Prosíme přihlašte se nebo zaregistrujte.

Přihlašte se svým uživatelským jménem a heslem.
Vaše pomoc je stále potřeba!

Autor Téma: Shorewall problem  (Přečteno 2317 krát)

LordX

  • Návštěvník
  • Příspěvků: 23
Shorewall problem
« kdy: 31 Října 2010, 16:57:19 »
Ahoj potreboval bych poradit jak mam rozhodit firewall.
Postupoval jsem podle navodu
viz 6. Install a Firewall
Kód: [Vybrat]
http://net.tutsplus.com/tutorials/php/how-to-setup-a-dedicated-web-server-for-free/Problem nastane kdyz mam resrartovat shorewall.

Kód: [Vybrat]
/etc/init.d/shorewall restart
Restarting "Shorewall firewall": not done (check /var/log/shorewall-init.log).

Kód: [Vybrat]
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destinatio
/# uname -r
2.6.32-21-generic

shorewall-init.log
Kód: [Vybrat]
14:01:52 Compiling...
14:01:53 Loading Modules...
Oct 31 14:01:53 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.7
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.32
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Not Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   Time Match: Available
Oct 31 14:01:54    ERROR: No firewall zone defined
   ERROR: No firewall zone defined
14:04:55 Compiling...
14:04:55 Loading Modules...
Oct 31 14:04:55 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.7
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.32
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Not Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   Time Match: Available
Oct 31 14:04:55    ERROR: No firewall zone defined
   ERROR: No firewall zone defined
14:06:09 Compiling...
14:06:09 Loading Modules...
Oct 31 14:06:09 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.7
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.32
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Not Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   Time Match: Available
Oct 31 14:06:09    ERROR: No firewall zone defined
   ERROR: No firewall zone defined
14:06:26 Compiling...
14:06:26 Loading Modules...
Oct 31 14:06:26 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.7
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.32
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Not Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   Time Match: Available
Oct 31 14:06:26    ERROR: No firewall zone defined
   ERROR: No firewall zone defined
14:15:16 Compiling...
14:15:16 Loading Modules...
Oct 31 14:15:16 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.7
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.32
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Not Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   Time Match: Available
Oct 31 14:15:17    ERROR: No firewall zone defined
   ERROR: No firewall zone defined
14:23:27 Compiling...
14:23:27 Loading Modules...
Oct 31 14:23:27 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.7
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.32
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Not Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   Time Match: Available
Oct 31 14:23:27    ERROR: No firewall zone defined
   ERROR: No firewall zone defined
14:23:39 Compiling...
14:23:39 Loading Modules...
Oct 31 14:23:39 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.7
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.32
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Not Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   Time Match: Available
Oct 31 14:23:39    ERROR: No firewall zone defined
   ERROR: No firewall zone defined
14:39:45 Compiling...
14:39:46 Loading Modules...
Oct 31 14:39:46 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.7
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.32
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Not Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   Time Match: Available
Oct 31 14:39:46    ERROR: No firewall zone defined
   ERROR: No firewall zone defined
14:44:48 Compiling...
14:44:48 Loading Modules...
Oct 31 14:44:48 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.7
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.32
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Not Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   Time Match: Available
Oct 31 14:44:48    ERROR: No firewall zone defined
   ERROR: No firewall zone defined
14:45:52 Compiling...
14:45:52 Loading Modules...
Oct 31 14:45:52 Loading Modules...
Shorewall has detected the following capabilities:
   Address Type Match: Available
   CLASSIFY Target: Available
   CONNMARK Target: Available
   Capability Version: 4.4.7
   Comments: Available
   Connection Tracking Match: Available
   Connlimit Match: Available
   Connmark Match: Available
   Extended CONNMARK Target: Available
   Extended Connection Tracking Match: Available
   Extended Connmark Match: Available
   Extended Mark Target: Available
   Extended Mark Target 2: Available
   Extended Multi-port Match: Available
   Extended Reject: Available
   Goto Support: Available
   Hashlimit Match: Available
   Helper Match: Available
   IP Range Match: Available
   IPMARK Target: Not Available
   IPP2P Match: Not Available
   Ipset Match: Not Available
   Kernel Version: 2.6.32
   LOG Target: Available
   LOGMARK Target: Not Available
   MARK Target: Available
   Mangle FORWARD Chain: Available
   Multi-port Match: Available
   NAT: Available
   NFQUEUE Target: Available
   Old Hash Limit Match: Not Available
   Old IPP2P Match Syntax: Not Available
   Old conntrack match syntax: Not Available
   Owner Match: Available
   Packet Mangling: Available
   Packet Type Match: Available
   Packet length Match: Available
   Persistent SNAT: Available
   Physdev Match: Available
   Physdev-is-bridged support: Available
   Policy Match: Available
   Raw Table: Available
   Realm Match: Available
   Recent Match: Available
   Repeat match: Available
   TCPMSS Match: Available
   Time Match: Available
Oct 31 14:45:53    ERROR: No firewall zone defined
   ERROR: No firewall zone defined
Predem dik
« Poslední změna: 31 Října 2010, 16:59:06 od LordX »

ETNyx

  • Aktivní člen
  • *
  • Příspěvků: 425
Re: Shorewall problem
« Odpověď #1 kdy: 31 Října 2010, 19:39:44 »
Vypadá to, že nejsou nastavena žádná pravidla v /etc/shorewall/rules
jabber: etnyx@jabbim.cz

LordX

  • Návštěvník
  • Příspěvků: 23
Re: Shorewall problem
« Odpověď #2 kdy: 01 Listopadu 2010, 10:37:21 »
Vypadá to, že nejsou nastavena žádná pravidla v /etc/shorewall/rules

muj vypis vse nastveno podle navodu 
Kód: [Vybrat]
# For information on entries in this file, type "man shorewall-rules"
#############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP

# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..

Ping(DROP) net $FW

# Permit all ICMP traffic FROM the firewall TO the net zone

ACCEPT $FW net icmp
HTTP/ACCEPT net $FW
SSH/ACCEPT net $FW

 

Provoz zaštiťuje spolek OpenAlt.