Hi, I''m new to the mailing list, thought I would try this firewall. Seems easy to use. I may have a system configuration error. I have Redhat Linux 7.3, I have upgraded the kernal to the latest and believe that I have everything done correctly but I get the following error. I basically have a network that I want to SNAT on, but can''t seem to get it going. Any suggestions would be great, thanks in advance. shorewall start Processing /etc/shorewall/params ... Starting Shorewall... Loading Modules... Initializing... Determining Zones... Zones: net loc Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: eth0:0.0.0.0/0 Local Zone: eth1:0.0.0.0/0 Processing /etc/shorewall/init ... Deleting user chains... Creating input Chains... Configuring Proxy ARP Setting up NAT... Adding Common Rules Adding rules for DHCP Enabling RFC1918 Filtering Setting up Kernel Route Filtering... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/rules... Rule "ACCEPT fw net tcp 53" added. Rule "ACCEPT fw net udp 53" added. Rule "ACCEPT loc fw tcp 22" added. Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy ACCEPT for loc to fw using chain loc2fw Policy ACCEPT for loc to net using chain loc2net Masqueraded Subnets and Hosts: To 0.0.0.0/0 from 24.73.161.192/28 through eth0 iptables v1.2.5: host/network `default'' not found Try `iptables -h'' or ''iptables --help'' for more information.
> -----Original Message----- > From: Ronnie Tartar > Sent: Sunday, February 16, 2003 2:27 PM > Subject: [Shorewall-users] Error starting > > > Hi, I''m new to the mailing list, thought I would try this > firewall. Seems easy to use. I may have a system > configuration error. I have Redhat Linux 7.3, I have upgraded > the kernal to the latest and believe that I have everything > done correctly but I get the following error. > > I basically have a network that I want to SNAT on, but can''t > seem to get it going. > > Any suggestions would be great, thanks in advance. > >[snip...]> Masqueraded Subnets and Hosts: > To 0.0.0.0/0 from 24.73.161.192/28 through eth0 > > iptables v1.2.5: host/network `default'' not found > Try `iptables -h'' or ''iptables --help'' for more information.Try the ideas suggested in the troubleshooting guide at: http://www.shorewall.net/troubleshoot.htm Maybe by running shorewall in debug mode will help point out where the "default" host/network is coming from. Steve Cowles
I did, I upgraded my kernal and verified the things I could. I did do the debug start and I see where it crashes, I just don''t understand where to find it. I''m learning this firewall. I love the way the rule sets are setup etc... Just have to get it going. Here is the debug info: + destination=0.0.0.0/0 + ''['' -n '''' '']'' + destnet=-d 0.0.0.0/0 + ''['' -n ''24.73.161.192/28 default/32'' '']'' + ''['' -n '''' '']'' + addnatrule eth0_masq -s 24.73.161.192/28 -d 0.0.0.0/0 -j MASQUERADE + ensurenatchain eth0_masq + havenatchain eth0_masq + eval test ''"$eth0_masq_nat_exists"'' = Yes ++ test '''' = Yes + createnatchain eth0_masq + run_iptables -t nat -N eth0_masq + iptables -t nat -N eth0_masq + eval eth0_masq_nat_exists=Yes ++ eth0_masq_nat_exists=Yes + run_iptables2 -t nat -A eth0_masq -s 24.73.161.192/28 -d 0.0.0.0/0 -j MASQUERADE + ''['' ''x-t nat -A eth0_masq -s 24.73.161.192/28 -d 0.0.0.0/0 -j MASQUERADE'' = ''x-t nat -A eth0_masq -s 24.73.161.192/28 -d 0. 0.0.0/0 -j MASQUERADE'' '']'' + run_iptables -t nat -A eth0_masq -s 24.73.161.192/28 -d 0.0.0.0/0 -j MASQUERADE + iptables -t nat -A eth0_masq -s 24.73.161.192/28 -d 0.0.0.0/0 -j MASQUERADE + return + echo '' To 0.0.0.0/0 from 24.73.161.192/28 through eth0'' To 0.0.0.0/0 from 24.73.161.192/28 through eth0 + ''['' -n '''' '']'' + addnatrule eth0_masq -s default/32 -d 0.0.0.0/0 -j MASQUERADE + ensurenatchain eth0_masq + havenatchain eth0_masq + eval test ''"$eth0_masq_nat_exists"'' = Yes ++ test Yes = Yes + run_iptables2 -t nat -A eth0_masq -s default/32 -d 0.0.0.0/0 -j MASQUERADE + ''['' ''x-t nat -A eth0_masq -s default/32 -d 0.0.0.0/0 -j MASQUERADE'' = ''x-t nat -A eth0_masq -s default/32 -d 0.0.0.0/0 -j M ASQUERADE'' '']'' + run_iptables -t nat -A eth0_masq -s default/32 -d 0.0.0.0/0 -j MASQUERADE + iptables -t nat -A eth0_masq -s default/32 -d 0.0.0.0/0 -j MASQUERADE iptables v1.2.5: host/network `default'' not found Try `iptables -h'' or ''iptables --help'' for more information. + ''['' -z '''' '']'' + stop_firewall + set +x Processing /etc/shorewall/stop ... Processing /etc/shorewall/stopped ... Terminated -----Original Message----- From: Cowles, Steve [mailto:Steve@SteveCowles.com] Sent: Sunday, February 16, 2003 3:53 PM To: ''shorewall-users@lists.shorewall.net'' Subject: RE: [Shorewall-users] Error starting> -----Original Message----- > From: Ronnie Tartar > Sent: Sunday, February 16, 2003 2:27 PM > Subject: [Shorewall-users] Error starting > > > Hi, I''m new to the mailing list, thought I would try this > firewall. Seems easy to use. I may have a system > configuration error. I have Redhat Linux 7.3, I have upgraded > the kernal to the latest and believe that I have everything > done correctly but I get the following error. > > I basically have a network that I want to SNAT on, but can''t > seem to get it going. > > Any suggestions would be great, thanks in advance. > >[snip...]> Masqueraded Subnets and Hosts: > To 0.0.0.0/0 from 24.73.161.192/28 through eth0 > > iptables v1.2.5: host/network `default'' not found > Try `iptables -h'' or ''iptables --help'' for more information.Try the ideas suggested in the troubleshooting guide at: http://www.shorewall.net/troubleshoot.htm Maybe by running shorewall in debug mode will help point out where the "default" host/network is coming from. Steve Cowles _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.shorewall.net http://lists.shorewall.net/mailman/listinfo/shorewall-users
Got it fixed. I downloaded the sample config that I did not correctly implement. I started from scratch, only 3 to 4 files to edit, works like a champ. Thanks -----Original Message----- From: Ronnie Tartar [mailto:rtartar@SYMBIOSTECH.com] Sent: Sunday, February 16, 2003 4:12 PM To: ''shorewall-users@lists.shorewall.net'' Subject: RE: [Shorewall-users] Error starting I did, I upgraded my kernal and verified the things I could. I did do the debug start and I see where it crashes, I just don''t understand where to find it. I''m learning this firewall. I love the way the rule sets are setup etc... Just have to get it going. Here is the debug info: + destination=0.0.0.0/0 + ''['' -n '''' '']'' + destnet=-d 0.0.0.0/0 + ''['' -n ''24.73.161.192/28 default/32'' '']'' + ''['' -n '''' '']'' + addnatrule eth0_masq -s 24.73.161.192/28 -d 0.0.0.0/0 -j MASQUERADE + ensurenatchain eth0_masq havenatchain eth0_masq + eval test ''"$eth0_masq_nat_exists"'' = Yes ++ test '''' = Yes + createnatchain eth0_masq + run_iptables -t nat -N eth0_masq + iptables -t nat -N eth0_masq + eval eth0_masq_nat_exists=Yes ++ eth0_masq_nat_exists=Yes + run_iptables2 -t nat -A eth0_masq -s 24.73.161.192/28 -d 0.0.0.0/0 -j MASQUERADE + ''['' ''x-t nat -A eth0_masq -s 24.73.161.192/28 -d 0.0.0.0/0 -j + MASQUERADE'' = ''x-t nat -A eth0_masq -s 24.73.161.192/28 -d 0. 0.0.0/0 -j MASQUERADE'' '']'' + run_iptables -t nat -A eth0_masq -s 24.73.161.192/28 -d 0.0.0.0/0 -j MASQUERADE + iptables -t nat -A eth0_masq -s 24.73.161.192/28 -d 0.0.0.0/0 -j MASQUERADE + return + echo '' To 0.0.0.0/0 from 24.73.161.192/28 through eth0'' To 0.0.0.0/0 from 24.73.161.192/28 through eth0 + ''['' -n '''' '']'' + addnatrule eth0_masq -s default/32 -d 0.0.0.0/0 -j MASQUERADE + ensurenatchain eth0_masq havenatchain eth0_masq + eval test ''"$eth0_masq_nat_exists"'' = Yes ++ test Yes = Yes + run_iptables2 -t nat -A eth0_masq -s default/32 -d 0.0.0.0/0 -j + MASQUERADE ''['' ''x-t nat -A eth0_masq -s default/32 -d 0.0.0.0/0 -j + MASQUERADE'' = ''x-t nat -A eth0_masq -s default/32 -d 0.0.0.0/0 -j M ASQUERADE'' '']'' + run_iptables -t nat -A eth0_masq -s default/32 -d 0.0.0.0/0 -j + MASQUERADE iptables -t nat -A eth0_masq -s default/32 -d 0.0.0.0/0 -j + MASQUERADE iptables v1.2.5: host/network `default'' not found Try `iptables -h'' or ''iptables --help'' for more information. + ''['' -z '''' '']'' + stop_firewall + set +x Processing /etc/shorewall/stop ... Processing /etc/shorewall/stopped ... Terminated -----Original Message----- From: Cowles, Steve [mailto:Steve@SteveCowles.com] Sent: Sunday, February 16, 2003 3:53 PM To: ''shorewall-users@lists.shorewall.net'' Subject: RE: [Shorewall-users] Error starting> -----Original Message----- > From: Ronnie Tartar > Sent: Sunday, February 16, 2003 2:27 PM > Subject: [Shorewall-users] Error starting > > > Hi, I''m new to the mailing list, thought I would try this firewall. > Seems easy to use. I may have a system configuration error. I have > Redhat Linux 7.3, I have upgraded the kernal to the latest and believe > that I have everything done correctly but I get the following error. > > I basically have a network that I want to SNAT on, but can''t seem to > get it going. > > Any suggestions would be great, thanks in advance. > >[snip...]> Masqueraded Subnets and Hosts: > To 0.0.0.0/0 from 24.73.161.192/28 through eth0 > > iptables v1.2.5: host/network `default'' not found > Try `iptables -h'' or ''iptables --help'' for more information.Try the ideas suggested in the troubleshooting guide at: http://www.shorewall.net/troubleshoot.htm Maybe by running shorewall in debug mode will help point out where the "default" host/network is coming from. Steve Cowles _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.shorewall.net http://lists.shorewall.net/mailman/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.shorewall.net http://lists.shorewall.net/mailman/listinfo/shorewall-users
> -----Original Message----- > From: Ronnie Tartar > Sent: Sunday, February 16, 2003 3:41 PM > Subject: RE: [Shorewall-users] Error starting > > > Got it fixed. I downloaded the sample config that I did not correctly > implement. I started from scratch, only 3 to 4 files to edit, works > like a champ.I too started from the sample configs and slowly added rules/features. Glad you got your system working. Steve Cowles