Thread: Re: [Fwknop-discuss] Install on Ubuntu Server
Brought to you by:
mbr
From: <sco...@ya...> - 2008-06-13 11:01:50
|
Marius, Thanks. Your response helped lead me to the solution. I tried installing the packages, one-by-one, that you listed which weren't listed by my server when I ran the same command (after installing apt-show-versions). That didn't work. So, I watched the output of the installation process, and captured some of the error messages. I saw "pcap" mentioned, so I searched the Hardy list of packages, and installed libnet-pcap-perl, which also installed libpcap. That worked. I reverted the server to its previous state and tried again, and confirmed that: sudo aptitude install libnet-pcap-perl was all that I needed before running the fwknop installation. Just before I sent this email I saw that Michael Rash has a newly built RPM, so I'll have to revert the server again and try that, too, and report on my results (tonight). - Scott ----- Original Message ---- From: Marius Rugan <mar...@gm...> To: sco...@ya... Cc: fwk...@li... Sent: Thursday, June 12, 2008 7:36:42 AM Subject: Re: [Fwknop-discuss] Install on Ubuntu Server Hi i got a debian etch here is my apt-show-versions apt-show-versions | grep perl libconfig-inifiles-perl/etch uptodate 2.39-2 libplrpc-perl/etch uptodate 0.2017-1.1 libtext-iconv-perl/etch uptodate 1.4-3 perl-modules/etch uptodate 5.8.8-7etch3 libnet-daemon-perl/etch uptodate 0.38-1.1 libapt-pkg-perl/etch uptodate 0.1.20 libdbd-mysql-perl/etch uptodate 3.0008-1 perl/etch uptodate 5.8.8-7etch3 liblocale-gettext-perl/etch uptodate 1.05-1 libdbi-perl/etch uptodate 1.53-1etch1 libtext-charwidth-perl/etch uptodate 0.04-4 perl-base/etch uptodate 5.8.8-7etch3 libtext-wrapi18n-perl/etch uptodate 0.06-5 fwknop 1.9.5 installs without a problem under this config core modules fwknop is using come with the package and the install script handles them e.g. [+] Installing IPTables::ChainMgr 0.7 perl module in /usr/lib/fwknop/ Checking if your kit is complete... Looks good Writing Makefile for IPTables::ChainMgr cp lib/IPTables/ChainMgr.pm blib/lib/IPTables/ChainMgr.pm Manifying blib/man3/IPTables::ChainMgr.3pm Installing /usr/lib/fwknop/IPTables/ChainMgr.pm Installing /usr/lib/fwknop/man/man3/IPTables::ChainMgr.3pm On Thu, Jun 12, 2008 at 1:51 PM, <sco...@ya...> wrote: I am attempting to install the latest fwknop on the latest upgraded Ubuntu Server (2.6.24-18-server). I have build-essentials installed, but I don't know if fwknop requires that. Perhaps there are other libraries or Perl modules that I need to install first. During the attempted fwknop installation I get messages such as: ... Warning: prerequisite Test::Manifest 1.14 not found. ... Can't locate Net/Pcap.pm in @INC (@INC contains: /usr/lib/fwknop/i486-linux-gnu-thread-multi /usr/lib/fwknop /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .) at fwknopd line 47. BEGIN failed--compilation aborted at fwknopd line 47. [*] fwknopd does not compile with "perl -c". Download the latest sources from: http://www.cipherdyne.org/ ... What are the prerequisites for fwknop installation on Ubuntu Server? Thanks. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Fwknop-discuss mailing list Fwk...@li... https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |
From: <sco...@ya...> - 2008-06-13 11:21:09
|
Oops, never mind about the RPM. Michael wasn't responding to my subject, and rpms aren't for Debian-based distributions. I need to go drink some more coffee. ----- Original Message ---- From: "sco...@ya..." <sco...@ya...> To: fwk...@li... Sent: Friday, June 13, 2008 6:01:38 AM Subject: Re: [Fwknop-discuss] Install on Ubuntu Server Marius, Thanks. Your response helped lead me to the solution. I tried installing the packages, one-by-one, that you listed which weren't listed by my server when I ran the same command (after installing apt-show-versions). That didn't work. So, I watched the output of the installation process, and captured some of the error messages. I saw "pcap" mentioned, so I searched the Hardy list of packages, and installed libnet-pcap-perl, which also installed libpcap. That worked. I reverted the server to its previous state and tried again, and confirmed that: sudo aptitude install libnet-pcap-perl was all that I needed before running the fwknop installation. Just before I sent this email I saw that Michael Rash has a newly built RPM, so I'll have to revert the server again and try that, too, and report on my results (tonight). - Scott ----- Original Message ---- From: Marius Rugan <mar...