Now I step by step to configure Shorewall to match my school environment, the following error when I restart the Shorewall. ..End Macro iptables v1.2.11: Unknown arg `--sports'' Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -t nat -A loc_dnat -p tcp --sports ! 192.168.0.8,192.168.0.102,192.168.0.104,192.168.0.106,192.168.0.108,192.168.0.62 -d 0.0.0.0/0 -m multiport --dport www -j REDIRECT --to-port 3128" Failed Processing /etc/shorewall/stop ... WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables Rules: REDIRECT loc 3128 tcp www !192.168.0.8,192.168.0.102,192.168.0.104, 192.168.0.106,192.168.0.108,192.168.0.62 _______________________________________ YM - 離線訊息 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。 http://messenger.yahoo.com.hk ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Wilson Kwok wrote:> Now I step by step to configure Shorewall to match my school environment,That looks like you don''t have multiport matching in your iptables/kernel. Run ''shorewall show capabilities'' to confirm this. Paul ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
I think the shorewall support Multi-port ? Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Not available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Not available Physdev Match: Available IP range Match: Available Recent Match: Available Owner Match: Available Ipset Match: Not available CONNMARK Target: Not available Connmark Match: Not available Raw Table: Available CLASSIFY Target: Available FORWARD Mangle Chain: Not available Paul Gear <pgear@redlands.qld.edu.au> 說: Wilson Kwok wrote:> Now I step by step to configure Shorewall to match my school environment,That looks like you don''t have multiport matching in your iptables/kernel. Run ''shorewall show capabilities'' to confirm this. Paul ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________ YM - 離線訊息 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。 http://messenger.yahoo.com.hk ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
u should consider to upgrade your iptable version. the current version already in 1.3.x and you still using 1.2.x just my 2 cents On 8/4/06, Wilson Kwok <leiw324@yahoo.com.hk> wrote:> > Now I step by step to configure Shorewall to match my school environment, > > the following error when I restart the Shorewall. > > ..End Macro > iptables v1.2.11: Unknown arg `--sports' > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Command "/sbin/iptables -t nat -A loc_dnat -p tcp --sports ! > 192.168.0.8,192.168.0.102,192.168.0.104,192.168.0.106,192.168.0.108,192.168.0.62 > -d 0.0.0.0/0 -m multiport --dport www -j REDIRECT --to-port 3128" Failed > Processing /etc/shorewall/stop ... > WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not > appear to have ip6tables > > Rules: > > REDIRECT loc 3128 tcp www > !192.168.0.8,192.168.0.102,192.168.0.104, > 192.168.0.106,192.168.0.108,192.168.0.62 > > > > _______________________________________ > YM - 離線訊息 > 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。 > http://messenger.yahoo.com.hk > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Wong Chee Chun wrote:> u should consider to upgrade your iptable version. the current version > already in 1.3.x and you still using 1.2.xDefinitely - what shorewall version are you using, and what Linux distribution? It sounds like you''re a bit out of date on a number of things. Paul ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Paul Gear escribió:> Wong Chee Chun wrote: >> u should consider to upgrade your iptable version. the current version >> already in 1.3.x and you still using 1.2.x > > Definitely - what shorewall version are you using, and what Linux > distribution? It sounds like you''re a bit out of date on a number of > things. > > Paul >yes, looks like ;) Wilson, please paste the output of the following commands : #shorewall version #cat /etc/*-release ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
[root@shorewall ~]# shorewall version 3.0.7 [root@shorewall ~]# cat /etc/*-release CentOS release 4.3 (Final) "Cristian Rodriguez R." <judas_iscariote@shorewall.net> 說: Paul Gear escribi?> Wong Chee Chun wrote: >> u should consider to upgrade your iptable version. the current version >> already in 1.3.x and you still using 1.2.x > > Definitely - what shorewall version are you using, and what Linux > distribution? It sounds like you''re a bit out of date on a number of > things. > > Paul >yes, looks like ;) Wilson, please paste the output of the following commands : #shorewall version #cat /etc/*-release ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________ YM - 離線訊息 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。 http://messenger.yahoo.com.hk ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Wilson Kwok escribió:> [root@shorewall ~]# shorewall version > 3.0.7 > [root@shorewall ~]# cat /etc/*-release > CentOS release 4.3 (Final)yes, I confirmed that CentOS 4.3 ships a pretty arcane iptables version.> REDIRECT loc 3128 tcp www > !192.168.0.8,192.168.0.102,192.168.0.104, > 192.168.0.106,192.168.0.108,192.168.0.62you are missing a "-" : REDIRECT loc 3128 tcp www - !192.168.0.8,192.168.0.102,192.168.0.104,192.168.0.106,192.168.0.108,192.168.0.62 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV