[Shorewall-users] Problem with 2.4.28 kernel config

Tom Eastep teastep at shorewall.net
Tue Nov 30 15:00:42 PST 2004


On Tue, 2004-11-30 at 14:58 -0800, Tom Eastep wrote:
> On Tue, 2004-11-30 at 14:47 -0800, Shawn Wright wrote:
> > I just recompiled a plain vanilla 2.4.28 kernel, and used the Shorewall.net 
> > kernel config as a guideline. For some reason, I get this:
> > 
> > Nov 30 12:05:34 fw shorewall: Shorewall has detected the following 
> > iptables/netfilter capabilities:
> > Nov 30 12:05:34 fw shorewall:    NAT: Available
> > Nov 30 12:05:34 fw shorewall:    Packet Mangling: Available
> > Nov 30 12:05:34 fw shorewall:    Multi-port Match: Available
> > Nov 30 12:05:34 fw shorewall:    Connection Tracking Match: Not 
> > available
> > .....
> > 
> > Clearly it thinks "Connection Tracking Match: Not available", yet I have set 
> > the kernel compile options as follows. The only missing "match" module is 
> > "TLL Match Support", but that is also missing from the example config on 
> > shorewall.net. Before I recompile, is this error caused by some other 
> > issue that I'm not seeing? I did not get this on previous kernels, which I 
> > *thought* I had configured the same.
> 
> At a root shell prompt, try:
> 
> iptables -N foobar
> iptables -A foobar -M CONNTRACK --ctorigdst 192.168.1.1 -j ACCEPT
> 
F..king caps lock key...

That should have been:

iptables -A foobar -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key




More information about the Shorewall-users mailing list