Hello group, i tried to install the Shorewall FW 1.3.6 on my SuSE 7.3 stand-alone, one-interface machine but received the following error: linux:/etc/shorewall # shorewall start Processing /etc/shorewall/shorewall.conf ... Processing /etc/shorewall/params ... Starting Shorewall... Initializing... Determining Zones... Zones: net Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: eth0:0.0.0.0/0 modprobe: Can''t locate module ip_tables iptables v1.2.2: can''t initialize iptables table `nat'': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: Can''t locate module ip_tables iptables v1.2.2: can''t initialize iptables table `nat'': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. modprobe: Can''t locate module ip_tables iptables v1.2.2: can''t initialize iptables table `nat'': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Terminated I have had a look at the Errata but only RedHat boxes are mentioned.... Thanks for your help , Christoph (a linux newbie ;-)
On Tue, 20 Aug 2002, Christoph Votruba wrote:> Hello group, > > i tried to install the Shorewall FW 1.3.6 on my SuSE 7.3 stand-alone, > one-interface machine but received the following error: > > linux:/etc/shorewall # shorewall start > > Processing /etc/shorewall/shorewall.conf ... > Processing /etc/shorewall/params ... > Starting Shorewall... > Initializing... > Determining Zones... > Zones: net > Validating interfaces file... > Validating hosts file... > Validating Policy file... > Determining Hosts in Zones... > Net Zone: eth0:0.0.0.0/0 > modprobe: Can''t locate module ip_tables > iptables v1.2.2: can''t initialize iptables table `nat'': Table does not exist > (do you need to insmod?) > Perhaps iptables or your kernel needs to be upgraded. > modprobe: Can''t locate module ip_tables > iptables v1.2.2: can''t initialize iptables table `nat'': Table does not exist > (do you need to insmod?) > Perhaps iptables or your kernel needs to be upgraded. > modprobe: Can''t locate module ip_tables > iptables v1.2.2: can''t initialize iptables table `nat'': Table does not exist > (do you need to insmod?) > Perhaps iptables or your kernel needs to be upgraded. > Terminated >Hmmm -- what does "lsmod" show you? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Tue, 20 Aug 2002, Tom Eastep wrote:> On Tue, 20 Aug 2002, Christoph Votruba wrote: > > > Hmmm -- what does "lsmod" show you? >Also, did you compile your own kernel or is this a SuSE kernel? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
> On Tue, 20 Aug 2002, Tom Eastep wrote: > > > On Tue, 20 Aug 2002, Christoph Votruba wrote: > > > > > > Hmmm -- what does "lsmod" show you? > > > > Also, did you compile your own kernel or is this a SuSE kernel?lsmod is empty - and it should be the SuSE kernel. perhaps the modules are not at the correct location where Shorewall expects them - hmmm, will have a deeper look into my beginnerĀ“s books.... any ideas how to fix this ? thanks Christoph
On Tue, 20 Aug 2002, Christoph Votruba wrote:> > > > On Tue, 20 Aug 2002, Tom Eastep wrote: > > > > > On Tue, 20 Aug 2002, Christoph Votruba wrote: > > > > > > > > > Hmmm -- what does "lsmod" show you? > > > > > > > Also, did you compile your own kernel or is this a SuSE kernel? > > lsmod is empty - and it should be the SuSE kernel. > > perhaps the modules are not at the correct location where Shorewall expects > them - hmmm, will have a deeper look into my beginnerĀ“s books.... > > any ideas how to fix this ? >The messages you are seeing are from the kernel''s module loader -- not Shorewall (Shorewall is silent if it can''t find the modules). Both assume that the modules will be located in: /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Tue, 20 Aug 2002, Christoph Votruba wrote:> > > > On Tue, 20 Aug 2002, Tom Eastep wrote: > > > > > On Tue, 20 Aug 2002, Christoph Votruba wrote: > > > > > > > > > Hmmm -- what does "lsmod" show you? > > > > > > > Also, did you compile your own kernel or is this a SuSE kernel? > > lsmod is empty - and it should be the SuSE kernel. >I find it amazing that you can do anything with a vendor-supplied kernel with no modules loaded!!! What does ''uname -a'' return? