The shorewoll won''t start on my RH 7.2 (iptables 1.2.5-3)
.....
Configuring Proxy ARP
Setting up NAT...
Adding Common Rules
iptables: No chain/target/match by that name
/sbin/service: line 64: 1006 Terminated
"${SERVICEDIR}/${SERVICE}"
${OPTIONS}
The prob is when it lauch this line:
iptables -A reject -p tcp -j REJECT --reject-with tcp-reset
iptables: No chain/target/match by that name
But in the .config of my installed kernel i can see:
# grep REJECT .config
CONFIG_IP_NF_TARGET_REJECT=3Dy
With the same kernell (I''ve copied the .config) all work fine on an
other
RedHat 8.0.
Thank you
Luca
Luca Brighetti
__________________________________________________________________
Tiscali ADSL. Scopri la fantastica promozione di Natale: tutto Gratis fino
al 9 gennaio!
Abbonati ora: prima ti abboni, pi=F9 risparmi!
http://point.tiscali.it/adsl/index.shtml
--On Wednesday, December 11, 2002 04:26:46 PM +0100 lupick@tiscali.it wrote:> The shorewoll won''t start on my RH 7.2 (iptables 1.2.5-3) > ..... > Configuring Proxy ARP > Setting up NAT... > Adding Common Rules > iptables: No chain/target/match by that name > /sbin/service: line 64: 1006 Terminated > "${SERVICEDIR}/${SERVICE}" ${OPTIONS} > > > The prob is when it lauch this line: > > iptables -A reject -p tcp -j REJECT --reject-with tcp-reset > > iptables: No chain/target/match by that name > > But in the .config of my installed kernel i can see: > ># grep REJECT .config > > CONFIG_IP_NF_TARGET_REJECT=y > > With the same kernell (I''ve copied the .config) all work fine on an other > RedHat 8.0. >Be sure that you are running the kernel that you think you are -- if you are getting the quoted message on that iptables command, then it means that the running kernel does not have REJECT support. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Wednesday, December 11, 2002 07:32:13 AM -0800 Tom Eastep <teastep@shorewall.net> wrote:>> >> The prob is when it lauch this line: >> >> iptables -A reject -p tcp -j REJECT --reject-with tcp-reset >> >> iptables: No chain/target/match by that name >> > > Be sure that you are running the kernel that you think you are -- if you > are getting the quoted message on that iptables command, then it means > that the running kernel does not have REJECT support. >There is one more possibility -- that the chain ''reject'' doesn''t exist. That would indicate that there is something wrong with the ''firewall'' script on the system giving you this problem. The ''reject'' chain is created very early in Shorewall initialization. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net