@gm...> To: sco...@ya... Cc: fwk...@li... Sent: Thursday, June 12, 2008 7:36:42 AM Subject: Re: [Fwknop-discuss] Install on Ubuntu Server Hi i got a debian etch here is my apt-show-versions apt-show-versions | grep perl libconfig-inifiles-perl/etch uptodate 2.39-2 libplrpc-perl/etch uptodate 0.2017-1.1 libtext-iconv-perl/etch uptodate 1.4-3 perl-modules/etch uptodate 5.8.8-7etch3 libnet-daemon-perl/etch uptodate 0.38-1.1 libapt-pkg-perl/etch uptodate 0.1.20 libdbd-mysql-perl/etch uptodate 3.0008-1 perl/etch uptodate 5.8.8-7etch3 liblocale-gettext-perl/etch uptodate 1.05-1 libdbi-perl/etch uptodate 1.53-1etch1 libtext-charwidth-perl/etch uptodate 0.04-4 perl-base/etch uptodate 5.8.8-7etch3 libtext-wrapi18n-perl/etch uptodate 0.06-5 fwknop 1.9.5 installs without a problem under this config core modules fwknop is using come with the package and the install script handles them e.g. [+] Installing IPTables::ChainMgr 0.7 perl module in /usr/lib/fwknop/ Checking if your kit is complete... Looks good Writing Makefile for IPTables::ChainMgr cp lib/IPTables/ChainMgr.pm blib/lib/IPTables/ChainMgr.pm Manifying blib/man3/IPTables::ChainMgr.3pm Installing /usr/lib/fwknop/IPTables/ChainMgr.pm Installing /usr/lib/fwknop/man/man3/IPTables::ChainMgr.3pm On Thu, Jun 12, 2008 at 1:51 PM, <sco...@ya...> wrote: I am attempting to install the latest fwknop on the latest upgraded Ubuntu Server (2.6.24-18-server). I have build-essentials installed, but I don't know if fwknop requires that. Perhaps there are other libraries or Perl modules that I need to install first. During the attempted fwknop installation I get messages such as: ... Warning: prerequisite Test::Manifest 1.14 not found. ... Can't locate Net/Pcap.pm in @INC (@INC contains: /usr/lib/fwknop/i486-linux-gnu-thread-multi /usr/lib/fwknop /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .) at fwknopd line 47. BEGIN failed--compilation aborted at fwknopd line 47. [*] fwknopd does not compile with "perl -c". Download the latest sources from: http://www.cipherdyne.org/ ... What are the prerequisites for fwknop installation on Ubuntu Server? Thanks. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Fwknop-discuss mailing list Fwk...@li... https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |
From: Michael R. <mb...@ci...> - 2008-06-13 11:27:43
|
On Jun 13, 2008, sco...@ya... wrote: > Oops, never mind about the RPM. Michael wasn't responding to my subject, and rpms aren't for Debian-based distributions. I need to go drink some more coffee. Hi Scott - Sorry, I just hadn't quite had a chance to dive into this one yet. I actually build my x86_64 RPM's on an Ubuntu system, but I have to admit that I don't install them there. For i386 RPM's I build under Fedora 8, and I now have an automated test routine to ensure that they install correctly there. Usually things extend to x86_64 but not always. One thing I usually recommend if an RPM isn't working is to try building it with the "cd_rpmbuilder" script, but I don't think that by itself would have helped in this case: http://www.cipherdyne.org/blog/2006/12/automated-rpm-builder.html http://www.cipherdyne.org/scripts/cd_rpmbuilder.tar.gz Thanks, -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > > ----- Original Message ---- > From: "sco...@ya..." <sco...@ya...> > To: fwk...@li... > Sent: Friday, June 13, 2008 6:01:38 AM > Subject: Re: [Fwknop-discuss] Install on Ubuntu Server > > > Marius, > > Thanks. Your response helped lead me to the solution. > > I tried installing the packages, one-by-one, that you listed which weren't listed by my server when I ran the same command (after installing apt-show-versions). That didn't work. So, I watched the output of the installation process, and captured some of the error messages. I saw "pcap" mentioned, so I searched the Hardy list of packages, and installed libnet-pcap-perl, which also installed libpcap. That worked. I reverted the server to its previous state and tried again, and confirmed that: > > sudo aptitude install libnet-pcap-perl > > was all that I needed before running the fwknop installation. > > Just before I sent this email I saw that Michael Rash has a newly built RPM, so I'll have to revert the server again and try that, too, and report on my results (tonight). > > - Scott > > > ----- Original Message ---- > From: Marius Rugan <mar...@gm...> > To: sco...@ya... > Cc: fwk...@li... > Sent: Thursday, June 12, 2008 7:36:42 AM > Subject: Re: [Fwknop-discuss] Install on Ubuntu Server > > Hi > > i got a debian etch > here is my apt-show-versions > > apt-show-versions | grep perl > > libconfig-inifiles-perl/etch uptodate 2.39-2 > libplrpc-perl/etch uptodate 0.2017-1.1 > libtext-iconv-perl/etch uptodate 1.4-3 > perl-modules/etch uptodate 5.8.8-7etch3 > libnet-daemon-perl/etch uptodate 0.38-1.1 > libapt-pkg-perl/etch uptodate 0.1.20 > libdbd-mysql-perl/etch uptodate 3.0008-1 > perl/etch uptodate 5.8.8-7etch3 > liblocale-gettext-perl/etch uptodate 1.05-1 > libdbi-perl/etch uptodate 1.53-1etch1 > libtext-charwidth-perl/etch uptodate 0.04-4 > perl-base/etch uptodate 5.8.8-7etch3 > libtext-wrapi18n-perl/etch uptodate 0.06-5 > > fwknop 1.9.5 installs without a problem under this config > > core modules fwknop is using come with the package and the install script handles them > e.g. > > [+] Installing IPTables::ChainMgr 0.7 perl module in /usr/lib/fwknop/ > Checking if your kit is complete... > Looks good > Writing Makefile for IPTables::ChainMgr > cp lib/IPTables/ChainMgr.pm blib/lib/IPTables/ChainMgr.pm > Manifying blib/man3/IPTables::ChainMgr.3pm > Installing /usr/lib/fwknop/IPTables/ChainMgr.pm > Installing /usr/lib/fwknop/man/man3/IPTables::ChainMgr.3pm > > > > > On Thu, Jun 12, 2008 at 1:51 PM, <sco...@ya...> wrote: > > I am attempting to install the latest fwknop on the latest upgraded Ubuntu Server (2.6.24-18-server). I have build-essentials installed, but I don't know if fwknop requires that. Perhaps there are other libraries or Perl modules that I need to install first. During the attempted fwknop installation I get messages such as: > > ... > > Warning: prerequisite Test::Manifest 1.14 not found. > > ... > > Can't locate Net/Pcap.pm in @INC (@INC contains: /usr/lib/fwknop/i486-linux-gnu-thread-multi /usr/lib/fwknop /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .) at fwknopd line 47. > BEGIN failed--compilation aborted at fwknopd line 47. > [*] fwknopd does not compile with "perl -c". Download the latest sources from: > > http://www.cipherdyne.org/ > > ... > > What are the prerequisites for fwknop installation on Ubuntu Server? > > Thanks. > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |
From: <sco...@ya...> - 2008-06-15 17:20:58
|
Thanks Michael. OK, I have made further progress. This article: How To: Install a Port Knocker - FWKNOP - Ubuntu Forums http://ge.ubuntuforums.com/showthread.php?t=812573 is helpful. Because I don't have mailx, or something similar, installed, I used this tip from that article before re-running the test script fwknop_test.pl: sudo ln -s /bin/echo /bin/mail Many tests failed before I ran that command. I am now down to only four tests failing: 56, 57, 134, and 135. 56: MSG: [*] Dubious sniffed packet format TEST: (Destination port randomness) Verifying SPA format, STATUS: fail 57: MSG: [*] SPA access rules for 127.0.0.2 do not exist. TEST: (Destination port randomness) Rules exist, STATUS: fail 134: MSG: [*] Local access and DNAT access not granted TEST: (Local NAT rand NAT/dst port) Local access rules exist, STATUS: fail 135: MSG: [*] Dubious sniffed packet format TEST: (Local NAT rand NAT/dst port) Verifying packet format, STATUS: fail Can anyone give me some clues on how to fix these? Thanks, Scott ----- Original Message ---- From: Michael Rash <mb...@ci...> To: fwk...@li... Sent: Friday, June 13, 2008 6:27:41 AM Subject: Re: [Fwknop-discuss] Install on Ubuntu Server On Jun 13, 2008, sco...@ya... wrote: > Oops, never mind about the RPM. Michael wasn't responding to my subject, and rpms aren't for Debian-based distributions. I need to go drink some more coffee. Hi Scott - Sorry, I just hadn't quite had a chance to dive into this one yet. I actually build my x86_64 RPM's on an Ubuntu system, but I have to admit that I don't install them there. For i386 RPM's I build under Fedora 8, and I now have an automated test routine to ensure that they install correctly there. Usually things extend to x86_64 but not always. One thing I usually recommend if an RPM isn't working is to try building it with the "cd_rpmbuilder" script, but I don't think that by itself would have helped in this case: http://www.cipherdyne.org/blog/2006/12/automated-rpm-builder.html http://www.cipherdyne.org/scripts/cd_rpmbuilder.tar.gz Thanks, -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > > ----- Original Message ---- > From: "sco...