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Christoph Votruba" <c.votruba@yooo.cc> Cc: <shorewall-users@shorewall.net> Sent: Tuesday, August 20, 2002 6:53 PM Subject: Re: [Shorewall-users] Installation Problem>------------------8<--------------- SNIP> > >The messages you are seeing are from the kernel''s module loader -- not >Shorewall (Shorewall is silent if it can''t find the modules). Both assume >that the modules will be located in:>/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/That''s just the place where they are (we are also running SuSE here) maint@estp-intranet:~> cd /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ maint@estp-intranet:/lib/modules/2.4.18-4GB/kernel/net/ipv4/netfilter> ls ip_conntrack.o ipt_LOG.o ipt_esp.o ipt_string.o ip_conntrack_ftp.o ipt_MARK.o ipt_iplimit.o ipt_tcpmss.o ip_conntrack_irc.o ipt_MASQUERADE.o ipt_length.o ipt_tos.o ip_nat_ftp.o ipt_MIRROR.o ipt_limit.o ipt_ttl.o ip_nat_irc.o ipt_REDIRECT.o ipt_mac.o ipt_unclean.o ip_nat_snmp_basic.o ipt_REJECT.o ipt_mark.o iptable_filter.o ip_queue.o ipt_TCPMSS.o ipt_multiport.o iptable_mangle.o ip_tables.o ipt_TOS.o ipt_owner.o iptable_nat.o ipchains.o ipt_ULOG.o ipt_psd.o ipfwadm.o ipt_ah.o ipt_state.o maint@estp-intranet:/lib/modules/2.4.18-4GB/kernel/net/ipv4/netfilter> (I am much interested in this thread. I have yet not tried to install Shorewall, but got similar error messages while playing/test-running with ''rivals'') and, on a straight-out-of-the-box SuSE installation, we have maint@estp-intranet:/lib/modules/2.4.18-4GB/kernel/net/ipv4/netfilter> uname -a Linux estp-intranet 2.4.18-4GB #1 Wed Mar 27 13:57:05 UTC 2002 i686 unknown maint@estp-intranet:/lib/modules/2.4.18-4GB/kernel/net/ipv4/netfilter> 2.4.18-4GB can also turn into 2.4.18-64GBSMP depending on your hardware. Regards JM
On Wednesday 21 August 2002 01:44, j 6m wrote:> ----- Original Message ----- > From: "Tom Eastep" <teastep@shorewall.net> > To: "Christoph Votruba" <c.votruba@yooo.cc> > Cc: <shorewall-users@shorewall.net> > Sent: Tuesday, August 20, 2002 6:53 PM > Subject: Re: [Shorewall-users] Installation Problem > > > ------------------8<--------------- SNIP > > >The messages you are seeing are from the kernel''s module loader -- not > >Shorewall (Shorewall is silent if it can''t find the modules). Both assume > >that the modules will be located in: > > > >/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ > > That''s just the place where they are (we are also running SuSE here) >If there is anyone still interested in this thread, I have additional input. I=20 have installed SuSE 8.0 in a virtual machine under VMware and have=20 successfully installed Shorewall. teastep@linux:~> uname -a Linux linux 2.4.18-4GB #1 Wed May 29 15:47:24 UTC 2002 i686 unknown teastep@linux:~> ls /lib/modules/2.4.18-4GB/kernel/net/ipv4/netfilter/ arp_tables.o ipchains.o ipt_ULOG.o ipt_psd.o arptable_filter.o ipfwadm.o ipt_ah.o ipt_state.o ip_conntrack.o ipt_LOG.o ipt_esp.o ipt_string.o ip_conntrack_ftp.o ipt_MARK.o ipt_iplimit.o ipt_tcpmss.o ip_conntrack_irc.o ipt_MASQUERADE.o ipt_length.o ipt_tos.o ip_nat_ftp.o ipt_MIRROR.o ipt_limit.o ipt_ttl.o ip_nat_irc.o ipt_REDIRECT.o ipt_mac.o ipt_unclean.o ip_nat_snmp_basic.o ipt_REJECT.o ipt_mark.o iptable_filter.o ip_queue.o ipt_TCPMSS.o ipt_multiport.o iptable_mangle.o ip_tables.o ipt_TOS.o ipt_owner.o iptable_nat.o teastep@linux:~> So the modules are there and Shorewall starts successfully: linux:~ # shorewall start Processing /etc/shorewall/shorewall.conf ... Processing /etc/shorewall/params ... Starting Shorewall... Loading Modules... Initializing... Determining Zones... Zones: net Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: eth0:0.0.0.0/0 Deleting user chains... Creating input Chains... Configuring Proxy ARP Setting up NAT... Adding Common Rules Setting up Kernel Route Filtering... IP Forwarding Disabled! Processing /etc/shorewall/tunnels... Processing /etc/shorewall/rules... Adding rules for DHCP Setting up ICMP Echo handling... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Masqueraded Subnets and Hosts: Processing /etc/shorewall/tos... Rule "all all tcp - ssh 16" added. Rule "all all tcp ssh - 16" added. Rule "all all tcp - ftp 16" added. Rule "all all tcp ftp - 16" added. Rule "all all tcp ftp-data - 8" added. Rule "all all tcp - ftp-data 8" added. Activating Rules... Shorewall Started linux:~ # So it appears that the problems some folks are having are SuSE installation=20 problems. I installed using FTP and the installation went smoothly until I=20 rebooted the virtual machine and had no network connectivity -- a couple of=20 minutes running Yast fixed that problem. -Tom --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
I see this entry often, the IP address is always close too. Have I missed something? Aug 25 22:43:45 NS kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=xx.xxx.xxx.xxx DST=216.148.218.160 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=878 DF PROTO=TCP SPT=40261 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0 Thanks, Ken
On Sunday 25 August 2002 08:14 pm, Ken wrote:> I see this entry often, the IP address is always close too. Have I missed > something? > > Aug 25 22:43:45 NS kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 > SRC=xx.xxx.xxx.xxx DST=216.148.218.160 LEN=44 TOS=0x00 PREC=0x00 TTL=64 > ID=878 DF PROTO=TCP SPT=40261 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0 >Something on your Firewall wants to make a secure HTTP connection to 216.148.218.160. Either allow the connection: ACCEPT fw net tcp https or kill the program that trying to make the connection (Hint: you are ruuning RedHat and have registered with RedHat Network). -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Sunday 25 August 2002 11:03, Tom wrote:> If there is anyone still interested in this thread, I have additional > input. I have installed SuSE 8.0 in a virtual machine under VMware and have > successfully installed Shorewall.Vmware is awesome. I have to test my windows software on all MS platforms and Vmware allows me to do that in one machine ----but i digress...> So it appears that the problems some folks are having are SuSE installation > problems.For the record.... I''ve put Shorewall on several Suse Platforms, and the ONLY ones I''ve had problem with were done via RPM. I''ve just resorted to tarballs and find no more difficulty. You didn''t mention how you installed Shorewall, rpm or tars...
On Sunday 25 August 2002 11:13 pm, John Andersen wrote:> > Vmware is awesome. > I have to test my windows software on all MS platforms > and Vmware allows me to do that in one machineYes -- I of course am using it for a similar purpose.> ----but i digress... > > > So it appears that the problems some folks are having are SuSE > > installation problems. > > For the record.... > I''ve put Shorewall on several Suse Platforms, and the ONLY ones > I''ve had problem with were done via RPM. I''ve just resorted > to tarballs and find no more difficulty. > > You didn''t mention how you installed Shorewall, rpm or tars... >I installed using the rpm -- As mentioned in the Errata and in the Installation Instructions, if you have problems installing the RPM under SuSE then the "--nodeps" option to ''rpm'' should allow the installation to succeed. I didn''t have to do that however. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net