Is this supported in the LEAF version? I seem to have some problem with using a rule that reference a MAC address like this: ACCEPT net:~00-0A-BA-0F-00-BA dmz tcp 110 I get an iptable error when I start shorewall. thanks... __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com
On Tue, 14 May 2002, Dragon Wood wrote:> Is this supported in the LEAF version?The RPM, tarball and LRP packages (there is no such thing as "the LEAF version") support EXACTLY the same functionality in a given release. If you type "shorewall version" and get a version >= 1.2.9 then MAC addresses are supported provided that your kernel is built with MAC address match support. I seem to have> some problem with using a rule that reference a MAC > address like this: > > ACCEPT net:~00-0A-BA-0F-00-BA dmz tcp 110 > > I get an iptable error when I start shorewall. thanks... >Sure would be helpful if you would share the error message with us. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
I am using the LEAF "Bering" distribution. Shorewall version is 1.2.12. How do I tell that the kernal is built with MAC address match support? The error is shown below: # shorewall restart Processing /etc/shorewall/shorewall.conf ... Processing /etc/shorewall/params ... Restarting Shorewall... Initializing... Determining Zones... Zones: net loc dmz Validating interfaces file... Validating hosts file... Determining Hosts in Zones... Net Zone: eth0:0.0.0.0/0 Local Zone: eth1:0.0.0.0/0 DMZ Zone: eth2:0.0.0.0/0 Deleting user chains... Configuring Proxy ARP and NAT [details deleted] Adding Common Rules Setting up Kernel Route Filtering... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/rules... Rule "REJECT:info loc net tcp 6667" added. Rule "ACCEPT loc fw tcp ssh,sftp,time" added. Rule "ACCEPT loc fw udp snmp" added. Rule "ACCEPT loc dmz udp domain" added. Rule "ACCEPT loc dmz tcp domain,smtp,ssh,auth,imap2,imap3" added. Rule "ACCEPT loc dmz tcp www,ftp,pop-3,https" added. Rule "ACCEPT loc dmz icmp echo-request" added. Rule "ACCEPT net dmz tcp www,https,ftp,smtp,pop-3,imap2,imap3" added. Rule "ACCEPT net dmz udp domain" added. Rule "REJECT net dmz tcp auth" added. Rule "ACCEPT net:216.xxx.xxx.97 dmz:205.xxx.xxx.101 tcp 1433" added. iptables: No chain/target/match by that name Processing /etc/shorewall/stop ... Terminated The rule right after the last added rule looks like this: ACCEPT net:~00-0A-BA-0F-00-BA dmz tcp 110 Thanks, --- Tom Eastep <teastep@shorewall.net> wrote:> On Tue, 14 May 2002, Dragon Wood wrote: > > > Is this supported in the LEAF version? > > The RPM, tarball and LRP packages (there is no such > thing as "the LEAF > version") support EXACTLY the same functionality in > a given release. If > you type "shorewall version" and get a version >> 1.2.9 then MAC > addresses are supported provided that your kernel is > built with MAC > address match support. > > I seem to have > > some problem with using a rule that reference a > MAC > > address like this: > > > > ACCEPT net:~00-0A-BA-0F-00-BA dmz tcp 110 > > > > I get an iptable error when I start shorewall. > thanks... > > > > Sure would be helpful if you would share the error > message with us. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net >http://www.shorewall.net/mailman/listinfo/shorewall-users __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com
On Tue, 14 May 2002, Dragon Wood wrote:> I am using the LEAF "Bering" distribution. Shorewall > version is 1.2.12. How do I tell that the kernal is > built with MAC address match support?[root@gateway root]# iptables -N foo [root@gateway root]# iptables -A foo --match mac --mac-source \ 00:01:02:03:04:05 -j ACCEPT [root@gateway root]# If you get an error then you don''t have MAC match support. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
I get an error: iptables: no chain/target/match by that name I guess Bering doesn''t have MAC address support. --- Tom Eastep <teastep@shorewall.net> wrote:> On Tue, 14 May 2002, Dragon Wood wrote: > > > I am using the LEAF "Bering" distribution. > Shorewall > > version is 1.2.12. How do I tell that the kernal > is > > built with MAC address match support? > > [root@gateway root]# iptables -N foo > [root@gateway root]# iptables -A foo --match mac > --mac-source \ > 00:01:02:03:04:05 -j ACCEPT > [root@gateway root]# > > If you get an error then you don''t have MAC match > support. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net >http://www.shorewall.net/mailman/listinfo/shorewall-users __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com