Starting Shorewall... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Not available Packet Mangling: Not available Multi-port Match: Not available Connection Tracking Match: Not available Processing /etc/shorewall/init ... Deleting user chains... modprobe: Can''t locate module ip_tables iptables v1.2.8: can''t initialize iptables table `filter'': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. 88888888888888888888888888888888888888888888888 Do I just enable these mods through "menu makeconfig" and then makesure that they are loading on boot as well? Thanks, JBanks __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Hi Joshua, Its probably best you get as much of the netfilter stuff in there, modules or otherwise as you can. Never know when you are going to need it. You don''t have to load them on boot as shorewall will attempt to load them anyway - which is precisely what it was trying to do in your case. dave ----- Original Message ----- From: "Joshua Banks" <l0f33t@yahoo.com>> > Do I just enable these mods through "menu makeconfig" and then makesurethat they are loading on> boot as well? >
David Kempe wrote:>Hi Joshua, >Its probably best you get as much of the netfilter stuff in there, modules >or otherwise as you can. >Never know when you are going to need it. >You don''t have to load them on boot as shorewall will attempt to load them >anyway - which is precisely what it was trying to do in your case. > >dave > >Right. Here is a posting from Collins Richey on the gentoo mailing list who''s using shorewall on gentoo linux. Note that he did not compile the stuff as modules, which should also be possible: [ rest snipped ] I''m now up and running shorewall on 2.6.test3. For anyone else interested. 1. You need to emerge iproute-20010824-r4 (masked) to use shorewall on 2.6. 2. You need 99% of the items under networking enabled in your kernel to use shorewall. After about 5 attempts, I got enough stuff enabled to run shorewall. This is what I have; you may prefer modules. CONFIG_PACKET=y # CONFIG_PACKET_MMAP is not set CONFIG_NETLINK_DEV=y CONFIG_UNIX=y CONFIG_NET_KEY=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_NAT=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_TOS=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=m CONFIG_NET_IPGRE=m CONFIG_NET_IPGRE_BROADCAST=y # CONFIG_IP_MROUTE is not set # CONFIG_ARPD is not set CONFIG_INET_ECN=y CONFIG_SYN_COOKIES=y CONCONFIG_INET_ESP=y CONFIG_INET_IPCOMP=y CONFIG_NETFILTER=y CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_FTP=y CONFIG_IP_NF_IRC=y CONFIG_IP_NF_TFTP=y # CONFIG_IP_NF_AMANDA is not set # CONFIG_IP_NF_QUEUE is not set CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_LIMIT=y CONFIG_IP_NF_MATCH_MAC=y CONFIG_IP_NF_MATCH_PKTTYPE=y CONFIG_IP_NF_MATCH_MARK=y CONFIG_IP_NF_MATCH_MULTIPORT=y CONFIG_IP_NF_MATCH_TOS=y CONFIG_IP_NF_MATCH_RECENT=y CONFIG_IP_NF_MATCH_ECN=y CONFIG_IP_NF_MATCH_DSCP=y CONFIG_IP_NF_MATCH_AH_ESP=y CONFIG_IP_NF_MATCH_LENGTH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_TCPMSS=y CONFIG_IP_NF_MATCH_HELPER=y CONFIG_IP_NF_MATCH_STATE=y CONFIG_IP_NF_MATCH_CONNTRACK=y # CONFIG_IP_NF_MATCH_UNCLEAN is not set # CONFIG_IP_NF_MATCH_OWNER is not set CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y # CONFIG_IP_NF_TARGET_MIRROR is not set CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y # CONFIG_IP_NF_NAT_LOCAL is not set # CONFIG_IP_NF_NAT_SNMP_BASIC is not set CONFIG_IP_NF_NAT_IRC=y CONFIG_IP_NF_NAT_FTP=y CONFIG_IP_NF_NAT_TFTP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_TOS=y CONFIG_IP_NF_TARGET_ECN=y CONFIG_IP_NF_TARGET_DSCP=y CONFIG_IP_NF_TARGET_MARK=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_IP_NF_TARGET_TCPMSS=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y CONFIG_XFRM_USER=y Enjoy. -- Collins Richey - Denver Area> >----- Original Message ----- >From: "Joshua Banks" <l0f33t@yahoo.com> > > > >>Do I just enable these mods through "menu makeconfig" and then makesure >> >> >that they are loading on > > >>boot as well? >> >> >> > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm > >-- _______________________________ Dr. Hagen & Partner GmbH Am Weichselgarten 7 91058 Erlangen Tel: (0049)9131/691-330 Fax: (0049)9131/691-248 _______________________________
