Hi Tom Am 30.09.2015 um 00:34 schrieb Tom Eastep: > On 09/29/2015 03:17 PM, Erich Titl wrote: >> Hi Folks >> >> Am 29.09.2015 um 22:32 schrieb Erich Titl: >>> Hi Folks >>> >>> I seem to be stuck in my 5_2 attempts :-( >>> >>> shorewall refuses to start and I have difficulties understanding why. I >>> can see there are a number of iptables related modules missing >> >> I checked the sha sums of all files which I would think are relevant for >> my installation >> linux, modules.sqfs, iptables, libnetfilter stuff... >> >> They all match the ones from the 5.2 geode tarball at sourceforge, so I >> am pretty sure there is no mismatch there >> >> I am observing the following >> >> [ 46.352907] nf_conntrack version 0.5.0 (4002 buckets, 16008 max) >> [ 46.678087] xt_CT: No such helper "tftp" >> [ 46.711720] xt_CT: No such helper "tftp-0" >> [ 46.745385] xt_CT: No such helper "RAS" >> [ 46.899835] xt_CT: No such helper "snmp" >> [ 46.933877] xt_CT: No such helper "amanda" >> [ 47.025431] xt_CT: No such helper "sane" >> [ 47.060872] xt_CT: No such helper "sane-0" >> [ 47.097270] xt_CT: No such helper "netbios-ns" >> [ 47.132871] xt_CT: No such helper "irc" >> [ 47.169289] xt_CT: No such helper "irc-0" >> >> This appears to come from missing helpers for nf_conntrack. I have set >> AUTOHELPERS=Yes >> in shorewall.conf, so shorewall is supposed to load helpers when needed. >> >> Any bright ideas welcome > > AUTOHELPERS=Yes doesn't cause helpers to be loaded automatically, unless > module autoloading is enabled. It rather associates each helper with its > standard protocols and ports -- see the /etc/shorewall/conntrack file. > The standard /usr/share/shorewall/helpers file should cause them to be > loaded however, provided that the setting of MODULE_SUFFIX in > shorewall.conf is correct.
MODULESDIR=/lib/modules MODULE_SUFFIX=ko ... # # Shorewall version 4 - Helpers File # # /usr/share/shorewall/helpers # # This file loads the kernel helper modules. # # THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in # dependency order. i.e., if M2 depends on M1 then you must load M1 # before you load M2. # # If you need to modify this file, copy it to /etc/shorewall and modify the # copy. # ############################################################################### # Helpers # loadmodule ip_conntrack_amanda loadmodule ip_conntrack_ftp loadmodule ip_conntrack_h323 loadmodule ip_conntrack_irc loadmodule ip_conntrack_netbios_ns loadmodule ip_conntrack_pptp loadmodule ip_conntrack_sip loadmodule ip_conntrack_tftp loadmodule ip_nat_amanda loadmodule ip_nat_ftp loadmodule ip_nat_h323 loadmodule ip_nat_irc loadmodule ip_nat_pptp loadmodule ip_nat_sip loadmodule ip_nat_snmp_basic loadmodule ip_nat_tftp # ....... SALT# ls /usr/lib/libnetfilter_* /usr/lib/libnetfilter_acct.so /usr/lib/libnetfilter_log.so /usr/lib/libnetfilter_acct.so.1 /usr/lib/libnetfilter_log.so.1 /usr/lib/libnetfilter_acct.so.1.0.0 /usr/lib/libnetfilter_log.so.1.1.0 /usr/lib/libnetfilter_conntrack.so /usr/lib/libnetfilter_log_libipulog.so /usr/lib/libnetfilter_conntrack.so.3 /usr/lib/libnetfilter_log_libipulog.so.1 /usr/lib/libnetfilter_conntrack.so.3.5.0 /usr/lib/libnetfilter_log_libipulog.so.1.0.0 but lsmod | grep ip_conntrack yields nothing Thanks Erich ------------------------------------------------------------------------------ _______________________________________________ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
