Hinweis: Das Forum wird geschlossen! Neue Registrierungen sind nicht mehr möglich!

 Zurück zu Pro-Linux   Foren-Übersicht   FAQ     Suchen    Mitgliederliste
shorewall lässt sich nur starten wenn ppp0 up ist

 
Neuen Beitrag schreiben   Auf Beitrag antworten    Pro-Linux Foren-Übersicht -> Sicherheit
Vorheriges Thema anzeigen :: Nächstes Thema anzeigen  
Autor Nachricht
x-tux
Gast





BeitragVerfasst am: 26. Jul 2004 12:20   Titel: shorewall lässt sich nur starten wenn ppp0 up ist

Hallo!

ich habe ein problem mit MDK-10 und shorewall,
meine konstellation ist folgende:

eth0 loc <--- IP 192.168.x.1
eth1 net <---IP 10.0.x.10

(shorewall version 2.0.1)

wenn ich jetzt den rechner starte bekomme ich die meldung:

Zitat:
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Restarting Shorewall...
Loading Modules...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Available
Determining Zones...
Zones: net loc
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: ppp+:0.0.0.0/0 eth1:0.0.0.0/0
Local Zone: eth0:0.0.0.0/0
Processing /etc/shorewall/init ...
Deleting user chains...
Setting up Accounting...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Host 192.168.x.0 NAT 10.0.x.10 on ppp0
Setting up NETMAP...
Adding Common Rules
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.DropSMB...
Pre-processing /usr/share/shorewall/action.RejectSMB...
Pre-processing /usr/share/shorewall/action.DropUPnP...
Pre-processing /usr/share/shorewall/action.RejectAuth...
Pre-processing /usr/share/shorewall/action.DropPing...
Pre-processing /usr/share/shorewall/action.DropDNSrep...
Pre-processing /usr/share/shorewall/action.AllowPing...
Pre-processing /usr/share/shorewall/action.AllowFTP...
Pre-processing /usr/share/shorewall/action.AllowDNS...
Pre-processing /usr/share/shorewall/action.AllowSSH...
Pre-processing /usr/share/shorewall/action.AllowWeb...
Pre-processing /usr/share/shorewall/action.AllowSMB...
Pre-processing /usr/share/shorewall/action.AllowAuth...
Pre-processing /usr/share/shorewall/action.AllowSMTP...
Pre-processing /usr/share/shorewall/action.AllowPOP3...
Pre-processing /usr/share/shorewall/action.AllowIMAP...
Pre-processing /usr/share/shorewall/action.AllowTelnet...
Pre-processing /usr/share/shorewall/action.AllowVNC...
Pre-processing /usr/share/shorewall/action.AllowVNCL...
Pre-processing /usr/share/shorewall/action.AllowNTP...
Pre-processing /usr/share/shorewall/action.AllowRdate...
Pre-processing /usr/share/shorewall/action.AllowNNTP...
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
Pre-processing /usr/share/shorewall/action.AllowSNMP...
Pre-processing /usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Processing /etc/shorewall/rules...
Rule "ACCEPT loc net TCP 20:22,25,53,80,110,1863,3128,5190,6891:6900,6699,10000,7950" added.
Rule "ACCEPT loc net UDP 20:22,25,53,80,110,1863,3128,5190,6257,6891:6900,10000" added.
Rule "ACCEPT net loc TCP 21,22,25,53,80,110,1863,3128,5190,6891:6900,6699,10000,7950" added.
Rule "ACCEPT net loc UDP 21,22,25,53,80,110,1863,3128,5190,6257,6891:6900,10000" added.
Rule "ACCEPT fw loc UDP 137:139" added.
Rule "ACCEPT fw loc TCP 137,139" added.
Rule "ACCEPT fw loc UDP 1024: 137" added.
Rule "ACCEPT loc fw UDP 137:139" added.
Rule "ACCEPT loc fw TCP 137,139" added.
Rule "ACCEPT loc fw UDP 1024: 137" added.
Rule "ACCEPT loc fw TCP 21,22,25,53,80,110,3128,10000" added.
Processing Actions...
Processing /usr/share/shorewall/action.Drop...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "DropSMB" added.
Rule "DropUPnP" added.
Rule "dropNonSyn" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.Reject...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "RejectSMB" added.
Rule "DropUPnP" added.
Rule "dropNonSyn" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.RejectAuth...
Rule "REJECT - - tcp 113" added.
Processing /usr/share/shorewall/action.DropSMB...
Rule "DROP - - udp 135" added.
Rule "DROP - - udp 137:139" added.
Rule "DROP - - udp 445" added.
Rule "DROP - - tcp 135" added.
Rule "DROP - - tcp 139" added.
Rule "DROP - - tcp 445" added.
Processing /usr/share/shorewall/action.DropUPnP...
Rule "DROP - - udp 1900" added.
Processing /usr/share/shorewall/action.DropDNSrep...
Rule "DROP - - udp - 53" added.
Processing /usr/share/shorewall/action.RejectSMB...
Rule "REJECT - - udp 135" added.
Rule "REJECT - - udp 137:139" added.
Rule "REJECT - - udp 445" added.
Rule "REJECT - - tcp 135" added.
Rule "REJECT - - tcp 139" added.
Rule "REJECT - - tcp 445" added.
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy REJECT for fw to loc using chain all2all
Policy DROP for net to loc using chain net2all
Policy DROP for loc to fw using chain loc2fw
Policy DROP for loc to net using chain loc2net
Masqueraded Networks and Hosts:
To 0.0.0.0/0 from 192.168.48.0/24 through ppp+
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16" added.
Rule "all all tcp ftp-data - 8" added.
Rule "all all tcp - ftp-data 8" added.

Processing /etc/shorewall/ecn...
Activating Rules...
Adding IP Addresses...
Device "ppp0" does not exist.
Cannot find device "ppp0"
Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
Terminated


hier meine configs...

interfaces:
Code:
#ZONE    INTERFACE   BROADCAST   OPTIONS
#
net     ppp+ -               
net    eth1 -
loc     eth0 -


zones: (dmz noch nicht eingebaut)
Code:
#ZONE   DISPLAY      COMMENTS
net   Net      Internet
loc   Local      Local networks


masq:
Code:
#INTERFACE           SUBNET      ADDRESS
ppp+          192.168.x.0/24


nat:
Code:
#EXTERNAL   INTERFACE   INTERNAL   ALL          LOCAL
#                  INTERFACES
10.0.x.10   ppp0      192.168.x.0   yes         no


policy:
Code:
#SOURCE      DEST      POLICY      LOG      LIMIT:BURST
#                  LEVEL
loc      net      DROP
loc       $FW      DROP
$FW      net      ACCEPT
net      all      DROP      info
#
# THE FOLLOWING POLICY MUST BE LAST
#   
all      all      REJECT      info


shorewall.conf:
Code:
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGRATE=
LOGBURST=
BLACKLIST_LOGLEVEL=
LOGNEWNOTSYN=info
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
BOGON_LOG_LEVEL=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=
FW=fw
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
TC_ENABLED=No
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=no
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=
DISABLE_IPV6=No
BRIDGING=No
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPOSITION=DROP


wenn ich aber ne verbindung aufgebaut habe startet die firewall ohne probleme.
ich denke das es an der ip liegt die übergeben werden soll , ich kann mir aber auch irren
wenn jemand helfen könnte wäre ich sehr dankbar


gruss, x-tux
 

x-tux
Gast





BeitragVerfasst am: 26. Jul 2004 13:07   Titel:

Hallo!

ich habe den fehler gefunden Very Happy

nat:
Code:
#EXTERNAL INTERFACE INTERNAL ALL LOCAL
# INTERFACES
10.0.x.10 ppp0 192.168.x.0 yes no


muss in
nat:
Code:
#EXTERNAL INTERFACE INTERNAL ALL LOCAL
# INTERFACES
10.0.x.10 eth1 192.168.x.0 yes no

geändert werden.

gruss, x-tux
 

Beiträge vom vorherigen Thema anzeigen:   
     Pro-Linux Foren-Übersicht -> Sicherheit Alle Zeiten sind GMT + 1 Stunde
Seite 1 von 1

 
Gehen Sie zu:  

Powered by phpBB © phpBB Group
pro_linux Theme © 2004 by Mandaxy