[bwm-tools-tech] firewall rules problems

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi 

after compiling bwm_tools in a redhat 9.0 box, we have tried to follow the
http://www.murder4al.be/ guide, but we've hade problems with the iptables rules.

this is the config file we are using:

<firewall>
	# Configuracion global y clases de acceso
	<global>
		<class name="otro_salida">
			<address name="otro_tcp_salida" src-iface="eth1" proto="tcp"/>
			<address name="otro_udp_salida" src-iface="eth1" proto="udp"/>	
		</class>
		<class name="otro_salida_nat">
                        <address name="otro_tcp_salida" src-iface="eth1" dst="!
172.16.0.0/16"/>
                </class>
		<class name="macondo_salida">
                        <address name="macondo_tcp_salida" src-iface="eth1"
proto="tcp" src="172.16.130.133" dst="! 172.16.0.0/16"/>
                        <address name="macondo_udp_salida" src-iface="eth1"
proto="udp" src="172.16.130.133" dst="! 172.16.0.0/16"/>
                </class>
	</global>	

	#Flujos de Trafico
	<traffic>
		<flow name="salida_total_ip_real" stats-len="5" queue-size="262144"
queue-len="400" max-rate="16288" burst-rate="1024" report-timeout="60">
			<flow name="macondo_salida" max-rate="10240" queue-size="16384" stats-len="5"
report-timeout="60">
				<queue prio="40" nfmark="1001">
			    		macondo_salida;
				</queue>
			</flow>
			<flow name="otro_salida" max-rate="2048" burst-rate="6144" queue-size="32768"
stats-len="5" report-timeout="60">
                        	<queue prio="90" nfmark="1008">
                                	otro_salida;
                        	</queue>
                	</flow>
		</flow>
	</traffic>
</firewall>	

after bwm_firewall:

# Generated using BWM Firewall v0.1.8: DATE
*mangle
:OUTPUT ACCEPT
:INPUT ACCEPT
:FORWARD ACCEPT
-A FORWARD --destination ! 172.16.0.0/16 --source 172.16.130.133 --protocol tcp
--in-interface eth1  -j  MARK --set-mark 1001
-A FORWARD --destination ! 172.16.0.0/16 --source 172.16.130.133 --protocol udp
--in-interface eth1  -j  MARK --set-mark 1001
-A FORWARD --protocol tcp --in-interface eth1  -j  MARK --set-mark 1008
-A FORWARD --protocol udp --in-interface eth1  -j  MARK --set-mark 1008
COMMIT
*filter
:OUTPUT ACCEPT
:bwmd -
:INPUT ACCEPT
:FORWARD ACCEPT
-A bwmd -m mark ! --mark 0 -j QUEUE
COMMIT

and trying to restart iptables.

Flushing all current rules and user defined chains:        [  OK  ]
Clearing all current rules and user defined chains:        [  OK  ]
Applying iptables firewall rules: /etc/init.d/iptables: line 205:  4496 Done   
                grep -v "^[[:space:]]*#" $IPTABLES_CONFIG
      4497                       | grep -v '^[[:space:]]*$'
      4498 Segmentation fault      | /sbin/iptables-restore -c
                                                           [FAILED]

what's wrong?

any help would be appreciated.

Santiago J. Ruano Rincón

Avatar Ltda.
ParqueSoft Popayán
+57-2 8221214