Hello I am having trouble getting portsentry to work with shorewall. I can run portsentry with iptables fine but as soon as I install shorewall and go to start portsentry again I get this error quote:Jul 3 22:53:23 portsentry[8128]: adminalert: Psionic PortSentry 1.1 is starting. Jul 3 22:53:23 portsentry[8129]: adminalert: Going into listen mode on TCP port: 49999 Jul 3 22:53:23 portsentry[8129]: adminalert: ERROR: could not bind TCP socket: 49999. Attempting to continue Jul 3 22:53:23 portsentry[8129]: adminalert: ERROR: could not bind ANY TCP sockets. Shutting down. Jul 3 22:53:23 portsentry[8129]: adminalert: ERROR: could not go into PortSentry mode. Shutting down. Jul 3 22:53:23 portsentry[8129]: securityalert: Psionic PortSentry is shutting down Jul 3 22:53:23 portsentry[8129]: adminalert: Psionic PortSentry is shutting down Jul 3 22:53:25 portsentry[8130]: adminalert: Psionic PortSentry 1.1 is starting. Jul 3 22:53:25 portsentry[8131]: adminalert: Going into listen mode on UDP port: 49999 Jul 3 22:53:25 portsentry[8131]: adminalert: ERROR: could not bind UDP socket: 49999. Attempting to continue Jul 3 22:53:25 portsentry[8131]: adminalert: ERROR: could not bind ANY UDP sockets. Shutting down. Jul 3 22:53:25 portsentry[8131]: adminalert: ERROR: could not go into PortSentry mode. Shutting down. Jul 3 22:53:25 portsentry[8131]: securityalert: Psionic PortSentry is shutting down Jul 3 22:53:25 portsentry[8131]: adminalert: Psionic PortSentry is shutting down I have followed the directions here exactly but am still having this problem. Here is what I''m using. Fedora Core 2 Shorewall-2.0.3c-1 Portsentry-1.1 Iptables-1.2.9 I''m thinking this may have something to do with my problem. Here is my section from my interfaces file. My interfaces file --------------------------------------------- net eth0 detect detectnets,tcpflags --------------------------------------------- My rules file --------------------------------------------- #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP REDIRECT net 49999 tcp 23 REDIRECT net 49999 tcp 110 REDIRECT net 49999 tcp 111 REDIRECT net 49999 udp 111 REDIRECT net 49999 tcp 143 REDIRECT net 49999 tcp 515 REDIRECT net 49999 tcp 1080 REDIRECT net 49999 tcp 1433 REDIRECT net 49999 tcp 1434 REDIRECT net 49999 tcp 3128 REDIRECT net 49999 tcp 12345 REDIRECT net 49999 tcp 27374 ACCEPT net fw icmp 8 ACCEPT fw net icmp --------------------------------------------- My zones file --------------------------------------------- #ZONE DISPLAY COMMENTS net Net Internet #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE --------------------------------------------- My policy file --------------------------------------------- ############################################################################### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST fw net ACCEPT net all DROP info # The FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE ---------------------------------------------- Thanks for the assistance. _________________________________________________________________ http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
Nick . wrote:> Hello > > I am having trouble getting portsentry to work with shorewall. I can run > portsentry with iptables fine but as soon as I install shorewall and go > to start portsentry again I get this error > > quote:Jul 3 22:53:23 portsentry[8128]: adminalert: Psionic PortSentry > 1.1 is starting. > Jul 3 22:53:23 portsentry[8129]: adminalert: Going into listen mode on > TCP port: 49999 > Jul 3 22:53:23 portsentry[8129]: adminalert: ERROR: could not bind TCP > socket: 49999. Attempting to continueTry ''netstat -tnap'' and see who is already listening on port 49999. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Nick . wrote: > >> Hello >> >> I am having trouble getting portsentry to work with shorewall. I can >> run portsentry with iptables fine but as soon as I install shorewall >> and go to start portsentry again I get this error >> >> quote:Jul 3 22:53:23 portsentry[8128]: adminalert: Psionic PortSentry >> 1.1 is starting. >> Jul 3 22:53:23 portsentry[8129]: adminalert: Going into listen mode on >> TCP port: 49999 >> Jul 3 22:53:23 portsentry[8129]: adminalert: ERROR: could not bind TCP >> socket: 49999. Attempting to continue > > > Try ''netstat -tnap'' and see who is already listening on port 49999.I suppost that the socket need not be in LISTEN state -- the normal local socket range for Linux is 32768 - 61000 so port 49999 can be grabbed as a dynamic local port number. You probably don''t see any problem if you fire up portsentry during boot and then don''t touch it but if you leave it stopped for a while there is a chance that a socket will be bound to that address and you won''t be able to start portsentry again. I suspect that is what you are seeing; at any rate, the problem doesn''t have anything to do with the fact that you are now running Shorewall -- Shorewall can''t stop sockets from being bound to ports. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom, I tried that as well and still get the same result. Any other ideas??? -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Tom Eastep Sent: Thursday, July 29, 2004 9:32 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] (no subject) Tom Eastep wrote:> > The above rules all DNS traffic everywhere BUT ONLY IF THE CLIENT BINDS TO > LOCAL PORT 53. Ditch the entries in the SOURCE PORT(S) column. >The above sentence should begin "The above rules *allow* all DNS traffic..." -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Richard Gutery wrote:> Tom, I tried that as well and still get the same result. > > Any other ideas??? >Please file a proper problem report as described at http://shorewall.net/support.htm. Include all of the output requested there including the output of "shorewall status" as an attachment. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net