@ya..." <sco...@ya...> > To: fwk...@li... > Sent: Friday, June 13, 2008 6:01:38 AM > Subject: Re: [Fwknop-discuss] Install on Ubuntu Server > > > Marius, > > Thanks. Your response helped lead me to the solution. > > I tried installing the packages, one-by-one, that you listed which weren't listed by my server when I ran the same command (after installing apt-show-versions). That didn't work. So, I watched the output of the installation process, and captured some of the error messages. I saw "pcap" mentioned, so I searched the Hardy list of packages, and installed libnet-pcap-perl, which also installed libpcap. That worked. I reverted the server to its previous state and tried again, and confirmed that: > > sudo aptitude install libnet-pcap-perl > > was all that I needed before running the fwknop installation. > > Just before I sent this email I saw that Michael Rash has a newly built RPM, so I'll have to revert the server again and try that, too, and report on my results (tonight). > > - Scott > > > ----- Original Message ---- > From: Marius Rugan <mar...@gm...> > To: sco...@ya... > Cc: fwk...@li... > Sent: Thursday, June 12, 2008 7:36:42 AM > Subject: Re: [Fwknop-discuss] Install on Ubuntu Server > > Hi > > i got a debian etch > here is my apt-show-versions > > apt-show-versions | grep perl > > libconfig-inifiles-perl/etch uptodate 2.39-2 > libplrpc-perl/etch uptodate 0.2017-1.1 > libtext-iconv-perl/etch uptodate 1.4-3 > perl-modules/etch uptodate 5.8.8-7etch3 > libnet-daemon-perl/etch uptodate 0.38-1.1 > libapt-pkg-perl/etch uptodate 0.1.20 > libdbd-mysql-perl/etch uptodate 3.0008-1 > perl/etch uptodate 5.8.8-7etch3 > liblocale-gettext-perl/etch uptodate 1.05-1 > libdbi-perl/etch uptodate 1.53-1etch1 > libtext-charwidth-perl/etch uptodate 0.04-4 > perl-base/etch uptodate 5.8.8-7etch3 > libtext-wrapi18n-perl/etch uptodate 0.06-5 > > fwknop 1.9.5 installs without a problem under this config > > core modules fwknop is using come with the package and the install script handles them > e.g. > > [+] Installing IPTables::ChainMgr 0.7 perl module in /usr/lib/fwknop/ > Checking if your kit is complete... > Looks good > Writing Makefile for IPTables::ChainMgr > cp lib/IPTables/ChainMgr.pm blib/lib/IPTables/ChainMgr.pm > Manifying blib/man3/IPTables::ChainMgr.3pm > Installing /usr/lib/fwknop/IPTables/ChainMgr.pm > Installing /usr/lib/fwknop/man/man3/IPTables::ChainMgr.3pm > > > > > On Thu, Jun 12, 2008 at 1:51 PM, <sco...@ya...> wrote: > > I am attempting to install the latest fwknop on the latest upgraded Ubuntu Server (2.6.24-18-server). I have build-essentials installed, but I don't know if fwknop requires that. Perhaps there are other libraries or Perl modules that I need to install first. During the attempted fwknop installation I get messages such as: > > ... > > Warning: prerequisite Test::Manifest 1.14 not found. > > ... > > Can't locate Net/Pcap.pm in @INC (@INC contains: /usr/lib/fwknop/i486-linux-gnu-thread-multi /usr/lib/fwknop /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .) at fwknopd line 47. > BEGIN failed--compilation aborted at fwknopd line 47. > [*] fwknopd does not compile with "perl -c". Download the latest sources from: > > http://www.cipherdyne.org/ > > ... > > What are the prerequisites for fwknop installation on Ubuntu Server? > > Thanks. |
From: Franck J. <fra...@dt...> - 2008-06-15 21:39:33
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 sco...@ya... wrote: Hi, > How To: Install a Port Knocker - FWKNOP - Ubuntu Forums > http://ge.ubuntuforums.com/showthread.php?t=812573 [...] > Many tests failed before I ran that command. I am now down to only four > tests failing: 56, 57, 134, and 135. > > 56: > MSG: [*] Dubious sniffed packet format > TEST: (Destination port randomness) Verifying SPA format, STATUS: fail > > 57: > MSG: [*] SPA access rules for 127.0.0.2 do not exist. > TEST: (Destination port randomness) Rules exist, STATUS: fail > > 134: > MSG: [*] Local access and DNAT access not granted > TEST: (Local NAT rand NAT/dst port) Local access rules exist, STATUS: fail > > 135: > MSG: [*] Dubious