LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   shorewall & ipsec (https://www.linuxquestions.org/questions/linux-networking-3/shorewall-and-ipsec-424667/)

cccc 03-14-2006 04:08 AM
shorewall & ipsec
 
hi

I have debian sarge stable.
I'd like to get shorewall & ipsec running, but cannot due to following errors:
Code:
# shorewall show capabilities
Shorewall-2.2.3 Chain capabilities at server.net - Mon Mär 20 02:28:22 CET 2006

Counters reset Sun Mar 19 14:44:48 CET 2006

iptables: Table does not exist (do you need to insmod?)
ipsec works, I get the tunnles, but if I save the shorewall config files with webmin, then I get following error:
Code:
Error: Your kernel and/or iptables does not support policy match: ipsec:
my system:
Code:
# uname -a
Linux server.net 2.6.8-2-686 #1 Tue Aug 16 13:22:48 UTC 2005 i686 GNU/Linux
# iptables -V
iptables v1.2.11
# shorewall version
2.2.3
# modprobe ip_tables
# lsmod | grep ip_tables
ip_tables 18464 13 ipt_MASQUERADE,ipt_REJECT,ipt_LOG,ipt_state,ipt_pkttype,ipt_recent,ipt_iprange,ipt_physdev,ipt_multiport,ipt_conntrack,iptable_mangle,iptable_nat,iptable_filter
my shorewall configurations:
Code:
zones:
net Internet
loc Local
vpn VPN

interfaces:
net eth0
loc eth1

ipsec:
vpn Yes

hosts:
vpn eth0:192.168.0.0/24,10.0.0.0/8,192.168.1.0/24,202.X.X.2 ipsec

masq:
eth0    eth1

eth0:192.168.0.0/24    192.168.115.0/24
eth0:10.0.0.0/8      192.168.115.0/24
eth0:192.168.1.0/24    192.168.115.0/24

policy:
loc all ACCEPT
fw net ACCEPT
fw loc ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
loc vpn ACCEPT
vpn loc ACCEPT

tunnels:
ipsec net 202.X.X.2

rules:
ACCEPT    net    $FW    tcp    ssh,www,https,ftp,50
ACCEPT net fw udp https,domain,500,4500
ACCEPT fw net udp domain
ACCEPT    net:202.X.X.2    $FW    tcp
ACCEPT    net:202.X.X.2    $FW    udp
I cannot start shorewall:
Code:
# /etc/init.d/shorewall start
Starting "Shorewall firewall": /etc/init.d/shorewall: line 121: 32087 Beendet $SRWL start >>$INITLOG 2>&1
not done (check /var/log/shorewall-init.log).

# cat /var/log/shorewall-init.log
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
Processing /etc/shorewall/stopped ...
done.
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Determining Zones...
Zones: net loc vpn
Validating interfaces file...
Validating hosts file...
Error: Your kernel and/or iptables does not support policy match: ipsec

what's wrong or missing on my system and howto solve this problem ?


All times are GMT -5. The time now is 12:22 AM.