Hello I''m using Shorewall 4.4.5.4 on Ubuntu 9.10 with installed xtables-addons by apt. iptables -m ipp2p -h shows ipp2p options, but "shorewall show (-f) capabilities": prints: IPP2P match NOT Available. old IPP2P match not available This problem isn''t in Shorewall itself because I can''t add for example following rule: iptables -t mangle -A PREROUTING -m ipp2p --gnu -j MARK --set-mark 2. No chains/target/match by that name. My kernel is default from Ubuntu 9.10 distro. regard Mirek ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On Wed, 30 Dec 2009 12:29:31 +0100 Mirek Sobczak <miso@sic.pl> wrote:> Hello > I''m using Shorewall 4.4.5.4 on Ubuntu 9.10 with installed > xtables-addons by apt. > iptables -m ipp2p -h shows ipp2p options, but "shorewall show (-f) > capabilities": > prints: IPP2P match NOT Available. old IPP2P match not available > > > This problem isn''t in Shorewall itself because I can''t add for > example following rule: > iptables -t mangle -A PREROUTING -m ipp2p --gnu -j MARK --set-mark 2. > No chains/target/match by that name. > > My kernel is default from Ubuntu 9.10 distro.I assume that your iptables addons are in /usr/local? If so, have you set your PATH (or the IPTABLES option) to point to your private copy of the code? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On Wed, 30 Dec 2009 07:59:24 -0800 Tom Eastep <teastep@shorewall.net> wrote:> On Wed, 30 Dec 2009 12:29:31 +0100 > Mirek Sobczak <miso@sic.pl> wrote: > > > Hello > > I''m using Shorewall 4.4.5.4 on Ubuntu 9.10 with installed > > xtables-addons by apt. > > iptables -m ipp2p -h shows ipp2p options, but "shorewall show (-f) > > capabilities": > > prints: IPP2P match NOT Available. old IPP2P match not available > > > > > > This problem isn''t in Shorewall itself because I can''t add for > > example following rule: > > iptables -t mangle -A PREROUTING -m ipp2p --gnu -j MARK --set-mark > > 2. No chains/target/match by that name. > > > > My kernel is default from Ubuntu 9.10 distro. > > I assume that your iptables addons are in /usr/local? If so, have you > set your PATH (or the IPTABLES option) to point to your private copy > of the code? >I spent some time trying to install xtables-addons by apt and failed. The build first failed because I didn''t have ''quilt'' installed. After I installed that, the xt_DELUDE module failed to compile: /usr/src/modules/xtables-addons/extensions/xt_DELUDE.c: In function ‘delude_send_reset’: /usr/src/modules/xtables-addons/extensions/xt_DELUDE.c:122: error: ‘struct sk_buff’ has no member named ‘dst’ /usr/src/modules/xtables-addons/extensions/xt_DELUDE.c:123: error: ‘struct sk_buff’ has no member named ‘dst’ ... So it looks like the current xtables-addons-source package is not compatible with the current kernel. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On Wed, 30 Dec 2009 12:37:01 -0800 Tom Eastep <teastep@shorewall.net> wrote:> I spent some time trying to install xtables-addons by apt and failed. > The build first failed because I didn''t have ''quilt'' installed. After > I installed that, the xt_DELUDE module failed to compile: > > /usr/src/modules/xtables-addons/extensions/xt_DELUDE.c: In function > ‘delude_send_reset’: > /usr/src/modules/xtables-addons/extensions/xt_DELUDE.c:122: error: > ‘struct sk_buff’ has no member named ‘dst’ > /usr/src/modules/xtables-addons/extensions/xt_DELUDE.c:123: error: > ‘struct sk_buff’ has no member named ‘dst’ > ... > > So it looks like the current xtables-addons-source package is not > compatible with the current kernel.BTW, I was following the instructions to run this command: module-assistant auto-install xtables-addons-source -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On Wed, 30 Dec 2009 12:45:29 -0800 Tom Eastep <teastep@shorewall.net> wrote:> On Wed, 30 Dec 2009 12:37:01 -0800 > Tom Eastep <teastep@shorewall.net> wrote: > > > > I spent some time trying to install xtables-addons by apt and > > failed. The build first failed because I didn''t have ''quilt'' > > installed. After I installed that, the xt_DELUDE module failed to > > compile: > > > > /usr/src/modules/xtables-addons/extensions/xt_DELUDE.c: In function > > ‘delude_send_reset’: > > /usr/src/modules/xtables-addons/extensions/xt_DELUDE.c:122: error: > > ‘struct sk_buff’ has no member named ‘dst’ > > /usr/src/modules/xtables-addons/extensions/xt_DELUDE.c:123: error: > > ‘struct sk_buff’ has no member named ‘dst’ > > ... > > > > So it looks like the current xtables-addons-source package is not > > compatible with the current kernel. > > BTW, I was following the instructions to run this command: > > module-assistant auto-install xtables-addons-source >I then followed the instructions found here: http://linuxtechie.wordpress.com/category/ubuntulinux/ Now: Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Extended Connection Tracking Match Support: Available Old Connection Tracking Match Syntax: Not available Packet Type Match: Available Policy Match: Available Physdev Match: Available Physdev-is-bridged Support: Available Packet length Match: Available IP range Match: Available Recent Match: Available Owner Match: Available Ipset Match: Available CONNMARK Target: Available Extended CONNMARK Target: Available Connmark Match: Available Extended Connmark Match: Available Raw Table: Available IPP2P Match: Available <============================== Old IPP2P Match Syntax: Not available CLASSIFY Target: Available Extended REJECT: Available Repeat match: Available MARK Target: Available Extended MARK Target: Available Mangle FORWARD Chain: Available Comments: Available Address Type Match: Available TCPMSS Match: Available Hashlimit Match: Available Old Hashlimit Match: Not available NFQUEUE Target: Available Realm Match: Available Helper Match: Available Connlimit Match: Available Time Match: Available Goto Support: Available LOGMARK Target: Available IPMARK Target: Available LOG Target: Available Persistent SNAT: Available root@tipper:~# -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Użytkownik Tom Eastep napisał: I then followed the instructions found here: http://linuxtechie.wordpress.com/category/ubuntulinux/ Now: Shorewall has detected the following iptables/netfilter capabilities: IPP2P Match: Available <============================== root@tipper:~# -Tom Thank You for replay and your time for finding solution. I will write when my shorewall will find out ipp2p. With regards and all the Best in New Year Mirek --===============8908746981254935772=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev --===============8908746981254935772=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline