Re: [Shorewall-users] Shorewall 4.6.4.2

Sun, 19 Oct 2014 07:53:46 -0700 

On 10/19/2014 5:06 AM, Thomas D. wrote:
> Hi,
> 
> I found the problem with my modified loadmodule function in lib.common:
> 
> https://bpaste.net/show/53a60c6f043c
> 
> Now my start output:
> 
>> Initializing...
>> lm: ip_conntrack_amanda
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_amanda.ko
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_amanda.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_amanda.ko
>> lm: ip_conntrack_ftp
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_ftp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_ftp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_ftp.ko
>> lm: ip_conntrack_h323
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_h323.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_h323.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_h323.ko
>> lm: ip_conntrack_irc
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_irc.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_irc.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_irc.ko
>> lm: ip_conntrack_netbios_ns
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_netbios_ns.ko
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_netbios_ns.ko
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_netbios_ns.ko
>> lm: ip_conntrack_pptp
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_pptp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_pptp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_pptp.ko
>> lm: ip_conntrack_sip
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_sip.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_sip.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_sip.ko
>> lm: ip_conntrack_tftp
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_tftp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_tftp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_tftp.ko
>> lm: ip_nat_amanda
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_amanda.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_amanda.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_amanda.ko
>> lm: ip_nat_ftp
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_ftp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_ftp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_ftp.ko
>> lm: ip_nat_h323
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_h323.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_h323.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_h323.ko
>> lm: ip_nat_irc
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_irc.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_irc.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_irc.ko
>> lm: ip_nat_pptp
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_pptp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_pptp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_pptp.ko
>> lm: ip_nat_sip
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_sip.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_sip.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_sip.ko
>> lm: ip_nat_snmp_basic
>> failed, 
>> /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_snmp_basic.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_snmp_basic.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_snmp_basic.ko
>> lm: ip_nat_tftp
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_tftp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_tftp.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_tftp.ko
>> lm: nf_conntrack_ftp
>> lm: nf_conntrack_h323
>> lm: nf_conntrack_irc
>> lm: nf_conntrack_netbios_ns
>> lm: nf_conntrack_netlink
>> lm: nf_conntrack_pptp
>> lm: nf_conntrack_proto_gre
>> lm: nf_conntrack_proto_sctp
>> lm: nf_conntrack_proto_udplite
>> lm: nf_conntrack_sip
>> lm: nf_conntrack_tftp
>> lm: nf_conntrack_sane
>> lm: nf_nat_amanda
>> lm: nf_nat_ftp
>> lm: nf_nat_h323
>> lm: nf_nat_irc
>> lm: nf_nat
>> lm: nf_nat_pptp
>> lm: nf_nat_proto_gre
>> lm: nf_nat_sip
>> lm: nf_nat_snmp_basic
>> lm: nf_nat_tftp
>> lm: ipt_LOG
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ipt_LOG.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ipt_LOG.ko
>> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ipt_LOG.ko
>> lm: xt_NFLOG
>> lm: ipt_ULOG
>> lm: nfnetlink_log
> 
> I never see "Will {insmod,modprobe}{1,2} $module{file,name}..." output.
> 
> 
> If I change
> 
>> loadmodule ipt_LOG
> 
> into
> 
>> loadmodule xt_LOG
> 
> in "/usr/share/shorewall/helpers"
> 
> everything works.
> 
> 
> Seems like the code doesn't really support "aliases",
> 
> $ fgrep ipt_LOG /lib/modules/3.16.6-gentoo/modules.alias
> alias ipt_LOG xt_LOG

Also explains why it works here:

root@gateway:/lib/modules# fgrep ipt_LOG 3.2.0-4-amd64/modules.alias
alias ipt_LOGMARK xt_LOGMARK
root@gateway:/lib/modules# find -name ipt_LOG\*
./3.2.0-4-amd64/kernel/net/ipv4/netfilter/ipt_LOG.ko
root@gateway:/lib/modules#

On Fedora 18, OTOH:

[teastep@localhost ~]$ uname -a
Linux localhost.localdomain 3.14.8-100.fc19.x86_64 #1 SMP Mon Jun 16
21:53:59 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[teastep@localhost ~]$ cd /lib/modules/3.14.8-100.fc19.x86_64/
[teastep@localhost 3.14.8-100.fc19.x86_64]$ find -name ipt_LOG\*
[teastep@localhost 3.14.8-100.fc19.x86_64]$ find -name xt_LOG\*
./kernel/net/netfilter/xt_LOG.ko
[teastep@localhost 3.14.8-100.fc19.x86_64]$ fgrep LOG modules.alias
alias ip6t_LOG xt_LOG
alias ipt_LOG xt_LOG
alias ip6t_NFLOG xt_NFLOG
alias ipt_NFLOG xt_NFLOG
alias net-pf-16-proto-5 ipt_ULOG
[teastep@localhost 3.14.8-100.fc19.x86_64]$

So it looks like we need both names in the helpers files :-(

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to