Hello
I am trying to use shorewall 1.4.9 under Wisp-dist (release
2003-08-08 2624). My wisprouter will be the router between
192.168.100.0 (loc - eth0) and 192.168.1.0 (net - netcs0, an
orinoco wireless card - conected to an internet gateway).
The problem is that when I try to run shorewall, I get the
classic "iptables: No chain/target/match by that name" message
after checking /etc/shorewall/policy, and it does not start.
It seems that the problem is in the ''net2all'' chain (?).
Could someone help me?
Following are some informations:
#iptables -V
iptables v1.2.7a-20021209
#shorewall show
Shorewall-1.4.9 Chain at wisprouter - Thu May 6 13:59:22 UTC 2004
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
55 6270 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 * 192.168.100.0/24
0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 55 packets, 3564 bytes)
pkts bytes target prot opt in out source
destination
#shorewall status
Shorewall-1.4.9 Status at wisprouter - Thu May 6 13:59:40 UTC 2004
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
55 6270 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 * 192.168.100.0/24
0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 55 packets, 3564 bytes)
pkts bytes target prot opt in out source
destination
NAT Table
Chain PREROUTING (policy ACCEPT 2150 packets, 686K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 39 packets, 3236 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 39 packets, 3236 bytes)
pkts bytes target prot opt in out source
destination
Mangle Table
Chain PREROUTING (policy ACCEPT 2438 packets, 847K bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 288 packets, 161K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 261 packets, 16123 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 261 packets, 16123 bytes)
pkts bytes target prot opt in out source
destination
udp 17 81 src=192.168.1.11 dst=200.202.252.2 sport=1024 dport=53
src=200.202.252.2 dst=192.168.1.11 sport=53 dport=1024 [ASSURED]
use=1
#ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
qlen 100
link/ether 00:08:54:07:e4:a2 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 scope global eth0
4: netcs0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
qlen 100
link/ether 00:02:2d:17:ee:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.11/24 scope global netcs0
#ip route show
192.168.100.0/24 dev eth0 proto kernel scope link src
192.168.100.1
192.168.1.0/24 dev netcs0 proto kernel scope link src 192.168.1.11
default via 192.168.1.1 dev netcs
last lines of ''shorewall debug start 2>/tmp/trace''
+ [ -n ]
+ eval policy=$net2all_policy
+ policy=DROP
+ eval loglevel=$net2all_loglevel
+ loglevel=info
+ eval synparams=$net2all_synparams
+ synparams+ [ -n ]
+ havechain net2all
+ chain_base net2all
+ local c=net2all
+ true
+ echo net2all
+ return
+ local c=net2all
+ eval test "$exists_net2all" = Yes
+ test = Yes
+ createchain net2all yes
+ chain_base net2all
+ local c=net2all
+ true
+ echo net2all
+ return
+ local c=net2all
+ run_iptables -N net2all
+ iptables -N net2all
+ [ yes = yes ]
+ run_iptables -A net2all -m state --state ESTABLISHED,RELATED -j
ACCEPT
+ iptables -A net2all -m state --state ESTABLISHED,RELATED -j ACCEPT
+ [ -z Yes ]
+ eval exists_net2all=Yes
+ exists_net2all=Yes
+ policy_rules net2all DROP info
+ local target=DROP
+ run_iptables -A net2all -j common
+ iptables -A net2all -j common
+ [ 3 -eq 3 -a xinfo != x- ]
+ log_rule info net2all DROP
+ local level=info
+ local chain=net2all
+ local disposition=DROP
+ shift
+ shift
+ shift
+ log_rule_limit info net2all DROP
+ local level=info
+ local chain=net2all
+ local disposition=DROP
+ local rulenum+ local limit+ shift
+ shift
+ shift
+ shift
+ [ -n ]
+ eval iptables -A net2all -j LOG --log-level info --log-prefix
"`printf "$LOGFORMAT" $chain $disposition`"
+ printf Shorewall:%s:%s: net2all DROP
+ iptables -A net2all -j LOG --log-level info --log-prefix
Shorewall:net2all:DROP:
iptables: No chain/target/match by that name
+ [ 1 -ne 0 ]
+ [ -z ]
+ stop_firewall
+ set +x
#tail /etc/shorewall/policy
loc net ACCEPT
net all DROP info
all all REJECT info
#tail /etc/shorewall/rules
#just to test:
ACCEPT net:192.168.1.1 fw tcp 22
#tail /etc/shorewall/zones
net Net Internet
loc Local Local Networks
#tail /etc/shorewall/interfaces
net netcs0 detect routefilter
loc eth0 detect
Thank you
Samuel jet-black@linuxmail.org
from Brazil
--
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze