ipautofw not working
Hi, I've been trying to use ipautofw in my debian box, but I've been having trouble with that. I issue any ipautofw command and I get the message: setsockopt: Protocol not available I started with the 2.0.36 kernel at potato (most of my system is potato). As I searched the news, people said this message would come from a system with no ipautofw compiled in the kernel. Then I decided to install kernel-source-2.2.9, configure it and install it. Even though I enabled the ipautofw in the kernel (with all the other ip forward stuff), I still get that same message. To make it clear, I can use ipfwadm ok, but I can't use ipautofw. Any clue? Thanks, -- Luiz Otavio L. ZorzellaComputer Engineer [EMAIL PROTECTED]
Re: ipautofw not working
Subject: ipautofw not working Date: Tue, Jun 01, 1999 at 09:43:45PM -0700 In reply to:Luiz Otavio L. Zorzella Quoting Luiz Otavio L. Zorzella([EMAIL PROTECTED]): Hi, I've been trying to use ipautofw in my debian box, but I've been having trouble with that. I issue any ipautofw command and I get the message: setsockopt: Protocol not available I started with the 2.0.36 kernel at potato (most of my system is potato). As I searched the news, people said this message would come from a system with no ipautofw compiled in the kernel. Then I decided to install kernel-source-2.2.9, configure it and install it. Even though I enabled the ipautofw in the kernel (with all the other ip forward stuff), I still get that same message. To make it clear, I can use ipfwadm ok, but I can't use ipautofw. Any clue? Clue #1 is to look for the information on your system 'first'! From /usr/src/linux/Documentation/Changes As of 2.1.102, the IP firewalling code has been replaced; ipfwadm will no longer work. You need to obtain ipchains, available from http://www.rustcorp.com/linux/ipchains/ , and use that instead of ipfwadm. To use masq forwarding you will need to obtain ipmasqadm, available from http://juanjox.linuxhq.com/ . -- Information Center, n.: A room staffed by professional computer people whose job it is to tell you why you cannot have the information you require. ___ Wayne T. Topa [EMAIL PROTECTED]
Re: ipautofw not working
Subject: Re: ipautofw not working Date: Wed, Jun 02, 1999 at 11:08:03AM -0700 In reply to:George Bonser Quoting George Bonser([EMAIL PROTECTED]): On Wed, 2 Jun 1999, Wayne Topa wrote: To make it clear, I can use ipfwadm ok, but I can't use ipautofw. Any clue? Clue #1 is to look for the information on your system 'first'! From /usr/src/linux/Documentation/Changes As of 2.1.102, the IP firewalling code has been replaced; ipfwadm will no longer work. You need to obtain ipchains, available from http://www.rustcorp.com/linux/ipchains/ , and use that instead of ipfwadm. To use masq forwarding you will need to obtain ipmasqadm, available from http://juanjox.linuxhq.com/ . Except that the person is not talking about having problems masquerading, the problem seems to be port forwarding. Thank you for pointing that out George. I was aware of that. From /usr/src/linux/Documentation/Configure.help CONFIG_IP_ROUTER Some Linux network drivers use a technique called copy and checksum to optimize host performance. For a machine which acts as a router most of the time and is forwarding most packets to another host this is however a loss. If you say Y here, copy and checksum will be switched off. In the future, it may make other changes which optimize for router operation. Note that your box can only act as a router if you enable IP forwarding in your kernel; you can do that by saying Y to /proc filesystem support and Sysctl support below and executing the line echo 1 /proc/sys/net/ipv4/ip_forward at boot time after the /proc filesystem has been mounted. You can do that even if you say N here. If unsure, say N here. IP: firewalling CONFIG_IP_FIREWALL If you want to configure your Linux box as a packet filter firewall for a local TCP/IP based network, say Y here. You may want to read the FIREWALL-HOWTO, available via FTP (user: anonymous) in ftp://metalab.unc.edu/pub/Linux/docs/HOWTO. Also, you will need the ipchains tool (available on the WWW at http://www.rustcorp.com/linux/ipchains/) to allow selective blocking of Internet traffic based on type, origin and destination. Note that the Linux firewall code has changed and the old program called ipfwadm won't work anymore. Please read the IPCHAINS-HOWTO. The type of firewall provided by ipchains and this kernel support is called a packet filter. The other type of firewall, a proxy-based one, is more secure but more intrusive and more bothersome to set up; it inspects the network traffic much more closely, modifies it and has knowledge about the higher level protocols, which a packet filter lacks. Moreover, proxy-based firewalls often require changes to the programs running on the local clients. Proxy-based firewalls don't need support by the kernel, but they are often combined with a packet filter, which only works if you say Y here. The firewalling code will only work if IP forwarding is enabled in your kernel. You can do that by saying Y to /proc filesystem support and Sysctl support below and executing the line echo 1 /proc/sys/net/ipv4/ip_forward at boot time after the /proc filesystem has been mounted. From proc.txt ip_forward Enable or disable forwarding of IP packages between interfaces. A change of this value resets all other parameters to their default values. They differ if the kernel is configured as host or router. As the original post was rather vague I opted to point to writer to a reliable source for the answers. As IPchains is required in the 2.2.x kernels, I thought that the info he required would be found there. Sorry if I didn't give the answer you thought I should. I personally feel it is better for the newbie if I point him to the information, rather then read it all for him. Teach a man to fish and all that. Where should I have sent him? No one else ha offered any help when I 'tried' to. Regards Wayne -- It is easier to change the specification to fit the program than vice versa. ___ Wayne T. Topa [EMAIL PROTECTED]
Re: ipautofw not working
Subject: Re: ipautofw not working Date: Wed, Jun 02, 1999 at 11:08:03AM -0700 In reply to:George Bonser Quoting George Bonser([EMAIL PROTECTED]): On Wed, 2 Jun 1999, Wayne Topa wrote: To make it clear, I can use ipfwadm ok, but I can't use ipautofw. Any clue? Clue #1 is to look for the information on your system 'first'! From /usr/src/linux/Documentation/Changes As of 2.1.102, the IP firewalling code has been replaced; ipfwadm will no longer work. You need to obtain ipchains, available from http://www.rustcorp.com/linux/ipchains/ , and use that instead of ipfwadm. To use masq forwarding you will need to obtain ipmasqadm, available from http://juanjox.linuxhq.com/ . Except that the person is not talking about having problems masquerading, the problem seems to be port forwarding. opps, forgot another reference IP: ipportfw masquerade support CONFIG_IP_MASQUERADE_IPPORTFW Port Forwarding is an addition to IP Masquerading which allows some forwarding of packets from outside to inside a firewall on given ports. This could be useful if, for example, you want to run a web server behind the firewall or masquerading host and that web server should be accessible from the outside world. An external client sends a request to port 80 of the firewall, the firewall forwards this request to the web server, the web server handles the request and the results are sent through the firewall to the original client. The client thinks that the firewall machine itself is running the web server. This can also be used for load balancing if you have a farm of identical web servers behind the firewall. Information about this feature is available from http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html (to browse the WWW, you need to have access to a machine on the Internet that has a program like lynx or netscape). For general info, please see ftp://ftp.compsoc.net/users/steve/ipportfw/linux21/ You will need the user space program ipmasqadm which can be downloaded from http://juanjox.linuxhq.com/ The portfw code is still under development and so is currently marked EXPERIMENTAL. If you want to try it, say Y. This code is also available as a module ( = code which can be inserted in and removed from the running kernel whenever you want). The module will be called ip_masq_portfw.o. If you want to compile it as a module, say M here and read Documentation/modules.txt. -- A Law of Computer Programming: Make it possible for programmers to write in English and you will find the programmers cannot write in English. ___ Wayne T. Topa [EMAIL PROTECTED]