Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] pb with shorewall
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
manouchk
Apprentice
Apprentice


Joined: 08 May 2006
Posts: 288
Location: Vitória (ES), Brasil

PostPosted: Thu Jun 08, 2006 1:29 pm    Post subject: [solved] pb with shorewall Reply with quote

I'm configuring my firewall, I choosed to use shorewall. After doing a reasonnably simple configuration to shorewall, I run
# /etc/init.d/shorewall start
* Starting firewall ...
ERROR: Traffic Shaping requires mangle support in your kernel and iptables
/etc/init.d/shorewall: line 14: 25814 Complété /sbin/shorewall start >/dev [ !! ]


How do I had mangle support to kernel and iptables?


Last edited by manouchk on Wed Jun 14, 2006 12:05 pm; edited 3 times in total
Back to top
View user's profile Send private message
manouchk
Apprentice
Apprentice


Joined: 08 May 2006
Posts: 288
Location: Vitória (ES), Brasil

PostPosted: Thu Jun 08, 2006 1:39 pm    Post subject: Reply with quote

I've seen now same problem here :
https://forums.gentoo.org/viewtopic-t-308153-postdays-0-postorder-asc-start-50.html

but

my kernel is linux-2.6.16-suspend2-r4
and cat .config|grep MANGLE doesn't find anything?

so what should I do??
Back to top
View user's profile Send private message
manouchk
Apprentice
Apprentice


Joined: 08 May 2006
Posts: 288
Location: Vitória (ES), Brasil

PostPosted: Tue Jun 13, 2006 12:50 pm    Post subject: Reply with quote

well, I found that mangle should be in IP: Netfilter Configuration.

in my Kernel v2.6.16-suspend2-r4 I found netfilter there :
Code:

Networking  --->
      Networking options  --->
            [*] Network packet filtering (replaces ipchains)  --->
                  IP: Netfilter Configuration  --->



and in IP: Netfilter Configuration I found :
Code:

<*> Connection tracking (required for masq/NAT)           
[*]   Connection tracking flow accounting                                           
[ ]   Connection mark tracking support                                             
[ ]   Connection tracking events (EXPERIMENTAL)                                     
<*>   SCTP protocol connection tracking support (EXPERIMENTAL)                       
<*>   FTP protocol support                                                           
<*>   IRC protocol support                                                           
< >   NetBIOS name service protocol support (EXPERIMENTAL)                           
<*>   TFTP protocol support                                                         
< >   Amanda backup protocol support                                                 
<*>   PPTP protocol support                                                         
< > IP Userspace queueing via NETLINK (OBSOLETE) 


I don't find mangle stuff. Where is that?? Maybe I could install a simpler firewall?
Back to top
View user's profile Send private message
himpierre
l33t
l33t


Joined: 31 Aug 2002
Posts: 863
Location: Berlin

PostPosted: Tue Jun 13, 2006 1:51 pm    Post subject: Reply with quote

Code:

Symbol: IP_NF_MANGLE [=n]                                                                                               
            Prompt: Packet mangling                                                                                                 
                Defined at net/ipv4/netfilter/Kconfig:498                                                                             
                Depends on: NET && INET && NETFILTER && IP_NF_IPTABLES                                                                       

Location:                                                                                                             
      -> Networking                                                                                                       
         -> Networking support (NET [=y])                                                                                 
          -> Networking options                                                                                           
            -> Network packet filtering (replaces ipchains) (NETFILTER [=y])                                             
               -> IP: Netfilter Configuration                                                                             
                -> IP tables support (required for filtering/masq/NAT) (IP_NF_IPTABLES [=m])                             
Back to top
View user's profile Send private message
manouchk
Apprentice
Apprentice


Joined: 08 May 2006
Posts: 288
Location: Vitória (ES), Brasil

PostPosted: Tue Jun 13, 2006 1:58 pm    Post subject: Reply with quote

ok I found that I need to activate

Code:

<M> Netfilter Xtables support (required for ip_tables)


then the iptable stuff is not hidden anymore!! Well should be maybe in the shorewall wiki!!

Thank you himpierre

I'm trying now!
Back to top
View user's profile Send private message
manouchk
Apprentice
Apprentice


Joined: 08 May 2006
Posts: 288
Location: Vitória (ES), Brasil

PostPosted: Tue Jun 13, 2006 2:40 pm    Post subject: Reply with quote

Well, there is no mangle problem but now another one :

# /etc/init.d/shorewall start
* Starting firewall ...
FATAL: Module ip_tables not found.
iptables v1.3.4: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
ERROR: Command "/sbin/iptables -P INPUT DROP" Failed
FATAL: Module ip_tables not found.

iy I do :
# more .config|grep TABLE
CONFIG_CPU_FREQ_TABLE=y
CONFIG_X86_SPEEDSTEP_CENTRINO_TABLE=y
CONFIG_NETFILTER_XTABLES=y
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_ARPTABLES is not set

Did I forgot to include something in the kernel?
Back to top
View user's profile Send private message
manouchk
Apprentice
Apprentice


Joined: 08 May 2006
Posts: 288
Location: Vitória (ES), Brasil

PostPosted: Wed Jun 14, 2006 12:05 pm    Post subject: Reply with quote

OK, now I added all the iptable stuff and shorewall start well!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum