Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-11-2004, 01:24 PM
|
#1
|
Member
Registered: Sep 2003
Distribution: Mandriva 2006,OpenSuse 10.1
Posts: 154
Rep:
|
Problem w/Shorewall?
hello,
Just installed Shorewall and it seems to be working ok after i setup policys but when I boot mandrake 9.1 i get message "Adding Common Rules
iptables v1.2.7a: host/network `dhcp' not found
Try `iptables -h' or 'iptables --help' for more information." and it says failed on the interactive startup. yet when i login and go to s. gibsons ShieldsUp and run probe every port is stealth like I set it up What gives. Can anyone explain whats happening and how do iget rid of this error message...
thanx
alan
p.s- if helpful this is on a 56k modem w/dhcp from my isp...
|
|
|
03-12-2004, 01:22 PM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
iptables v1.2.7a: host/network `dhcp' not found
Means the firewall script read a variable which value is "dhcp", and Iptables doesn't deal with variables called "dhcp". Run the script in debug mode ("sh -x scriptname 2>/tmp/error.log"), then check the output for where the error occurs (or check your Shorewall config files for a variable that has the value "dhcp") and correct it.
|
|
|
03-13-2004, 08:19 PM
|
#3
|
Member
Registered: Sep 2003
Distribution: Mandriva 2006,OpenSuse 10.1
Posts: 154
Original Poster
Rep:
|
In my /etc/shorewall/interfaces file i have the last line as "net ppp0 dhcp". Now when i delete the dhcp and restart shorewall i dont get any error message and it says shorewall started fine. The only problem is my internet connection doesnt work then. as soon as I restore the dhcp field and restart shorewall I can surf ok. But of course the above error message has returned.Any thoughts on why this is happening...
alan
|
|
|
03-16-2004, 01:59 PM
|
#4
|
Member
Registered: Sep 2003
Distribution: Mandriva 2006,OpenSuse 10.1
Posts: 154
Original Poster
Rep:
|
just wanted to add that I ran the debug command and the line that is causing the trouble is:
+ run_iptables -A reject -s dhcp -j DROP
+ iptables -A reject -s dhcp -j DROP
iptables v1.2.7a: host/network `dhcp' not found
Try `iptables -h' or 'iptables --help' for more information.
Doing a iptables -h i see that the -s parameter is supposed 2 be used as a source destination. But the the only place i have the dhcp variable is in the interfaces file as:
net ppp0 dhcp. is this incorrect?
alan
|
|
|
04-12-2004, 05:07 AM
|
#5
|
Member
Registered: Feb 2004
Location: Croatia
Distribution: slackware 10.1, debian sarge, knoppix, ubuntu 7.04
Posts: 67
Rep:
|
I have the same problem, but in my /etc/shorewall/interfaces file tags looks like this:
net ppp+ detect
masq eth0 detect
I can't start shorewall, I get this error:
ip tables v1.2.7a host/network '192.168.1.1_hosts' not found ....
and bla bla bla
can enybody tell me where I can solve this problem?
|
|
|
04-12-2004, 06:48 AM
|
#6
|
Senior Member
Registered: Mar 2004
Location: far enough
Distribution: OS X 10.6.7
Posts: 1,690
Rep:
|
kernel compiling
kernel modules(especially iptables ones)
/etc/hosts
is the way to solve it
|
|
|
12-02-2006, 07:37 PM
|
#7
|
LQ Newbie
Registered: Jun 2006
Location: Bahia de Banderas, Nayarit-Mexico
Distribution: CentOS 3.4
Posts: 4
Rep:
|
Fichero de configuración /etc/shorewall/shorewall.conf
STARTUP_ENABLED=Yes
CLAMPMSS=Yes
/etc/shorewall/zones
#ZONE DISPLAY OPTIONS
fw firewall
net ipv4
loc ipv4
dmz ipv4
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
#######################################
/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS GATEWAY
net ppp0 detect
loc eth0 detect
ó if you have net interfaces
#ZONE INTERFACE BROADCAST OPTIONS GATEWAY
net eth0 detect
loc eth1 detect
If at all there was a service of DHCP, be as client, as server or as middleman, in some of the interfaces, the option dhcp should be added to allow the communication required for this service.
#ZONE INTERFACE BROADCAST OPTIONS GATEWAY
net ppp0 detect dhcp
loc eth1 detect dhcp
##############################################
/etc/shorewall/policy
#SOURCE DEST POLICY LOG LIMIT:BURST
loc net ACCEPT
fw net ACCEPT
net all DROP info
all all REJECT info
#############################################
/etc/shorewall/masq
#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
ppp0 eth0
ppp0 eth1
ó
In the following example, he/she will be carried out enmascaramiento through the interface eth0 for the nets 192.168.0.0/24 and 192.168.1.0/24:
#INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC
eth0 192.168.0.0/24
eth0 192.168.1.0/24
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
with the rules implmentas like like and send
|
|
|
All times are GMT -5. The time now is 04:25 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|