Re: [gentoo-user] no shorewall
On Tue, 28 Aug 2007, William Kenworthy wrote: > Checking the obvious: you have gone through and manually checked that > the modules are still being built? > Yes. > There has been some renaming going on within netfilter that just using > oldconfig misses a few (leaves them unselected, but didnt ask if I I don't trust oldconfig. I use it to see what's new, but then I use menuconfig on the previously saved config file (see original post). > wanted them built). Not sure which kernel versions were involved but > its recent, and caught me out - I was using the monmotha script at the > time and the error messages were a good pointer. Is dmesg showing > anything after applying shorewall? Didn't check that. Too late now. Jorge -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
Checking the obvious: you have gone through and manually checked that the modules are still being built? There has been some renaming going on within netfilter that just using oldconfig misses a few (leaves them unselected, but didnt ask if I wanted them built). Not sure which kernel versions were involved but its recent, and caught me out - I was using the monmotha script at the time and the error messages were a good pointer. Is dmesg showing anything after applying shorewall? BillK On Mon, 2007-08-27 at 08:43 +0100, Jorge Almeida wrote: > On Mon, 27 Aug 2007, W.Kenworthy wrote: > > > No problems on multiple systems built using oldconfig and not rebuilding > > iptables. > OK, that means it's not some problem related with gentoo-sources > patches. > > > > In the kernel I turn everything on by default and build it modular - > > this might be the cause for you? > > > I don't think so. I have everything as module. Some modules (very few, > related to hw I don't have) I didn't select, but they were never needed > with former kernel versions... > > Thanks. > > Jorge -- William Kenworthy <[EMAIL PROTECTED]> Home in Perth! -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
Jorge Almeida wrote: > Meanwhile, I ended up by selecting all modules in my former > config, even those that are plainly irrelevant (according to the > help in menuconfig) and shorewall now starts OK. I just wish I > were any wiser, which I'm not. Sure you are. You've learned that shorewall sets up rules that are plainly irrelevant. :) Benno -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
On Mon, 27 Aug 2007, David Snider wrote: > > > Here's my .config > Thanks, David. Your configuration works for me. Meanwhile, I ended up by selecting all modules in my former config, even those that are plainly irrelevant (according to the help in menuconfig) and shorewall now starts OK. I just wish I were any wiser, which I'm not. Cheers, Jorge -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
Jorge Almeida wrote: On Sun, 26 Aug 2007, David Snider wrote: Anybody managed to get shorewall working with gentoo-sources 2.6.22-r5? I upgraded from 2.6.20, and there went the firewall. I used oldconfig I recently updated to 2.6.22-r5. Shorewall seems to be working great. No errors on startup. I can post my .config file if you would like. OK, thanks. My firewall is for a stand-alone workstation. Jorge Here's my .config # # Automatically generated make config: don't edit # Linux kernel version: 2.6.22-gentoo-r5 # Sun Aug 26 20:36:52 2007 # CONFIG_X86_32=y CONFIG_GENERIC_TIME=y CONFIG_CLOCKSOURCE_WATCHDOG=y CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y CONFIG_LOCKDEP_SUPPORT=y CONFIG_STACKTRACE_SUPPORT=y CONFIG_SEMAPHORE_SLEEPERS=y CONFIG_X86=y CONFIG_MMU=y CONFIG_ZONE_DMA=y CONFIG_QUICKLIST=y CONFIG_GENERIC_ISA_DMA=y CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y CONFIG_DMI=y CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" # # Code maturity level options # CONFIG_EXPERIMENTAL=y CONFIG_BROKEN_ON_SMP=y CONFIG_INIT_ENV_ARG_LIMIT=32 # # General setup # CONFIG_LOCALVERSION="" CONFIG_LOCALVERSION_AUTO=y CONFIG_SWAP=y CONFIG_SYSVIPC=y # CONFIG_IPC_NS is not set CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y # CONFIG_BSD_PROCESS_ACCT is not set # CONFIG_TASKSTATS is not set # CONFIG_UTS_NS is not set CONFIG_AUDIT=y CONFIG_AUDITSYSCALL=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 # CONFIG_SYSFS_DEPRECATED is not set # CONFIG_RELAY is not set CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="" # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_SYSCTL=y # CONFIG_EMBEDDED is not set CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_EXTRA_PASS is not set CONFIG_HOTPLUG=y CONFIG_PRINTK=y CONFIG_BUG=y CONFIG_ELF_CORE=y CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_ANON_INODES=y CONFIG_EPOLL=y CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_VM_EVENT_COUNTERS=y CONFIG_SLAB=y # CONFIG_SLUB is not set # CONFIG_SLOB is not set CONFIG_RT_MUTEXES=y # CONFIG_TINY_SHMEM is not set CONFIG_BASE_SMALL=0 # # Loadable module support # CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y CONFIG_MODULE_FORCE_UNLOAD=y # CONFIG_MODVERSIONS is not set # CONFIG_MODULE_SRCVERSION_ALL is not set CONFIG_KMOD=y # # Block layer # CONFIG_BLOCK=y CONFIG_LBD=y # CONFIG_BLK_DEV_IO_TRACE is not set # CONFIG_LSF is not set # # IO Schedulers # CONFIG_IOSCHED_NOOP=y CONFIG_IOSCHED_AS=y CONFIG_IOSCHED_DEADLINE=y CONFIG_IOSCHED_CFQ=y CONFIG_DEFAULT_AS=y # CONFIG_DEFAULT_DEADLINE is not set # CONFIG_DEFAULT_CFQ is not set # CONFIG_DEFAULT_NOOP is not set CONFIG_DEFAULT_IOSCHED="anticipatory" # # Processor type and features # CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y # CONFIG_SMP is not set CONFIG_X86_PC=y # CONFIG_X86_ELAN is not set # CONFIG_X86_VOYAGER is not set # CONFIG_X86_NUMAQ is not set # CONFIG_X86_SUMMIT is not set # CONFIG_X86_BIGSMP is not set # CONFIG_X86_VISWS is not set # CONFIG_X86_GENERICARCH is not set # CONFIG_X86_ES7000 is not set # CONFIG_PARAVIRT is not set # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set # CONFIG_M586TSC is not set # CONFIG_M586MMX is not set # CONFIG_M686 is not set # CONFIG_MPENTIUMII is not set # CONFIG_MPENTIUMIII is not set # CONFIG_MPENTIUMM is not set # CONFIG_MCORE2 is not set CONFIG_MPENTIUM4=y # CONFIG_MK6 is not set # CONFIG_MK7 is not set # CONFIG_MK8 is not set # CONFIG_MCRUSOE is not set # CONFIG_MEFFICEON is not set # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP2 is not set # CONFIG_MWINCHIP3D is not set # CONFIG_MGEODEGX1 is not set # CONFIG_MGEODE_LX is not set # CONFIG_MCYRIXIII is not set # CONFIG_MVIAC3_2 is not set # CONFIG_MVIAC7 is not set # CONFIG_X86_GENERIC is not set CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=7 CONFIG_X86_XADD=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y # CONFIG_ARCH_HAS_ILOG2_U32 is not set # CONFIG_ARCH_HAS_ILOG2_U64 is not set CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_GOOD_APIC=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_USE_PPRO_CHECKSUM=y CONFIG_X86_TSC=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_MODEL=4 CONFIG_HPET_TIMER=y CONFIG_HPET_EMULATE_RTC=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set CONFIG_X86_UP_APIC=y CONFIG_X86_UP_IOAPIC=y CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y CONFIG_X86_MCE=y CONFIG_X86_MCE_NONFATAL=y CONFIG_X86_MCE_P4THERMAL=y CONFIG_VM86=y # CONFIG_TOSHIBA is not set # CONFIG_I8K is not set # CONFIG_X86_REBOOTFIXUPS is not set # CONFIG_MICROCODE is not set # CONFIG_X86_MSR is not set # CONFIG_X86_CPUID is not set # # Firmware Drivers # # CONFIG_EDD is not set # CONFIG_DELL_RBU is not set CONFIG_DCDBAS=m CONFIG_NOHIGHMEM=y # CONFIG_HIGHMEM4G is not set # CONFIG_HIGHMEM64G is not set CONFIG_P
Re: [gentoo-user] no shorewall
On Sun, 26 Aug 2007, David Snider wrote: > > > > > Anybody managed to get shorewall working with gentoo-sources > > > > > 2.6.22-r5? > > > > > I upgraded from 2.6.20, and there went the firewall. I used oldconfig > > > > > > I recently updated to 2.6.22-r5. Shorewall seems to be working great. No > errors on startup. I can post my .config file if you would like. OK, thanks. My firewall is for a stand-alone workstation. Jorge -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
On Mon, 27 Aug 2007, W.Kenworthy wrote: > No problems on multiple systems built using oldconfig and not rebuilding > iptables. OK, that means it's not some problem related with gentoo-sources patches. > > In the kernel I turn everything on by default and build it modular - > this might be the cause for you? > I don't think so. I have everything as module. Some modules (very few, related to hw I don't have) I didn't select, but they were never needed with former kernel versions... Thanks. Jorge -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
W.Kenworthy wrote: No problems on multiple systems built using oldconfig and not rebuilding iptables. In the kernel I turn everything on by default and build it modular - this might be the cause for you? Billk On Sun, 2007-08-26 at 08:09 +0100, Jorge Almeida wrote: On Sun, 26 Aug 2007, Norman Rieß wrote: Jorge Almeida schrieb: Anybody managed to get shorewall working with gentoo-sources 2.6.22-r5? I upgraded from 2.6.20, and there went the firewall. I used oldconfig I recently updated to 2.6.22-r5. Shorewall seems to be working great. No errors on startup. I can post my .config file if you would like. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
No problems on multiple systems built using oldconfig and not rebuilding iptables. In the kernel I turn everything on by default and build it modular - this might be the cause for you? Billk On Sun, 2007-08-26 at 08:09 +0100, Jorge Almeida wrote: > On Sun, 26 Aug 2007, Norman Rieß wrote: > > > Jorge Almeida schrieb: > > > Anybody managed to get shorewall working with gentoo-sources 2.6.22-r5? > > > I upgraded from 2.6.20, and there went the firewall. I used oldconfig > > > > > -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
On Sun, 26 Aug 2007, Norberto Bensa wrote: > Try every netfilter option as module. If the problem continues, perhaps you'll Everything is already as module... > like to ask on shorewall's mailing lists if there are know issues with 2.6.22. Will do. > > BTW: a quick Googling shows netfilter is somewhat buggy on 2.6.22: > > http://www.mail-archive.com/shorewall-users%40lists.sourceforge.net/msg02999.html > http://bugzilla.kernel.org/show_bug.cgi?id=8789 > I already had found these before posting. I also had the "Error inserting ipt_LOG" problem, but I just unselected the corresponding entry in the config, because I use ULOG anyway. I don't understand what they mean by "recompiling iptables against kernel 2.6.??". After all, the kernel is not a library, and even the headers don't really belong to the current kernel. Besides, the firewall works when I revert to 2.6.20, even if I didn't recompile iptables a second time. > Perhaps you're just hitting a bug :-/ Yes, or maybe the kernel masters just changed something and the info still didn't make its way to user's level... I'll try the shorewall list, and if needed I'll just skip one more kernel version. Thanks, Jorge -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
Quoting Jorge Almeida <[EMAIL PROTECTED]>: Have you recompiled iptables? I recompiled iptables once after emerging 2.6.22. Should I do it every time I make some changes to the kernel configuration, or when I "make modules"? Usually it isn't needed but it won't hurt. Actually, I was out of ideas. I run shorewall, but it's a Debian box (kernel 2.6.18-something...) Try every netfilter option as module. If the problem continues, perhaps you'll like to ask on shorewall's mailing lists if there are know issues with 2.6.22. BTW: a quick Googling shows netfilter is somewhat buggy on 2.6.22: http://www.mail-archive.com/shorewall-users%40lists.sourceforge.net/msg02999.html http://bugzilla.kernel.org/show_bug.cgi?id=8789 Perhaps you're just hitting a bug :-/ Regards, Norberto This message was sent using IMP, the Internet Messaging Program. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
On Sun, 26 Aug 2007, Norberto Bensa wrote: > "--" means you can't deselect (because its pulled by something else...) Yes. But it was not so before, with 2.6.20. > > > Have you recompiled iptables? I recompiled iptables once after emerging 2.6.22. Should I do it every time I make some changes to the kernel configuration, or when I "make modules"? > Jorge -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
Quoting Jorge Almeida <[EMAIL PROTECTED]>: the problem is with "accounting", and in kernel 2.6.20 I had an entry with that name selected. But with 2.6.22 that entry is no longer selectable (it has --), so I assume its functionallity went somewhere else... "--" means you can't deselect (because its pulled by something else...) Have you recompiled iptables? Try selecting everything (netfilter I mean) as modules. Regards, Norberto This message was sent using IMP, the Internet Messaging Program. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] no shorewall
On Sun, 26 Aug 2007, Norman Rieß wrote: > Jorge Almeida schrieb: > > Anybody managed to get shorewall working with gentoo-sources 2.6.22-r5? > > I upgraded from 2.6.20, and there went the firewall. I used oldconfig > > > I had similar problems. I solved them with the kernelsettings here: > http://www.shorewall.net/3.0/kernel.htm#v2.6.20 > which ist pretty much activating everything :-). So i don´t really know Well, I already had almost everything activated. When you say "similar", are you talking about kernel 2.6.22? My setup worked (and is working now) with 2.6.20 (I never tried 2.6.21). The shorewall output suggests the problem is with "accounting", and in kernel 2.6.20 I had an entry with that name selected. But with 2.6.22 that entry is no longer selectable (it has --), so I assume its functionallity went somewhere else... I suppose I'll have to stay with 2.6.20... Thanks. Jorge
Re: [gentoo-user] no shorewall
Jorge Almeida schrieb: > Anybody managed to get shorewall working with gentoo-sources 2.6.22-r5? > I upgraded from 2.6.20, and there went the firewall. I used oldconfig > just to see what's new, then make clean, then make menuconfig (starting > with the saved config file from kernel 2.6.20). Shorewall is version > 3.2.9. I already changed a few things in case some module would be > missing due to name change. I'm out of ideas. In case someone can > provide some suggestion, here comes the output of shorewall start and > the relevant part of .config. > > > I had similar problems. I solved them with the kernelsettings here: http://www.shorewall.net/3.0/kernel.htm#v2.6.20 which ist pretty much activating everything :-). So i don´t really know what did the trick. But i did not compile this as moduls. Perhaps this is a little wastefull, but it worked. Norman -- [EMAIL PROTECTED] mailing list