Henry Lee wrote: > > When I type: shorewall show capabilities, nothing is available. The > output is part of shorewall dump, so I won't print it redundantly, but > the relevant line is: > > Shorewall has detected the following iptables/netfilter capabilities: > ... > Recent Match: Not available > ... (all of the modules are "Not available")
Looks like you are not running as root. > > Now, I'm pretty sure that iptables has these modules installed. > Concentrating for a moment on ipt_recent (for port knocking), if I type: > lsmod | grep ipt_recent, I get: > > ipt_recent 10392 0 > x_tables 16260 44 > xt_comment,xt_policy,xt_multiport,ipt_ULOG,ipt_TTL,ipt_ttl,ipt_TOS,ipt_tos,ipt_SAME,ipt_REJECT,ipt_REDIRECT,ipt_recent,ipt_owner,ipt_NETMAP,ipt_MASQUERADE,ipt_LOG,ipt_iprange,ipt_ECN,ipt_ecn,ipt_CLUSTERIP,ipt_ah,ipt_addrtype,xt_tcpmss,xt_pkttype,xt_physdev,xt_NFQUEUE,xt_NFLOG,xt_MARK,xt_mark,xt_mac,xt_limit,xt_length,xt_helper,xt_hashlimit,ip6_tables,xt_dccp,xt_conntrack,xt_CONNMARK,xt_connmark,xt_CLASSIFY,xt_tcpudp,xt_state,iptable_nat,ip_tables > > So I think it's there. Also, the relevant modules are listed in > /usr/share/shorewall/modules (I haven't modified it from the initial > install). It just seems that, for whatever reason, shorewall doesn't > recognize that it's there, and won't use it (or any other of the > netfilter modules, I guess). Shorewall seems to start just fine, so I > think it's working otherwise. Do I need to modify > /etc/shorewall/shorewall.conf to put the path there explicitly? > > If i try locate ipt_recent, I get: > > /lib/iptables/libipt_recent.so > /lib/modules/2.6.22-14-generic/kernel/net/ipv4/netfilter/ipt_recent.ko > /usr/src/linux-headers-2.6.22-14/include/linux/netfilter_ipv4/ipt_recent.h > > From reading the documentation pages, it SEEMS that the default for > Modulesdir in shorewall.conf should be able to find this, but I > explicitly tried putting in /usr/srx/linux-header.../ipv4/netfilter in > /etc/shorewall/shorewall.conf. Obviously that didn't work either :) > > > /sbin/shorewall: 177: -L: not found Looks like you are not running as root. > > Log (/var/log/messages) > > > NAT Table > > /sbin/shorewall: 177: -t: not found Looks like you are not running as root. > > Mangle Table > > /sbin/shorewall: 177: -t: not found Looks like you are not running as root. > > Conntrack Table > > cat: /proc/net/ip_conntrack: Permission denied > cat: /proc/net/nf_conntrack: Permission denied Looks like you are not running as root. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
