LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page shorewall & ipsec
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-14-2006, 04:08 AM   #1
cccc
Senior Member
 
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,623

Rep: Reputation: 51
shorewall & ipsec

hi

I have debian sarge stable.
I'd like to get shorewall & ipsec running, but cannot due to following errors:
Code:
# shorewall show capabilities
Shorewall-2.2.3 Chain capabilities at server.net - Mon Mär 20 02:28:22 CET 2006

Counters reset Sun Mar 19 14:44:48 CET 2006

iptables: Table does not exist (do you need to insmod?)
ipsec works, I get the tunnles, but if I save the shorewall config files with webmin, then I get following error:
Code:
Error: Your kernel and/or iptables does not support policy match: ipsec:
my system:
Code:
# uname -a
Linux server.net 2.6.8-2-686 #1 Tue Aug 16 13:22:48 UTC 2005 i686 GNU/Linux
# iptables -V
iptables v1.2.11
# shorewall version
2.2.3
# modprobe ip_tables
# lsmod | grep ip_tables
ip_tables 18464 13 ipt_MASQUERADE,ipt_REJECT,ipt_LOG,ipt_state,ipt_pkttype,ipt_recent,ipt_iprange,ipt_physdev,ipt_multiport,ipt_conntrack,iptable_mangle,iptable_nat,iptable_filter
my shorewall configurations:
Code:
zones:
net Internet
loc Local
vpn VPN

interfaces:
net eth0
loc eth1

ipsec:
vpn Yes

hosts:
vpn eth0:192.168.0.0/24,10.0.0.0/8,192.168.1.0/24,202.X.X.2 ipsec

masq:
eth0     eth1

eth0:192.168.0.0/24     192.168.115.0/24
eth0:10.0.0.0/8      192.168.115.0/24
eth0:192.168.1.0/24     192.168.115.0/24

policy:
loc all ACCEPT
fw net ACCEPT
fw loc ACCEPT
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
loc vpn ACCEPT
vpn loc ACCEPT

tunnels:
ipsec net 202.X.X.2

rules:
ACCEPT     net     $FW     tcp     ssh,www,https,ftp,50
ACCEPT net fw udp https,domain,500,4500
ACCEPT fw net udp domain
ACCEPT     net:202.X.X.2     $FW     tcp
ACCEPT     net:202.X.X.2     $FW     udp
I cannot start shorewall:
Code:
# /etc/init.d/shorewall start
Starting "Shorewall firewall": /etc/init.d/shorewall: line 121: 32087 Beendet $SRWL start >>$INITLOG 2>&1
not done (check /var/log/shorewall-init.log).

# cat /var/log/shorewall-init.log
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
Processing /etc/shorewall/stopped ...
done.
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Determining Zones...
Zones: net loc vpn
Validating interfaces file...
Validating hosts file...
Error: Your kernel and/or iptables does not support policy match: ipsec

what's wrong or missing on my system and howto solve this problem ?
Last edited by cccc; 03-19-2006 at 08:23 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Shorewall & Smoothwall both - waste of cpu cycles? alaskazimm Linux - Security 1 09-29-2005 07:24 AM
IPSec & Cryptoapi MediMania Linux - Software 1 12-20-2004 10:01 PM
adsl to RH9 with shorewall to BEFSR41 to XP & Slackware 10 Mr54mk Linux - Networking 4 09-16-2004 04:47 AM
Mandrake 10 & Shorewall 2 hlozo Mandriva 3 05-27-2004 01:40 PM
Problem with Shorewall Firewall & IPTables Led*Zep Linux - Networking 1 03-15-2003 09:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:09 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration