I''m trying to setup Shorewall 2.0.8 with the one-interface settings on
my LFS (kernel 2.6.5) system. I''ve read the troubleshooting guide,
recompiled my kernel with just about every netfilter/iptables module I
could find, but I''m still getting this error:
# tail /tmp/trace
+ prefix=Shorewall:smurfs:DROP:
+ ''['' 22 -gt 29 '']''
+ iptables -A smurfs -s 10.1.1.255 -j LOG --log-level info
--log-prefix Shorewall:smurfs:DROP:
iptables: No chain/target/match by that name
+ ''['' 1 -ne 0 '']''
+ ''['' -z '''' '']''
+ stop_firewall
+ ''['' -n /var/lib/shorewall/shorewall.xykwKq
'']''
+ rm -f /var/lib/shorewall/shorewall.xykwKq
+ set +x
# lsmod
Module Size Used by
ipt_SAME 2560 0
ipt_REJECT 5504 0
ipt_state 2176 2
ipt_multiport 2304 0
ipt_conntrack 2560 0
iptable_mangle 2688 0
ip_nat_irc 4080 0
ip_nat_tftp 3280 0
ip_nat_ftp 4720 0
iptable_nat 21156 4 ipt_SAME,ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack_irc 71060 1 ip_nat_irc
ip_conntrack_tftp 3476 0
ip_conntrack_ftp 71444 1 ip_nat_ftp
ip_conntrack 29088 10
ipt_SAME,ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp
iptable_filter 2816 1
ip_tables 16272 8
ipt_SAME,ipt_REJECT,ipt_state,ipt_multiport,ipt_conntrack,iptable_mangle,iptable_nat,iptable_filter
# ls /lib/modules/2.6.5/kernel/net/ipv4/netfilter/
ip_conntrack.ko ip_nat_ftp.ko ipt_MASQUERADE.ko ipt_SAME.ko
ipt_ecn.ko ipt_length.ko ipt_multiport.ko ipt_state.ko
iptable_filter.ko
ip_conntrack_ftp.ko ip_nat_irc.ko ipt_NETMAP.ko ipt_ah.ko
ipt_esp.ko ipt_limit.ko ipt_owner.ko ipt_tcpmss.ko
iptable_mangle.ko
ip_conntrack_irc.ko ip_nat_tftp.ko ipt_REDIRECT.ko
ipt_conntrack.ko ipt_helper.ko ipt_mac.ko ipt_pkttype.ko
ipt_tos.ko iptable_nat.ko
ip_conntrack_tftp.ko ip_tables.ko ipt_REJECT.ko ipt_dscp.ko
ipt_iprange.ko ipt_mark.ko ipt_recent.ko ipt_ttl.ko
Should one of these modules be loaded to solve the problem?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Troy Watson wrote:> I''m trying to setup Shorewall 2.0.8 with the one-interface settings on > my LFS (kernel 2.6.5) system. I''ve read the troubleshooting guide, > recompiled my kernel with just about every netfilter/iptables module I > could find, but I''m still getting this error: > > # tail /tmp/trace > + prefix=Shorewall:smurfs:DROP: > + ''['' 22 -gt 29 '']'' > + iptables -A smurfs -s 10.1.1.255 -j LOG --log-level info > --log-prefix Shorewall:smurfs:DROP: > iptables: No chain/target/match by that name > + ''['' 1 -ne 0 '']'' > + ''['' -z '''' '']'' > + stop_firewall > + ''['' -n /var/lib/shorewall/shorewall.xykwKq '']'' > + rm -f /var/lib/shorewall/shorewall.xykwKq > + set +xI''m going to need the rest of the trace to be able to help you. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBeRcGO/MAbZfjDLIRApceAJsE7Yb5fqOFRi/R6VQd2G0GoSAB8wCfQNfH lqr2jAWwL2ZsioiuuS4u8s0=zkqQ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Eastep wrote:> Troy Watson wrote: > >>>I''m trying to setup Shorewall 2.0.8 with the one-interface settings on >>>my LFS (kernel 2.6.5) system. I''ve read the troubleshooting guide, >>>recompiled my kernel with just about every netfilter/iptables module I >>>could find, but I''m still getting this error: >>> >>># tail /tmp/trace >>>+ prefix=Shorewall:smurfs:DROP: >>>+ ''['' 22 -gt 29 '']'' >>>+ iptables -A smurfs -s 10.1.1.255 -j LOG --log-level info >>>--log-prefix Shorewall:smurfs:DROP: >>>iptables: No chain/target/match by that name >>>+ ''['' 1 -ne 0 '']'' >>>+ ''['' -z '''' '']'' >>>+ stop_firewall >>>+ ''['' -n /var/lib/shorewall/shorewall.xykwKq '']'' >>>+ rm -f /var/lib/shorewall/shorewall.xykwKq >>>+ set +x > > > I''m going to need the rest of the trace to be able to help you. >Nevermind -- I just noticed that you are missing ipt_LOG.ko. You need to add "LOG target support" from the packet filtering menu when configuring your kernel. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBeRqCO/MAbZfjDLIRAoCNAKCoj4DiuUMLddPTLm+1ygztIFMs9wCfRjff Xq4/v4ZwigyJ8Mgp/lm+RV4=mrDe -----END PGP SIGNATURE-----
On Fri, 22 Oct 2004 07:34:42 -0700, Tom Eastep <teastep@shorewall.net> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tom Eastep wrote: > > Troy Watson wrote: > > > >>>I''m trying to setup Shorewall 2.0.8 with the one-interface settings on > >>>my LFS (kernel 2.6.5) system. I''ve read the troubleshooting guide, > >>>recompiled my kernel with just about every netfilter/iptables module I > >>>could find, but I''m still getting this error: > >>> > >>># tail /tmp/trace > >>>+ prefix=Shorewall:smurfs:DROP: > >>>+ ''['' 22 -gt 29 '']'' > >>>+ iptables -A smurfs -s 10.1.1.255 -j LOG --log-level info > >>>--log-prefix Shorewall:smurfs:DROP: > >>>iptables: No chain/target/match by that name > >>>+ ''['' 1 -ne 0 '']'' > >>>+ ''['' -z '''' '']'' > >>>+ stop_firewall > >>>+ ''['' -n /var/lib/shorewall/shorewall.xykwKq '']'' > >>>+ rm -f /var/lib/shorewall/shorewall.xykwKq > >>>+ set +x > > > > > > I''m going to need the rest of the trace to be able to help you. > > > > Nevermind -- I just noticed that you are missing ipt_LOG.ko. You need to > add "LOG target support" from the packet filtering menu when configuring > your kernel. >Thank you; solved the problem for me. Thanks also for creating such a great piece of software! ---- Troy