Thanks Peter, This will be very helpful seeing that I just installed Gentoo.. Thanks, JBanks --- Peter Eis <eis@hagen-partner.de> wrote:> David Kempe wrote: > > >Hi Joshua, > >Its probably best you get as much of the netfilter stuff in there, modules > >or otherwise as you can. > >Never know when you are going to need it. > >You don''t have to load them on boot as shorewall will attempt to load them > >anyway - which is precisely what it was trying to do in your case. > > > >dave > > > > > Right. Here is a posting from Collins Richey on the gentoo mailing list > who''s using shorewall on gentoo linux. > Note that he did not compile the stuff as modules, which should also be > possible: > > [ rest snipped ] > > I''m now up and running shorewall on > 2.6.test3. For anyone else interested. > > 1. You need to emerge iproute-20010824-r4 (masked) to use shorewall on > 2.6. > > 2. You need 99% of the items under networking enabled in your kernel to > use shorewall. After about 5 attempts, I got enough stuff enabled to > run shorewall. This is what I have; you may prefer modules. > > CONFIG_PACKET=y > # CONFIG_PACKET_MMAP is not set > CONFIG_NETLINK_DEV=y > CONFIG_UNIX=y > CONFIG_NET_KEY=y > CONFIG_INET=y > CONFIG_IP_MULTICAST=y > CONFIG_IP_ADVANCED_ROUTER=y > CONFIG_IP_MULTIPLE_TABLES=y > CONFIG_IP_ROUTE_FWMARK=y > CONFIG_IP_ROUTE_NAT=y > CONFIG_IP_ROUTE_MULTIPATH=y > CONFIG_IP_ROUTE_TOS=y > CONFIG_IP_ROUTE_VERBOSE=y > # CONFIG_IP_PNP is not set > CONFIG_NET_IPIP=m > CONFIG_NET_IPGRE=m > CONFIG_NET_IPGRE_BROADCAST=y > # CONFIG_IP_MROUTE is not set > # CONFIG_ARPD is not set > CONFIG_INET_ECN=y > CONFIG_SYN_COOKIES=y > CONCONFIG_INET_ESP=y > CONFIG_INET_IPCOMP=y > CONFIG_NETFILTER=y > CONFIG_IP_NF_CONNTRACK=y > CONFIG_IP_NF_FTP=y > CONFIG_IP_NF_IRC=y > CONFIG_IP_NF_TFTP=y > # CONFIG_IP_NF_AMANDA is not set > # CONFIG_IP_NF_QUEUE is not set > CONFIG_IP_NF_IPTABLES=y > CONFIG_IP_NF_MATCH_LIMIT=y > CONFIG_IP_NF_MATCH_MAC=y > CONFIG_IP_NF_MATCH_PKTTYPE=y > CONFIG_IP_NF_MATCH_MARK=y > CONFIG_IP_NF_MATCH_MULTIPORT=y > CONFIG_IP_NF_MATCH_TOS=y > CONFIG_IP_NF_MATCH_RECENT=y > CONFIG_IP_NF_MATCH_ECN=y > CONFIG_IP_NF_MATCH_DSCP=y > CONFIG_IP_NF_MATCH_AH_ESP=y > CONFIG_IP_NF_MATCH_LENGTH=y > CONFIG_IP_NF_MATCH_TTL=y > CONFIG_IP_NF_MATCH_TCPMSS=y > CONFIG_IP_NF_MATCH_HELPER=y > CONFIG_IP_NF_MATCH_STATE=y > CONFIG_IP_NF_MATCH_CONNTRACK=y > # CONFIG_IP_NF_MATCH_UNCLEAN is not set > # CONFIG_IP_NF_MATCH_OWNER is not set > CONFIG_IP_NF_FILTER=y > CONFIG_IP_NF_TARGET_REJECT=y > # CONFIG_IP_NF_TARGET_MIRROR is not set > CONFIG_IP_NF_NAT=y > CONFIG_IP_NF_NAT_NEEDED=y > CONFIG_IP_NF_TARGET_MASQUERADE=y > CONFIG_IP_NF_TARGET_REDIRECT=y > # CONFIG_IP_NF_NAT_LOCAL is not set > # CONFIG_IP_NF_NAT_SNMP_BASIC is not set > CONFIG_IP_NF_NAT_IRC=y > CONFIG_IP_NF_NAT_FTP=y > CONFIG_IP_NF_NAT_TFTP=y > CONFIG_IP_NF_MANGLE=y > CONFIG_IP_NF_TARGET_TOS=y > CONFIG_IP_NF_TARGET_ECN=y > CONFIG_IP_NF_TARGET_DSCP=y > CONFIG_IP_NF_TARGET_MARK=y > CONFIG_IP_NF_TARGET_LOG=y > CONFIG_IP_NF_TARGET_ULOG=y > CONFIG_IP_NF_TARGET_TCPMSS=y > CONFIG_IP_NF_ARPTABLES=y > CONFIG_IP_NF_ARPFILTER=y > CONFIG_IP_NF_ARP_MANGLE=y > CONFIG_XFRM_USER=y > > Enjoy. > > > -- > Collins Richey - Denver Area > > > > >----- Original Message ----- > >From: "Joshua Banks" <l0f33t@yahoo.com> > > > > > > > >>Do I just enable these mods through "menu makeconfig" and then makesure > >> > >> > >that they are loading on > > > > > >>boot as well? > >> > >> > >> > > > >_______________________________________________ > >Shorewall-users mailing list > >Post: Shorewall-users@lists.shorewall.net > >Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users > >Support: http://www.shorewall.net/support.htm > >FAQ: http://www.shorewall.net/FAQ.htm > > > > > > > -- > _______________________________ > Dr. Hagen & Partner GmbH > Am Weichselgarten 7 > 91058 Erlangen > Tel: (0049)9131/691-330 > Fax: (0049)9131/691-248 > _______________________________ > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com