Menu
▾
▴
Re: [Shorewall-users] Shorewall 4.6.4.2
|
From: Tom E. <te...@sh...> - 2014-10-19 14:40:07
|
On 10/19/2014 5:06 AM, Thomas D. wrote: > Hi, > > I found the problem with my modified loadmodule function in lib.common: > > https://bpaste.net/show/53a60c6f043c > > Now my start output: > >> Initializing... >> lm: ip_conntrack_amanda >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_amanda.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_amanda.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_amanda.ko >> lm: ip_conntrack_ftp >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_ftp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_ftp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_ftp.ko >> lm: ip_conntrack_h323 >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_h323.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_h323.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_h323.ko >> lm: ip_conntrack_irc >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_irc.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_irc.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_irc.ko >> lm: ip_conntrack_netbios_ns >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_netbios_ns.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_netbios_ns.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_netbios_ns.ko >> lm: ip_conntrack_pptp >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_pptp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_pptp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_pptp.ko >> lm: ip_conntrack_sip >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_sip.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_sip.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_sip.ko >> lm: ip_conntrack_tftp >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_conntrack_tftp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_conntrack_tftp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_conntrack_tftp.ko >> lm: ip_nat_amanda >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_amanda.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_amanda.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_amanda.ko >> lm: ip_nat_ftp >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_ftp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_ftp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_ftp.ko >> lm: ip_nat_h323 >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_h323.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_h323.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_h323.ko >> lm: ip_nat_irc >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_irc.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_irc.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_irc.ko >> lm: ip_nat_pptp >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_pptp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_pptp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_pptp.ko >> lm: ip_nat_sip >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_sip.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_sip.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_sip.ko >> lm: ip_nat_snmp_basic >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_snmp_basic.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_snmp_basic.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_snmp_basic.ko >> lm: ip_nat_tftp >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ip_nat_tftp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ip_nat_tftp.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ip_nat_tftp.ko >> lm: nf_conntrack_ftp >> lm: nf_conntrack_h323 >> lm: nf_conntrack_irc >> lm: nf_conntrack_netbios_ns >> lm: nf_conntrack_netlink >> lm: nf_conntrack_pptp >> lm: nf_conntrack_proto_gre >> lm: nf_conntrack_proto_sctp >> lm: nf_conntrack_proto_udplite >> lm: nf_conntrack_sip >> lm: nf_conntrack_tftp >> lm: nf_conntrack_sane >> lm: nf_nat_amanda >> lm: nf_nat_ftp >> lm: nf_nat_h323 >> lm: nf_nat_irc >> lm: nf_nat >> lm: nf_nat_pptp >> lm: nf_nat_proto_gre >> lm: nf_nat_sip >> lm: nf_nat_snmp_basic >> lm: nf_nat_tftp >> lm: ipt_LOG >> failed, /lib/modules/3.16.6-gentoo/kernel/net/ipv4/netfilter/ipt_LOG.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/netfilter/ipt_LOG.ko >> failed, /lib/modules/3.16.6-gentoo/kernel/net/sched/ipt_LOG.ko >> lm: xt_NFLOG >> lm: ipt_ULOG >> lm: nfnetlink_log > > I never see "Will {insmod,modprobe}{1,2} $module{file,name}..." output. > > > If I change > >> loadmodule ipt_LOG > > into > >> loadmodule xt_LOG > > in "/usr/share/shorewall/helpers" > > everything works. > > > Seems like the code doesn't really support "aliases", > > $ fgrep ipt_LOG /lib/modules/3.16.6-gentoo/modules.alias > alias ipt_LOG xt_LOG Also explains why it works here: root@gateway:/lib/modules# fgrep ipt_LOG 3.2.0-4-amd64/modules.alias alias ipt_LOGMARK xt_LOGMARK root@gateway:/lib/modules# find -name ipt_LOG\* ./3.2.0-4-amd64/kernel/net/ipv4/netfilter/ipt_LOG.ko root@gateway:/lib/modules# On Fedora 18, OTOH: [teastep@localhost ~]$ uname -a Linux localhost.localdomain 3.14.8-100.fc19.x86_64 #1 SMP Mon Jun 16 21:53:59 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux [teastep@localhost ~]$ cd /lib/modules/3.14.8-100.fc19.x86_64/ [teastep@localhost 3.14.8-100.fc19.x86_64]$ find -name ipt_LOG\* [teastep@localhost 3.14.8-100.fc19.x86_64]$ find -name xt_LOG\* ./kernel/net/netfilter/xt_LOG.ko [teastep@localhost 3.14.8-100.fc19.x86_64]$ fgrep LOG modules.alias alias ip6t_LOG xt_LOG alias ipt_LOG xt_LOG alias ip6t_NFLOG xt_NFLOG alias ipt_NFLOG xt_NFLOG alias net-pf-16-proto-5 ipt_ULOG [teastep@localhost 3.14.8-100.fc19.x86_64]$ So it looks like we need both names in the helpers files :-( -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ |