thanks - ive recompiled my kernel ( gentoo) and added the things I think I
need
and have
gravity paul # lsmod
Module Size Used by
xt_state 2048 0
xt_tcpmss 1920 0
xt_tcpudp 2816 0
xt_pkttype 1664 0
iptable_raw 1920 0
xt_CLASSIFY 1664 0
xt_CONNMARK 2304 0
xt_MARK 2048 0
xt_comment 1664 0
xt_length 1792 0
xt_connmark 1920 0
xt_policy 3200 0
xt_multiport 2816 0
xt_conntrack 2304 0
nf_conntrack 45912 4 xt_state,xt_CONNMARK,xt_connmark,xt_conntrack
iptable_mangle 2176 0
ipt_ULOG 6148 0
ipt_TTL 1920 0
ipt_ttl 1664 0
ipt_TOS 1792 0
ipt_tos 1408 0
ipt_REJECT 3328 0
ipt_recent 7064 0
ipt_owner 1792 0
ipt_LOG 5248 0
ipt_iprange 1664 0
ipt_ECN 2432 0
ipt_ecn 1920 0
ipt_ah 1664 0
ipt_addrtype 1664 0
iptable_filter 2304 1
ip_tables 9032 3 iptable_raw,iptable_mangle,iptable_filter
x_tables 10244 28
xt_state,xt_tcpmss,xt_tcpudp,xt_pkttype,xt_CLASSIFY,xt_CONNMARK,xt_MARK,xt_comment,xt_length,xt_connmark,xt_policy,xt_multiport,xt_conntrack,ipt_ULOG,ipt_TTL,ipt_ttl,ipt_TOS,ipt_tos,ipt_REJECT,ipt_recent,ipt_owner,ipt_LOG,ipt_iprange,ipt_ECN,ipt_ecn,ipt_ah,ipt_addrtype,ip_tables
i915 19840 2
michael_mic 2304 6
ieee80211_crypt_tkip 8960 3
pcmcia 32936 0
yenta_socket 21132 2
rsrc_nonstatic 9728 1 yenta_socket
pcmcia_core 31508 3 pcmcia,yenta_socket,rsrc_nonstatic
ipw2100 58800 0
8139cp 16256 0
8139too 19072 0
gravity paul #
gravity paul # cat /usr/src/linux/.config |grep -i conn
CONFIG_NF_CONNTRACK_ENABLED=m
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_AMANDA=m
CONFIG_NF_CONNTRACK_FTP=m
CONFIG_NF_CONNTRACK_H323=m
CONFIG_NF_CONNTRACK_IRC=m
CONFIG_NF_CONNTRACK_NETBIOS_NS=m
CONFIG_NF_CONNTRACK_PPTP=m
CONFIG_NF_CONNTRACK_SANE=m
CONFIG_NF_CONNTRACK_SIP=m
CONFIG_NF_CONNTRACK_TFTP=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
# CONFIG_NF_CONNTRACK_IPV4 is not set
# Connector - unified userspace <-> kernelspace linker
# CONFIG_CONNECTOR is not set
gravity paul # cat /usr/src/linux/.config |grep -i match
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
CONFIG_NETFILTER_XT_MATCH_ESP=m
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
# CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_QUOTA=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
# CONFIG_NET_EMATCH is not set
gravity paul #
gravity paul # /etc/init.d/shorewall start
* Starting firewall ...
WARNING: NAT disabled; masq rule ignored
iptables: Invalid argument
ERROR: Command "/sbin/iptables -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT" Failed
iptables: Invalid argument
iptables: Invalid argument
/sbin/shorewall: line 375: 9377 Terminated ${VARDIR}/.start
$debugging start [ !! ]
gravity paul #
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