sniffed packet format > TEST: (Local NAT rand NAT/dst port) Verifying packet format, STATUS: fail > > Can anyone give me some clues on how to fix these? What about the files in the output directory ? Give us a link or enclose them. 55.test 56.test 57.test and 133.test 134.test 135.test maybe *.ipterr and *.iptout. [quote=README] ...you can use the --Prepare-results argument on the fwknop_test.pl command line to automatically anonymize the test output results. [/quote] I do not know if this is needed in your case :p! Regards, - -- Franck Joncourt http://debian.org - http://smhteam.info/wiki/ Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkhVjBIACgkQxJBTTnXAif6xlQCgkpnAvIdCBsq/OzXKSpjbsSLh VccAn13z/IqhbK2ioGd6s6WOEDQpFlM0 =x2S5 -----END PGP SIGNATURE----- |
From: <sco...@ya...> - 2008-06-15 22:57:41
|
Franck, I'll email you a single archive file with the output of: 55.test 56.test 57.test 129.test 130.test 131.test 133.test 134.test 135.test test.log fwknopd.ipterr fwknopd.iptout knoptm.ipterr knoptm.iptout (130 and 131 had also failed.) I will also email it to anyone who requests it until I fix this, at which time I'll post my fix(es) to the list. Thanks, Scott ----- Original Message ---- From: Franck Joncourt <fra...@dt...> To: fwk...@li... Cc: sco...@ya... Sent: Sunday, June 15, 2008 4:39:30 PM Subject: Re: [Fwknop-discuss] Install on Ubuntu Server -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 sco...@ya... wrote: Hi, > How To: Install a Port Knocker - FWKNOP - Ubuntu Forums > http://ge.ubuntuforums.com/showthread.php?t=812573 [...] > Many tests failed before I ran that command. I am now down to only four > tests failing: 56, 57, 134, and 135. > > 56: > MSG: [*] Dubious sniffed packet format > TEST: (Destination port randomness) Verifying SPA format, STATUS: fail > > 57: > MSG: [*] SPA access rules for 127.0.0.2 do not exist. > TEST: (Destination port randomness) Rules exist, STATUS: fail > > 134: > MSG: [*] Local access and DNAT access not granted > TEST: (Local NAT rand NAT/dst port) Local access rules exist, STATUS: fail > > 135: > MSG: [*] Dubious sniffed packet format > TEST: (Local NAT rand NAT/dst port) Verifying packet format, STATUS: fail > > Can anyone give me some clues on how to fix these? What about the files in the output directory ? Give us a link or enclose them. 55.test 56.test 57.test and 133.test 134.test 135.test maybe *.ipterr and *.iptout. [quote=README] ...you can use the --Prepare-results argument on the fwknop_test.pl command line to automatically anonymize the test output results. [/quote] I do not know if this is needed in your case :p! Regards, - -- Franck Joncourt http://debian.org - http://smhteam.info/wiki/ Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkhVjBIACgkQxJBTTnXAif6xlQCgkpnAvIdCBsq/OzXKSpjbsSLh VccAn13z/IqhbK2ioGd6s6WOEDQpFlM0 =x2S5 -----END PGP SIGNATURE----- |
From: Michael R. <mb...@ci...> - 2008-06-16 12:01:44
|
On Jun 15, 2008, sco...@ya... wrote: > Franck, > > I'll email you a single archive file with the output of: > > 55.test > 56.test > 57.test > 129.test > 130.test > 131.test > 133.test > 134.test > 135.test > test.log > fwknopd.ipterr > fwknopd.iptout > knoptm.ipterr > knoptm.iptout > > (130 and 131 had also failed.) > > I will also email it to anyone who requests it until I fix this, at which time I'll post my fix(es) to the list. The failed tests are for the port randomization features which use a pcap filter as follows (in the fwknop.conf file for each of the failed tests): PCAP_FILTER udp dst portrange 10000-65535; This type of filter statement is not supported in some older versions of libpcap, so I suspect that you might just need to upgrade your pcap library and then those tests should work. In the test/output/6.test file, the fwknop_test.pl script collects some system specifics, including information about the installed pcap library. Here is an excerpt of that output on my system: # ldd /usr/sbin/tcpdump libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00002abbbc8f5000) libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0x00002abbbcc76000) libc.so.6 => /lib/libc.so.6 (0x00002abbbcea3000) libdl.so.2 => /lib/libdl.so.2 (0x00002abbbd1fe000) libz.so.1 => /usr/lib/libz.so.1 (0x00002abbbd403000) /lib64/ld-linux-x86-64.so.2 (0x00002abbbc6d7000) # ls -l /usr/lib/*pcap* -rw-r--r-- 1 root root 313128 2007-10-04 23:28 /usr/lib/libpcap.a lrwxrwxrwx 1 root root 14 2008-01-12 20:52 /usr/lib/libpcap.so -> libpcap.so.0.8 lrwxrwxrwx 1 root root 16 2008-02-11 06:33 /usr/lib/libpcap.so.0.8 -> libpcap.so.0.9.7 -rw-r--r-- 1 root root 182224 2007-10-04 23:28 /usr/lib/libpcap.so.0.9.7 Franck's suggestion of emailing the anonymized test output is a good one; it should contain the 6.test output above. Thanks, -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > Thanks, > > Scott > > > ----- Original Message ---- > From: Franck Joncourt <fra...