I have configured Shoreline as a simple 2 port bridge. A number of my options
are as follows:
Zone Type Options:
fw firewall
world ipv4
net:world bport
loc bport
Zone Interfaces:
world br0 detect bridge
net br0:eth0 (this is my line 12)
loc br0:eth1
My error is:
ERROR: Bridge Ports require Repeat match in your kernel and iptables :
/etc/shorewall/interfaces (line 12)
Can anyone help me with this error?
Thanks
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
John Bull wrote:> I have configured Shoreline as a simple 2 port bridge. A number of my > options are as follows: > > Zone Type Options: > fw firewall > world ipv4 > net:world bport > loc bport > > Zone Interfaces: > world br0 detect bridge > net br0:eth0 (this is my line 12) > loc br0:eth1 > > My error is: > ERROR: Bridge Ports require Repeat match in your kernel and iptables : > /etc/shorewall/interfaces (line 12) >It looks like the error is telling you you need "Repeat match" in your kernel. If I am reading what your error above says. This means you need to get somethings for your kernel and without more information, like is this your own compiled version of the kernel or system kernel no other help can be given. Just get "Repeat match" in your kernel i.e. make sure it is loaded or compiled in.> Can anyone help me with this error? > Thanks > > > > > > > >------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
John Bull wrote:> I have configured Shoreline as a simple 2 port bridge. A number of my > options are as follows: > > Zone Type Options: > fw firewall > world ipv4 > net:world bport > loc bport > > Zone Interfaces: > world br0 detect bridge > net br0:eth0 (this is my line 12) > loc br0:eth1 > > My error is: > ERROR: Bridge Ports require Repeat match in your kernel and iptables : > /etc/shorewall/interfaces (line 12) >BTW, why are you bridging the "Internet" and your "local" traffic together? Is this just a bridge and no firewall? If that is the case you don''t really even need shorewall just put together a bridge and be done with it.> Can anyone help me with this error? > Thanks > > > > >------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
John Bull wrote:> I have configured Shoreline as a simple 2 port bridge. A number of my > options are as follows: > > Zone Type Options: > fw firewall > world ipv4 > net:world bport > loc bport > > Zone Interfaces: > world br0 detect bridge > net br0:eth0 (this is my line 12) > loc br0:eth1 > > My error is: > ERROR: Bridge Ports require Repeat match in your kernel and iptables : > /etc/shorewall/interfaces (line 12) > > Can anyone help me with this error?Your iptables isn''t recent enough to support the new bridge code. "Repeat match" really isn''t a ''match'' in the usual sense but is a capability in recent iptables releases that allows the same match to be repeated multiple times in a command. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Philip, I will be doing some layer 3 stuff as well. I would like to recompile my 2.6.24.2 kernel with Repeat match but can not find it in Networking. Am I looking in the right place? Please help one more time! Thanks, John ----- Original Message ---- From: Philip S. Hempel <pshempel@linuxhardcore.com> To: Shorewall Users <shorewall-users@lists.sourceforge.net> Sent: Friday, February 22, 2008 3:15:03 AM Subject: Re: [Shorewall-users] Bridge Shorewall Ver 4.0.8 John Bull wrote:>I have configured Shoreline as a simple 2 port bridge. A number of my>options are as follows:> >Zone Type Options:>fw firewall>world ipv4>net:world bport>loc bport> >Zone Interfaces:>world br0 detect bridge>net br0:eth0 (this is my line 12)>loc br0:eth1> >My error is:>ERROR: Bridge Ports require Repeat match in your kernel and iptables :>/etc/shorewall/interfaces (line 12)>BTW, why are you bridging the "Internet" and your "local" traffic together? Is this just a bridge and no firewall? If that is the case you don''t really even need shorewall just put together a bridge and be done with it.>Can anyone help me with this error?>Thanks> > > > >------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
John Bull wrote:> Philip, > > I will be doing some layer 3 stuff as well. > > I would like to recompile my 2.6.24.2 kernel with Repeat match but can > not find it in Networking. Am I looking in the right place? Please > help one more time! >You need to upgrade your iptables. Please see my post earlier today about ''Repeat match''. -Tom PS -- Shorewall 4.0.9 will have a less misleading error message. -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/