hi
I have debian sarge stable.
I'd like to get shorewall & ipsec running, but cannot due to following errors:
Code:
# shorewall show capabilities
Shorewall-2.2.3 Chain capabilities at server.net - Mon Mär 20 02:28:22 CET 2006
Counters reset Sun Mar 19 14:44:48 CET 2006
iptables: Table does not exist (do you need to insmod?)
ipsec works, I get the tunnles, but if I save the shorewall config files with webmin, then I get following error:
Code:
Error: Your kernel and/or iptables does not support policy match: ipsec:
my system:
Code:
# uname -a
Linux server.net 2.6.8-2-686 #1 Tue Aug 16 13:22:48 UTC 2005 i686 GNU/Linux
# iptables -V
iptables v1.2.11
# shorewall version
2.2.3
# modprobe ip_tables
# lsmod | grep ip_tables
ip_tables 18464 13 ipt_MASQUERADE,ipt_REJECT,ipt_LOG,ipt_state,ipt_pkttype,ipt_recent,ipt_iprange,ipt_physdev,ipt_multiport,ipt_conntrack,iptable_mangle,iptable_nat,iptable_filter
my shorewall configurations:
Code:
zones:
net Internet
loc Local
vpn VPN
interfaces:
net eth0
loc eth1
ipsec:
vpn Yes
hosts:
vpn eth0:192.168.0.0/24,10.0.0.0/8,192.168.1.0/24,202.X.X.2 ipsec
masq:
eth0 eth1
eth0:192.168.0.0/24 192.168.115.0/24
eth0:10.0.0.0/8 192.168.115.0/24
eth0:192.168.1.0/24 192.168.115.0/24
policy:
loc all ACCEPT
fw net ACCEPT
fw loc ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
loc vpn ACCEPT
vpn loc ACCEPT
tunnels:
ipsec net 202.X.X.2
rules:
ACCEPT net $FW tcp ssh,www,https,ftp,50
ACCEPT net fw udp https,domain,500,4500
ACCEPT fw net udp domain
ACCEPT net:202.X.X.2 $FW tcp
ACCEPT net:202.X.X.2 $FW udp
I cannot start shorewall:
Code:
# /etc/init.d/shorewall start
Starting "Shorewall firewall": /etc/init.d/shorewall: line 121: 32087 Beendet $SRWL start >>$INITLOG 2>&1
not done (check /var/log/shorewall-init.log).
# cat /var/log/shorewall-init.log
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
Processing /etc/shorewall/stopped ...
done.
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Determining Zones...
Zones: net loc vpn
Validating interfaces file...
Validating hosts file...
Error: Your kernel and/or iptables does not support policy match: ipsec
what's wrong or missing on my system and howto solve this problem ?