@dt...> > To: fwk...@li... > Cc: sco...@ya... > Sent: Sunday, June 15, 2008 4:39:30 PM > Subject: Re: [Fwknop-discuss] Install on Ubuntu Server > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > sco...@ya... wrote: > > Hi, > > > How To: Install a Port Knocker - FWKNOP - Ubuntu Forums > > http://ge.ubuntuforums.com/showthread.php?t=812573 > > [...] > > > Many tests failed before I ran that command. I am now down to only four > > tests failing: 56, 57, 134, and 135. > > > > 56: > > MSG: [*] Dubious sniffed packet format > > TEST: (Destination port randomness) Verifying SPA format, STATUS: fail > > > > 57: > > MSG: [*] SPA access rules for 127.0.0.2 do not exist. > > TEST: (Destination port randomness) Rules exist, STATUS: fail > > > > 134: > > MSG: [*] Local access and DNAT access not granted > > TEST: (Local NAT rand NAT/dst port) Local access rules exist, STATUS: fail > > > > 135: > > MSG: [*] Dubious sniffed packet format > > TEST: (Local NAT rand NAT/dst port) Verifying packet format, STATUS: fail > > > > Can anyone give me some clues on how to fix these? > > What about the files in the output directory ? Give us a link or enclose > them. > > 55.test > 56.test > 57.test > > and > > 133.test > 134.test > 135.test > > maybe *.ipterr and *.iptout. > > [quote=README] > ...you can use the --Prepare-results argument on the > fwknop_test.pl command line to automatically anonymize the test output > results. > [/quote] > > I do not know if this is needed in your case :p! > > Regards, > > - -- > Franck Joncourt > http://debian.org - http://smhteam.info/wiki/ > Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkhVjBIACgkQxJBTTnXAif6xlQCgkpnAvIdCBsq/OzXKSpjbsSLh > VccAn13z/IqhbK2ioGd6s6WOEDQpFlM0 > =x2S5 > -----END PGP SIGNATURE----- > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |
From: <sco...@ya...> - 2008-06-17 08:48:02
|
I checked the 6.test output, and the results were similar. I decided to remove libpcap0.7, which also removed libnet-pcap-perl, so I was back to where I started. Many tests now failed. So, I looked again at that article on Ubuntu Forums which I mentioned before (see below), and I decided to run: sudo aptitude install libpcap-dev I then re-ran the fwknop installation script, merging my previous fwknop config, and then I re-ran the fwknop test script. All 152 tests passed! Please note that this is a system where I have previously run: sudo aptitude install build-essential linux-headers-`uname -r` Maybe Michael can confirm that those are needed. I haven't tried to install fwknop on a system without those installed. I did not download and install Net-Pcap from CPAN, per the above article, because it looked like fwknop already had it. Thanks guys! - Scott ----- Original Message ---- From: Michael Rash <mb...@ci...> To: fwk...@li... Sent: Monday, June 16, 2008 7:01:42 AM Subject: Re: [Fwknop-discuss] Install on Ubuntu Server On Jun 15, 2008, sco...@ya... wrote: > Franck, > > I'll email you a single archive file with the output of: > > 55.test > 56.test > 57.test > 129.test > 130.test > 131.test > 133.test > 134.test > 135.test > test.log > fwknopd.ipterr > fwknopd.iptout > knoptm.ipterr > knoptm.iptout > > (130 and 131 had also failed.) > > I will also email it to anyone who requests it until I fix this, at which time I'll post my fix(es) to the list. The failed tests are for the port randomization features which use a pcap filter as follows (in the fwknop.conf file for each of the failed tests): PCAP_FILTER udp dst portrange 10000-65535; This type of filter statement is not supported in some older versions of libpcap, so I suspect that you might just need to upgrade your pcap library and then those tests should work. In the test/output/6.test file, the fwknop_test.pl script collects some system specifics, including information about the installed pcap library. Here is an excerpt of that output on my system: # ldd /usr/sbin/tcpdump libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00002abbbc8f5000) libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0x00002abbbcc76000) libc.so.6 => /lib/libc.so.6 (0x00002abbbcea3000) libdl.so.2 => /lib/libdl.so.2 (0x00002abbbd1fe000) libz.so.1 => /usr/lib/libz.so.1 (0x00002abbbd403000) /lib64/ld-linux-x86-64.so.2 (0x00002abbbc6d7000) # ls -l /usr/lib/*pcap* -rw-r--r-- 1 root root 313128 2007-10-04 23:28 /usr/lib/libpcap.a lrwxrwxrwx 1 root root 14 2008-01-12 20:52 /usr/lib/libpcap.so -> libpcap.so.0.8 lrwxrwxrwx 1 root root 16 2008-02-11 06:33 /usr/lib/libpcap.so.0.8 -> libpcap.so.0.9.7 -rw-r--r-- 1 root root 182224 2007-10-04 23:28 /usr/lib/libpcap.so.0.9.7 Franck's suggestion of emailing the anonymized test output is a good one; it should contain the 6.test output above. Thanks, -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > Thanks, > > Scott > > > ----- Original Message ---- > From: Franck Joncourt <fra...@dt...> > To: fwk...@li... > Cc: sco...@ya... > Sent: Sunday, June 15, 2008 4:39:30 PM > Subject: Re: [Fwknop-discuss] Install on Ubuntu Server > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > sco...@ya... wrote: > > Hi, > > > How To: Install a Port Knocker - FWKNOP - Ubuntu Forums > > http://ge.ubuntuforums.com/showthread.php?t=812573 > > [...] > > > Many tests failed before I ran that command. I am now down to only four > > tests failing: 56, 57, 134, and 135. > > > > 56: > > MSG: [*] Dubious sniffed packet format > > TEST: (Destination port randomness) Verifying SPA format, STATUS: fail > > > > 57: > > MSG: [*] SPA access rules for 127.0.0.2 do not exist. > > TEST: (Destination port randomness) Rules exist, STATUS: fail > > > > 134: > > MSG: [*] Local access and DNAT access not granted > > TEST: (Local NAT rand NAT/dst port) Local access rules exist, STATUS: fail > > > > 135: > > MSG: [*] Dubious sniffed packet format > > TEST: (Local NAT rand NAT/dst port) Verifying packet format, STATUS: fail > > > > Can anyone give me some clues on how to fix these? > > What about the files in the output directory ? Give us a link or enclose > them. > > 55.test > 56.test > 57.test > > and > > 133.test > 134.test > 135.test > > maybe *.ipterr and *.iptout. > > [quote=README] > ...you can use the --Prepare-results argument on the > fwknop_test.pl command line to automatically anonymize the test output > results. > [/quote] > > I do not know if this is needed in your case :p! > > Regards, > > - -- > Franck Joncourt > http://debian.org - http://smhteam.info/wiki/ > Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkhVjBIACgkQxJBTTnXAif6xlQCgkpnAvIdCBsq/OzXKSpjbsSLh > VccAn13z/IqhbK2ioGd6s6WOEDQpFlM0 > =x2S5 > -----END PGP SIGNATURE----- |
From: Michael R. <mb...@ci...> - 2008-06-19 03:34:03
|
On Jun 17, 2008, sco...@ya... wrote: > I checked the 6.test output, and the results were similar. I decided to remove libpcap0.7, which also removed libnet-pcap-perl, so I was back to where I started. Many tests now failed. > > So, I looked again at that article on Ubuntu Forums which I mentioned before (see below), and I decided to run: > > sudo aptitude install libpcap-dev > > I then re-ran the fwknop installation script, merging my previous fwknop config, and then I re-ran the fwknop test script. All 152 tests passed! > > Please note that this is a system where I have previously run: > > sudo aptitude install build-essential linux-headers-`uname -r` > > Maybe Michael can confirm that those are needed. I haven't tried to install fwknop on a system without those installed. build-essential is necessary, but I'm not sure if the linux-headers package needs to be installed since I don't think I've tried building anything significant on a system where that package was not installed. My gut feeling is that the libpcap might need it, but I could be wrong. > I did not download and install Net-Pcap from CPAN, per the above article, because it looked like fwknop already had it. The version of Net::Pcap on CPAN is newer than the one that is bundled with fwknop (which work pretty well). There are options for installing the newest Net::Pcap from CPAN and have fwknopd use it if you like. Thanks, -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > Thanks guys! > > - Scott > > > ----- Original Message ---- > From: Michael Rash <mb...@ci...> > To: fwk...@li... > Sent: Monday, June 16, 2008 7:01:42 AM > Subject: Re: [Fwknop-discuss] Install on Ubuntu Server > > On Jun 15, 2008, sco...@ya... wrote: > > > Franck, > > > > I'll email you a single archive file with the output of: > > > > 55.test > > 56.test > > 57.test > > 129.test > > 130.test > > 131.test > > 133.test > > 134.test > > 135.test > > test.log > > fwknopd.ipterr > > fwknopd.iptout > > knoptm.ipterr > > knoptm.iptout > > > > (130 and 131 had also failed.) > > > > I will also email it to anyone who requests it until I fix this, at which time I'll post my fix(es) to the list. > > The failed tests are for the port randomization features which > use a pcap filter as follows (in the fwknop.conf file for each of the > failed tests): > > PCAP_FILTER udp dst portrange 10000-65535; > > This type of filter statement is not supported in some older versions of > libpcap, so I suspect that you might just need to upgrade your pcap > library and then those tests should work. > > In the test/output/6.test file, the fwknop_test.pl script collects some > system specifics, including information about the installed pcap > library. Here is an excerpt of that output on my system: > > # ldd /usr/sbin/tcpdump > libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 > (0x00002abbbc8f5000) > libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0x00002abbbcc76000) > libc.so.6 => /lib/libc.so.6 (0x00002abbbcea3000) > libdl.so.2 => /lib/libdl.so.2 (0x00002abbbd1fe000) > libz.so.1 => /usr/lib/libz.so.1 (0x00002abbbd403000) > /lib64/ld-linux-x86-64.so.2 (0x00002abbbc6d7000) > # ls -l /usr/lib/*pcap* > -rw-r--r-- 1 root root 313128 2007-10-04 23:28 /usr/lib/libpcap.a > lrwxrwxrwx 1 root root 14 2008-01-12 20:52 /usr/lib/libpcap.so -> > libpcap.so.0.8 > lrwxrwxrwx 1 root root 16 2008-02-11 06:33 /usr/lib/libpcap.so.0.8 > -> libpcap.so.0.9.7 > -rw-r--r-- 1 root root 182224 2007-10-04 23:28 /usr/lib/libpcap.so.0.9.7 > > Franck's suggestion of emailing the anonymized test output is a good > one; it should contain the 6.test output above. > > Thanks, > > -- > Michael Rash > http://www.cipherdyne.org/ > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F > > > > > Thanks, > > > > Scott > > > > > > ----- Original Message ---- > > From: Franck Joncourt <fra...@dt...> > > To: fwk...@li... > > Cc: sco...@ya... > > Sent: Sunday, June 15, 2008 4:39:30 PM > > Subject: Re: [Fwknop-discuss] Install on Ubuntu Server > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > sco...@ya... wrote: > > > > Hi, > > > > > How To: Install a Port Knocker - FWKNOP - Ubuntu Forums > > > http://ge.ubuntuforums.com/showthread.php?t=812573 > > > > [...] > > > > > Many tests failed before I ran that command. I am now down to only four > > > tests failing: 56, 57, 134, and 135. > > > > > > 56: > > > MSG: [*] Dubious sniffed packet format > > > TEST: (Destination port randomness) Verifying SPA format, STATUS: fail > > > > > > 57: > > > MSG: [*] SPA access rules for 127.0.0.2 do not exist. > > > TEST: (Destination port randomness) Rules exist, STATUS: fail > > > > > > 134: > > > MSG: [*] Local access and DNAT access not granted > > > TEST: (Local NAT rand NAT/dst port) Local access rules exist, STATUS: fail > > > > > > 135: > > > MSG: [*] Dubious sniffed packet format > > > TEST: (Local NAT rand NAT/dst port) Verifying packet format, STATUS: fail > > > > > > Can anyone give me some clues on how to fix these? > > > > What about the files in the output directory ? Give us a link or enclose > > them. > > > > 55.test > > 56.test > > 57.test > > > > and > > > > 133.test > > 134.test > > 135.test > > > > maybe *.ipterr and *.iptout. > > > > [quote=README] > > ...you can use the --Prepare-results argument on the > > fwknop_test.pl command line to automatically anonymize the test output > > results. > > [/quote] > > > > I do not know if this is needed in your case :p! > > > > Regards, > > > > - -- > > Franck Joncourt > > http://debian.org - http://smhteam.info/wiki/ > > Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.9 (GNU/Linux) > > > > iEYEARECAAYFAkhVjBIACgkQxJBTTnXAif6xlQCgkpnAvIdCBsq/OzXKSpjbsSLh > > VccAn13z/IqhbK2ioGd6s6WOEDQpFlM0 > > =x2S5 > > -----END PGP SIGNATURE----- > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Fwknop-discuss mailing list > Fwk...@li... > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss |