Re: ipchains: cannot open file `/proc/net/ip_fwnames' (was: Re: No such file or directory - huh?!)
On 22 Jul 2001, Bob Nielsen wrote: 2.0.x kernels do not use ipchains, but use ipfwadm instead. Aha! Wonderful, thanks. Yes, I just read the Firewall HOWTO which says: The bilt in Linux firewall have changed several times. If you are using an old Linux kernel (1.0.x or older) geta new copy. These older used ipfwadm from http://www.xos.nl/linux/ipfwadm/ and is no longer supported. The last sentence of which I read as meaning kernels 1.0.x and earlier used ipfwadm, and anything later uses ipchains, but it goes on to say: If you are using 2.2.13 or newer you will be using ipchaining as developed by http://www.rustcorp.com/linux/ipchains/ which does indeed suggest I should not be using ipchains. Quite why I have the ipchains stuff installed, however, is a mystery. Upgrading is definitely in order, however. Its on the list. Generally I don't like to upgrade unless there is a compelling reason to (one reason to use Linux is to escape the bigger! better! faster! M$ mentality, at least for me). However to upgrade over the 'net I first need a firewall... Will look more closely at ipfwadm this evening, thanks Bob and everyone else who responded. -- Gary Debian 2.1r4 (kernel v2.0.39); XFree86 3.3.6 Thinking is the hardest work there is, which is the probable reason why so few engage in it. (Henry Ford)
ipchains: cannot open file `/proc/net/ip_fwnames' (was: Re: No such file or directory - huh?!)
Joost Kooij wrote: On Sat, Jul 21, 2001 at 08:34:48PM +0200, Gary Jones wrote: ash-ock:/etc/init.d# ./firewall bash: ./firewall: No such file or directory [snip] What's going on? The script file is definitely there In the script, you are using a command with a tpyo in it or that is located in a place not in your current $PATH. Nope. See later for how I know why not... Perhaps the command is ipchains (/sbin/ipchains) and you are used to doing su to become root? In that case, next time do su -, so you get a propor root login, with all the sbins in $PATH. No, I ran that scripting session as root so that I wouldn't get anything silly like ownership issues. and Tim Moss wrote: The No such file could be referring to the shebang line. Does /bin/sh exist? Yes. I still don't know what caused the problem. What I ended up doing was something like: cp ../init.d/firewall ../init.d/firewall.old cp ../init.d/network ../init.d/firewall jed ../init.d/firewall ../init.d/firewall.old and then copying the contents of 'firewall.old' into 'firewall'. After that I didn't get No such file or directory any more, though the original reason is still a mystery to me. Thanks for your help, though. Now I get: ash-ock:~# ipchains -F ipchains: cannot open file `/proc/net/ip_fwnames' [which is not surprising, since...] ash-ock:~# ls -la /proc/net/ip* -rw-r--r-- 1 root root0 Jul 22 10:29 /proc/net/ip_forward -rw-r--r-- 1 root root0 Jul 22 10:29 /proc/net/ip_input -rw-r--r-- 1 root root0 Jul 22 10:29 /proc/net/ip_output *sigh* I thought creating all the stuff required was the job of the install routine? I also get setsockopt : protocol not available when trying to set the policy. FWIW this is ipchains --version 1.3.4 (as per standard 'slink' distro, I believe) -- Gary Debian 2.1r4 (kernel v2.0.39); XFree86 3.3.6 Everything should be made as simple as possible, but not simpler. (Einstein)
Re: ipchains: cannot open file `/proc/net/ip_fwnames' (was: Re: No such file or directory - huh?!)
On Sun, Jul 22, 2001 at 10:59:15AM +0200, Gary Jones wrote: Joost Kooij wrote: On Sat, Jul 21, 2001 at 08:34:48PM +0200, Gary Jones wrote: ash-ock:/etc/init.d# ./firewall bash: ./firewall: No such file or directory [snip] What's going on? The script file is definitely there In the script, you are using a command with a tpyo in it or that is located in a place not in your current $PATH. Nope. See later for how I know why not... Perhaps the command is ipchains (/sbin/ipchains) and you are used to doing su to become root? In that case, next time do su -, so you get a propor root login, with all the sbins in $PATH. No, I ran that scripting session as root so that I wouldn't get anything silly like ownership issues. and Tim Moss wrote: The No such file could be referring to the shebang line. Does /bin/sh exist? Yes. If it wouldn't, all sorts of other things would also break, pretty violently. I still don't know what caused the problem. What I ended up doing was something like: cp ../init.d/firewall ../init.d/firewall.old cp ../init.d/network ../init.d/firewall jed ../init.d/firewall ../init.d/firewall.old and then copying the contents of 'firewall.old' into 'firewall'. After that I didn't get No such file or directory any more, though the original reason is still a mystery to me. Thanks for your help, though. Too bad that you do not have both files anymore, or you would have been able to at least make a diff of the working and the non-working version. Now I get: ash-ock:~# ipchains -F ipchains: cannot open file `/proc/net/ip_fwnames' [which is not surprising, since...] ash-ock:~# ls -la /proc/net/ip* -rw-r--r-- 1 root root0 Jul 22 10:29 /proc/net/ip_forward -rw-r--r-- 1 root root0 Jul 22 10:29 /proc/net/ip_input -rw-r--r-- 1 root root0 Jul 22 10:29 /proc/net/ip_output *sigh* I thought creating all the stuff required was the job of the install routine? Are you sure that you enabled firewalling support in your kernel configuration? I also get setsockopt : protocol not available when trying to set the policy. FWIW this is ipchains --version 1.3.4 (as per standard 'slink' distro, I believe) -- Gary Debian 2.1r4 (kernel v2.0.39); XFree86 3.3.6 ^^ That may also explain these other problems. Consider upgrading the machine to a newer debian release and a newer linux kernel. The facilities you are trying to use may not be supported very well or at all in the kernel and tools that you are using. Also, older debian releases do not get any official security updates. You need to run the stable release for those. Cheers, Joost
Re: ipchains: cannot open file `/proc/net/ip_fwnames' (was: Re: No such file or directory - huh?!)
On Sun, Jul 22, 2001 at 05:15:11PM +0200, Joost Kooij wrote: On Sun, Jul 22, 2001 at 10:59:15AM +0200, Gary Jones wrote: Joost Kooij wrote: On Sat, Jul 21, 2001 at 08:34:48PM +0200, Gary Jones wrote: ash-ock:/etc/init.d# ./firewall bash: ./firewall: No such file or directory [snip] What's going on? The script file is definitely there In the script, you are using a command with a tpyo in it or that is located in a place not in your current $PATH. Nope. See later for how I know why not... Perhaps the command is ipchains (/sbin/ipchains) and you are used to doing su to become root? In that case, next time do su -, so you get a propor root login, with all the sbins in $PATH. No, I ran that scripting session as root so that I wouldn't get anything silly like ownership issues. and Tim Moss wrote: The No such file could be referring to the shebang line. Does /bin/sh exist? Yes. If it wouldn't, all sorts of other things would also break, pretty violently. I still don't know what caused the problem. What I ended up doing was something like: cp ../init.d/firewall ../init.d/firewall.old cp ../init.d/network ../init.d/firewall jed ../init.d/firewall ../init.d/firewall.old and then copying the contents of 'firewall.old' into 'firewall'. After that I didn't get No such file or directory any more, though the original reason is still a mystery to me. Thanks for your help, though. Too bad that you do not have both files anymore, or you would have been able to at least make a diff of the working and the non-working version. Now I get: ash-ock:~# ipchains -F ipchains: cannot open file `/proc/net/ip_fwnames' [which is not surprising, since...] ash-ock:~# ls -la /proc/net/ip* -rw-r--r-- 1 root root0 Jul 22 10:29 /proc/net/ip_forward -rw-r--r-- 1 root root0 Jul 22 10:29 /proc/net/ip_input -rw-r--r-- 1 root root0 Jul 22 10:29 /proc/net/ip_output *sigh* I thought creating all the stuff required was the job of the install routine? Are you sure that you enabled firewalling support in your kernel configuration? I also get setsockopt : protocol not available when trying to set the policy. FWIW this is ipchains --version 1.3.4 (as per standard 'slink' distro, I believe) -- Gary Debian 2.1r4 (kernel v2.0.39); XFree86 3.3.6 ^^ That may also explain these other problems. Consider upgrading the machine to a newer debian release and a newer linux kernel. The facilities you are trying to use may not be supported very well or at all in the kernel and tools that you are using. Also, older debian releases do not get any official security updates. You need to run the stable release for those. 2.0.x kernels do not use ipchains, but use ipfwadm instead. Upgrading is definitely in order, however. Bob