLASSIFY Target: Not available
Determining Zones...
IPv4 Zones: net
Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
WARNING: Zone net is empty
Processing /etc/shorewall/init ...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Pre-processing /usr/share/shorewall/action.Reject...
Pre-processing /usr/share/shorewall/action.Limit...
Deleting user chains...
iptables: No chain/target/match by that name
ERROR: Command "/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT" Failed
Processing /etc/shorewall/stop ...
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
IP Forwarding Enabled

then the connection to my remote host is cut... since i did

Code:

# sleep 100 && reboot

this is not big a deal.

but my firewall does not work yet...

here some output...

shorewall check:

Code:

# shorewall check
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Not available
Packet Type Match: Not available
Policy Match: Not available
Physdev Match: Not available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Available
CLASSIFY Target: Not available
Verifying Configuration...
Determining Zones...
IPv4_Zones: net
Firewall Zone: fw
Setting up IPSEC...
Validating interfaces file...
Validating hosts file...
Determining Hosts in Zones...
WARNING: Zone net is empty
Validating policy file...
Policy for fw to net is ACCEPT using chain fw2net
Policy for net to fw is DROP using chain net2all
Checking Black List...
Validating Proxy ARP
Validating NAT...
Pre-validating Actions...
Pre-processing /usr/share/shorewall/action.Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.SMB...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
..End Macro
Pre-processing /usr/share/shorewall/action.Reject...
Pre-processing /usr/share/shorewall/action.Limit...
Validating rules file...
Rule "ACCEPT fw net tcp 20 " checked.
Rule "ACCEPT net fw tcp 20 " checked.
Rule "ACCEPT fw net udp 20 " checked.
Rule "ACCEPT net fw udp 20 " checked.
Rule "ACCEPT fw net udp 21 " checked.
Rule "ACCEPT net fw udp 21 " checked.
Rule "ACCEPT fw net tcp 21 " checked.
Rule "ACCEPT net fw tcp 21 " checked.
Rule "ACCEPT fw net tcp 22 " checked.
Rule "ACCEPT net fw tcp 22 " checked.
Rule "ACCEPT net fw tcp 25 " checked.
Rule "ACCEPT fw net tcp 25 " checked.
Rule "ACCEPT net fw udp 53 " checked.
Rule "ACCEPT fw net udp 53 " checked.
Rule "ACCEPT net fw tcp 80 " checked.
Rule "ACCEPT fw net tcp 80 " checked.
Rule "ACCEPT net fw tcp 89 " checked.
Rule "ACCEPT fw net tcp 89 " checked.
Rule "ACCEPT net fw tcp 110 " checked.
Rule "ACCEPT fw net tcp 110 " checked.
Rule "ACCEPT net fw udp 123 " checked.
Rule "ACCEPT fw net udp 123 " checked.
Rule "ACCEPT net fw tcp 443 " checked.
Rule "ACCEPT net fw tcp 873 " checked.
Rule "ACCEPT fw fw tcp 3306 " checked.
Rule "ACCEPT net fw tcp 5222 " checked.
Rule "ACCEPT fw net tcp 5222 " checked.
Rule "ACCEPT net fw tcp 5223 " checked.
Rule "ACCEPT fw net tcp 5223 " checked.
Rule "ACCEPT net fw tcp 5269 " checked.
Rule "ACCEPT fw net tcp 5269 " checked.
Rule "ACCEPT net fw tcp 8080 " checked.
Rule "ACCEPT fw net tcp 8080 " checked.
Rule "ACCEPT net fw tcp 10000 " checked.
Rule "ACCEPT fw net tcp 10000 " checked.
Rule "ACCEPT net fw icmp 1 " checked.
Rule "ACCEPT fw net icmp 1 " checked.
Rule "ACCEPT net fw icmp 8 " checked.
Rule "ACCEPT fw net icmp 8 " checked.
Validating Actions...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Drop for Chain Drop...
..Expanding Macro /usr/share/shorewall/macro.Auth...
Rule "REJECT - - tcp 113 - -" checked.
..End Macro
Rule "dropBcast " checked.
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Rule "ACCEPT - - icmp fragmentation-needed - -" checked.
Rule "ACCEPT - - icmp time-exceeded - -" checked.
..End Macro
Rule "dropInvalid " checked.
..Expanding Macro /usr/share/shorewall/macro.SMB...
Rule "DROP - - udp 135,445 - -" checked.
Rule "DROP - - udp 137:139 - -" checked.
Rule "DROP - - udp 1024: 137 -" checked.
Rule "DROP - - tcp 135,139,445 - -" checked.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Rule "DROP - - udp 1900 - -" checked.
..End Macro
Rule "dropNotSyn - - tcp " checked.
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Rule "DROP - - udp - 53 -" checked.
..End Macro
Processing /usr/share/shorewall/action.Reject for Chain Reject...
..Expanding Macro /usr/share/shorewall/macro.Auth...
Rule "REJECT - - tcp 113 - -" checked.
..End Macro
Rule "dropBcast " checked.
..Expanding Macro /usr/share/shorewall/macro.AllowICMPs...
Rule "ACCEPT - - icmp fragmentation-needed - -" checked.
Rule "ACCEPT - - icmp time-exceeded - -" checked.
..End Macro
Rule "dropInvalid " checked.
..Expanding Macro /usr/share/shorewall/macro.SMB...
Rule "REJECT - - udp 135,445 - -" checked.
Rule "REJECT - - udp 137:139 - -" checked.
Rule "REJECT - - udp 1024: 137 -" checked.
Rule "REJECT - - tcp 135,139,445 - -" checked.
..End Macro
..Expanding Macro /usr/share/shorewall/macro.DropUPnP...
Rule "DROP - - udp 1900 - -" checked.
..End Macro
Rule "dropNotSyn - - tcp " checked.
..Expanding Macro /usr/share/shorewall/macro.DropDNSrep...
Rule "DROP - - udp - 53 -" checked.
..End Macro
Masqueraded Networks and Hosts:
Validating /etc/shorewall/tcdevices...
Validating /etc/shorewall/tcclasses...
Configuration Validated

Notice: The 'check' command is provided to catch
obvious errors in a Shorewall configuration.
It is not designed to catch all possible errors
so please don't submit problem reports about
error conditions that 'check' doesn't find

iptables -L

Code:

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

does anyone has a clue what

Code:

iptables: No chain/target/match by that name
ERROR: Command "/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT" Failed
Processing /etc/shorewall/stop ...
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name

means?

thanx for help
m@o

m@o
Apprentice

Joined: 25 Nov 2003
Posts: 184
Location: /eu/at/grz

Posted: Sat Oct 28, 2006 10:55 am Post subject:

problem solved...

was a simple

Code:

ERROR: user iq underflow...

greetz
m@o

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy