Shorewall users - May 2003 - kernel modules and configuration

Hi most honourable list readers,

I''ve now spend a long time trying to get the shorewall just starting.
If it is possible could one think of streesing, writing it in
BOLD,ITALIC, RED, blinking, underlined and whistling that to get it
working 
A whole lot more modules must be loaded before having the
*******
thing started than the list in the modules conf file.

This will in the future save some time to the next shorewall
generation user.

thks

cedric

On Tue, 2003-05-13 at 20:15, cedric.boudin@metalog.iconmedialab.de
wrote:
> Hi most honourable list readers,
> 
> I''ve now spend a long time trying to get the shorewall just
starting.
> If it is possible could one think of streesing, writing it in
> BOLD,ITALIC, RED, blinking, underlined and whistling that to get it
> working 
> A whole lot more modules must be loaded before having the
> *******
> thing started than the list in the modules conf file.
> 
> This will in the future save some time to the next shorewall
> generation user.
> 
I honestly don''t know what you are saying....

I installed shorewall on a Red Hat 7.3, 8.0, and 9 systems.  I
configured all of the files in /etc/shorewall according to the samples
on the website.

Then, shorewall just worked.

You have to give us a bit more information on what you did, what kind of
OS, and what the errors are....

Ed

-- 
http://www.shorewall.net       Shorewall, for all your firewall needs

Ed Greshko writes:
 > On Tue, 2003-05-13 at 20:15, cedric.boudin@metalog.iconmedialab.de
 > wrote:
 > > Hi most honourable list readers,
 > > 
 > > I''ve now spend a long time trying to get the shorewall just
starting.
 > > If it is possible could one think of streesing, writing it in
 > > BOLD,ITALIC, RED, blinking, underlined and whistling that to get it
 > > working 
 > > A whole lot more modules must be loaded before having the
 > > *******
 > > thing started than the list in the modules conf file.
 > > 
 > > This will in the future save some time to the next shorewall
 > > generation user.
 > > 
 > 
 > I honestly don''t know what you are saying....
perhaps was I a little bit hasty i my writting.
I just wanted to stress that in all my readings I just saw once that
iptables failling to load could depend on missing modules in the
kernel.
That is in the troubleshooting section.
 > 
 > I installed shorewall on a Red Hat 7.3, 8.0, and 9 systems.  I
 > configured all of the files in /etc/shorewall according to the samples
 > on the website.
 > 
 > Then, shorewall just worked.
 > 
 > You have to give us a bit more information on what you did, what kind of
 > OS, and what the errors are....
Debian woody on sparc u5 kernel 2.4.18
shorewall 1.4.2 I think
and it did not work at once :=(
bu that''s life it is not allways easy :=)

cedric

On Tue, 13 May 2003 15:25:17 +0200,
<cedric.boudin@metalog.iconmedialab.de>
wrote:
> Ed Greshko writes:
> > > I installed shorewall on a Red Hat 7.3, 8.0, and 9 systems.  I
> > configured all of the files in /etc/shorewall according to the samples
> > on the website.
> > > Then, shorewall just worked.
> > > You have to give us a bit more information on what you did, what
kind
> of
> > OS, and what the errors are....
> Debian woody on sparc u5 kernel 2.4.18
> shorewall 1.4.2 I think
> and it did not work at once :=(
> bu that''s life it is not allways easy :=)
Shorewall attempts to load all of the netfilter modules that it needs; see 
/etc/shorewall/modules. The default place that Shorewall looks for 
netfilter modules is:

	/lib/modules/$osversion/kernel/net/ipv4/netfilter
	 where $osversion is obtained from:

	osversion=`uname -r`

If the netfilter modules are somewhere else on your system, then you need 
to set the MODULESDIR variable in /etc/shorewall/shorewall.conf to point to 
that place.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

On Tue, 2003-05-13 at 23:25, cedric.boudin@metalog.iconmedialab.de
wrote:
[...]
>  > I honestly don''t know what you are saying....
> perhaps was I a little bit hasty i my writting.
> I just wanted to stress that in all my readings I just saw once that
> iptables failling to load could depend on missing modules in the
> kernel.
> That is in the troubleshooting section.
[...]
> Debian woody on sparc u5 kernel 2.4.18
> shorewall 1.4.2 I think
> and it did not work at once :=(
> bu that''s life it is not allways easy :=)
Hmmm... let me guess; you compiled your own kernel instead of using a
standard Debian kernel-image package.

Using the standard kernel, everything just works. Compiling your own
kernel is not advisable any more; the Debian kernels are optimised by
processor, and fully modular so they support everything, but only load
what is absolutely required. The old advice about "optimising your
kernel" is... old advice. 

The only reasons to compile your own kernels now are; you want to run a
system with only 64M flash and 4M RAM, or you absolutely need a kernel
with non-standard patches applied. In the later case I would advise you
to take the Debian standard kernel config and _only_ change the bits you
absolutely must.

-- 
----------------------------------------------------------------
Donovan Baarda                http://minkirri.apana.org.au/~abo/
----------------------------------------------------------------