Problem with PMFirewall

Elbryan · 09-18-2005, 05:53 AM

I've been installed PMFirewall but when i try to execute it, on my console appear a lot of bad command like:

Code:

Starting PMFirewall:ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: setting MASQ timeouts failed: Protocol not available
/sbin/ipchains: invalid mask `' specified
Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information.
ipchains: Protocol not available
/sbin/ipchains: invalid mask `' specified
Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information.
ipchains: Protocol not available
/sbin/ipchains: invalid mask `' specified
Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information.
/sbin/ipchains: invalid mask `' specified
Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information.
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
/sbin/ipchains: invalid mask `' specified
Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information.
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
ipchains: Protocol not available
                Done!

Internal: eth1  /
External: eth0  192.168.0.1/255.255.255.0

Why ipchains doesn't work?
Have I made a mistake?

Waiting for a reply,
Thank You

XavierP · 09-18-2005, 07:16 AM

IPChains doesn't work because it was insecure and now IPTables is used. Is this a very old version of the program?

Elbryan · 09-18-2005, 07:29 AM

No .. i've just downloaded it from PMFirewall

I don't know why it doesn't work ..

XavierP · 09-18-2005, 09:26 AM

Ha, I am an internets genius!!! I followed the link you provided and read this:

Quote:

PMFirewall
Current Release:3/28/00 - Version 1.1.4

- emphasis mine.

Your firewall is 5 years old. Uninstall it and get GuardDog or Firestarter.

Elbryan · 09-18-2005, 09:37 AM

Lol .. ahah.
I have been disinstalled that firewall and installed gShield ..
A friend told me to rebuild the kernel in order to configure the network but i really don't know how to start with it.

I want only share my connection with a Windows machine .. is this possibile?
I'm so noob in linux and masquerating and other's stuff .. i really don't understand a thing...

(((((

XavierP · 09-18-2005, 10:05 AM

You shouldn't need to recompile your kernel. If you want to share files with a Windows machine over a network install Samba. Look at www.samba.org and our own Tutorials section and www.tldp.org for configuration help.

Elbryan · 09-18-2005, 10:19 AM

Ok .. and if I want to share my internet connection? What I should do?!!?

ralvez · 09-18-2005, 10:34 AM

If your only need is to share the internet connection then Firestarter (as it was suggested) is the only thing you need. You can get it here: http://www.fs-security.com/
The instructions (from the web site) are excellent, and is is easy to use and set up.

Rick

Elbryan · 09-18-2005, 11:07 AM

Firestarter is fantastic .. one last problem.
The dhcp in linux doesn't work: my sister's pc can't obtain an IP address from this computer .. Have I to start some services?

ralvez · 09-18-2005, 11:38 AM

Well, that depends what you want to do.
I run my network on static IPs because it is a small network and its easy to maintain. Some people will argue that using DHCP is better because the dhcpd daemon will assign address "on the fly" as soon as a machine is added to the network. Windows is set up that way by default, that's why windows's machines get that address automatically.
If you want to set up automatic DHCP in Linux you need to either edit a config file (/etc/rc.d/rc.inet1.conf) and add the following:

# Config information for eth1:
IPADDR[1]=""
NETMASK[1]=""
USE_DHCP[1]="YES" # <-- to use DHCP add YES between quotations
DHCP_HOSTNAME[1]=""

or some distros like SuSE have a graphical interface to help you do that. It depends on your distro. Perhaps you should tell us what you are using.

Hope this helps.

Rick

Elbryan · 09-18-2005, 12:05 PM

ah .. i have this problem ..
I'm using Debian and the "/etc/rc.d/" folder doesn't exists .

However i tried to install a dhcp server (dhcpd) but i can't surf the net form the other computer.

This computer (the ones who have the modem) shouldn't obtain an address in static way ..

I will give you some information:

eth0 is configured with:
- IP: 192.168.1.1
- Subnet mask: 255.255.255.0

the other computer automatically obtain his ip from this pc ..

my dhcpd.conf:

default-lease-time 600;
max-lease-time 7200;

subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;

option domain-name "CASA";
option domain-name-servers 192.168.1.1;

option time-offset -18000; # Eastern Standard Time

range 192.168.1.10 192.168.1.100;
}

I think the problem is the default gateway on other pc.
As default gateway it sees "192.168.1.254" ..
Should it be "192.168.1.1"?!?!

Thanks a lot, you are helping me a lot!

ralvez · 09-18-2005, 01:26 PM

Yes, this line " option routers 192.168.1.254;" should read option routers 192.168.1.1

Rick

Elbryan · 09-18-2005, 01:33 PM

I made that change .. but nothing is working.
Every computer is able to ping each other .. i don't know what to do.

Ah .. i have an eth1 that really doesn't exists.

Modem is ppp0, ethernet card is eth0.
I have this eth1 ... i don't know ..

PS: I've enabled firestarter options to share internet connection

ralvez · 09-18-2005, 01:45 PM

OK, let's re-cap here.
Did firestarter detect your modem?
Are you able to connect to the internet with the machine that has firestarter? This is the "first" step. Once that is accomplished you may go on to troubleshoot the other machine.

So if I was you I would:
a) make sure that the firewall is recognizing the devices I have (hardware) and works with them.
You can start here: http://www.fs-security.com/docs.php
b) make sure I can connect to the internet.
c) troubleshoot other machines in the network that need to use the firewall.

Rick

Elbryan · 09-18-2005, 01:48 PM

Firestarter detect my modem and i'm posting with the linux machine.
Firestarter detect my eth0 too as local area network device (right).

I can connect to the internet.

Other machines in the network are one notebook with Windows XP Professional setted with "automatically obtain IP address from the network".