Whenever I try and use a redirect rule, I get the following error when
restarting the firewall:
kmod: failed to exec -s -k ipt_REDIRECT, errno 2
An example rule that I am trying to use is:
REDIRECT loc 3128 tcp 80 -
I''ve also tried:
REDIRECT masq 3128 tcp 80 -
But the error is always the same. Uncommenting out the REDIRECT
statements lets the firewall restart properly, and all is fine. This is
running on a linux server, which is connected to a cable modem, and also
an internal network. I want to sue the REDIRECT statement to set up a
transparent proxy. It looks like a kernal/modprobe error, but I was
wondering if anyone else has everr come across this error before?
Info about my setup:
I am running Mandrake 9.0 with security updates, kernal version is
2.4.19-16mdksecure.
The output of shorewall version is 1.3.7c
The output of ip addr show is:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:60:67:01:48:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast
qlen 100
link/ether 00:00:b4:be:1f:84 brd ff:ff:ff:ff:ff:ff
inet 203.45.36.184/22 brd 255.255.255.255 scope global eth1
The output of ip route show is:
192.168.1.0/24 dev eth0 scope link
203.45.36.0/22 dev eth1 proto kernel scope link src 203.45.36.184
127.0.0.0/8 dev lo scope link
default via 203.45.36.1 dev eth1
Ashleigh Gordon wrote:> Whenever I try and use a redirect rule, I get the following error when > restarting the firewall: > kmod: failed to exec -s -k ipt_REDIRECT, errno 2 >Ashleigh, You will find very explicit instructions for diagnosing "shorewall start" errors at http://www.shorewall.net/troubleshootl.htm in the section entitled "shorewall start and shorewall restart errors". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Ashleigh Gordon wrote: > >> Whenever I try and use a redirect rule, I get the following error when >> restarting the firewall: >> kmod: failed to exec -s -k ipt_REDIRECT, errno 2 >> > > Ashleigh, > > You will find very explicit instructions for diagnosing "shorewall > start" errors at http://www.shorewall.net/troubleshootl.htm in the > section entitled "shorewall start and shorewall restart errors".Sorry -- the URL is http://www.shorewall.net/troubleshoot.htm. In looking at the above error message though, it appears that the kernel''s module loader is unable to load the ipt_REDIRECT module. What happens if you ''modprobe ipt_REDIRECT''? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Yep, after using ''modprobe ipt_REDIRECT'' the REDIRECT statements now work perfectly. Thanks very much! Do you know how to make this module load after boot automatically, before shorewall starts? Tom Eastep wrote:> Tom Eastep wrote: > >> Ashleigh Gordon wrote: >> >>> Whenever I try and use a redirect rule, I get the following error >>> when restarting the firewall: >>> kmod: failed to exec -s -k ipt_REDIRECT, errno 2 >>> >> >> Ashleigh, >> >> You will find very explicit instructions for diagnosing "shorewall >> start" errors at http://www.shorewall.net/troubleshootl.htm in the >> section entitled "shorewall start and shorewall restart errors". > > > Sorry -- the URL is http://www.shorewall.net/troubleshoot.htm. In > looking at the above error message though, it appears that the > kernel''s module loader is unable to load the ipt_REDIRECT module. > > What happens if you ''modprobe ipt_REDIRECT''? > > -Tom
Ashleigh Gordon wrote:> Yep, after using ''modprobe ipt_REDIRECT'' the REDIRECT statements now > work perfectly. Thanks very much! Do you know how to make this module > load after boot automatically, before shorewall starts?Add an entry at the end of /etc/shorewall/modules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net