You are not logged in.

Pages: 1

#1 2012-03-28 14:52:26

CoMfUcIoS
Member
Registered: 2012-03-28
Posts: 1

Shorewall/Iptables REDIRECT error

Hello to all,

I have a Shorewall Machine installed with 2 nics...

But i cant use REDIRECT on /etc/shorewall/rules nor i can use mac address ( ex. loc:~00-A0-C9-15-39-78 ) .. it gaves me an error .....

$uname -a

Linux Pride 3.2.8-1-ARCH #1 SMP PREEMPT Mon Feb 27 22:13:59 UTC 2012 i686 Intel(R) Celeron(R) CPU 2.66GHz GenuineIntel GNU/Linux

$shorewall version -a

shorewall-core: 4.5.1.1
shorewall: 4.5.1.1

$Shorewall debug restart

....
....
....
....
Processing /etc/shorewall/init ...
Processing /etc/shorewall/tcclear ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Setting up Traffic Control...
Preparing iptables-restore input...
Running debug_restore_input...
iptables: No chain/target/match by that name.
   ERROR: Command "/usr/sbin/iptables -A loc_dnat -p 6 --dport 80 -j REDIRECT --to-port 3128" Failed
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/tcclear ...
Running /usr/sbin/iptables-restore...
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped ...
/usr/share/shorewall/lib.common: line 112: 11336 Terminated              $SHOREWALL_SHELL $script $options $@

$shorewall show capabilities

Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Available
   Connection Tracking Match: Available
   Extended Connection Tracking Match Support: Available
   Packet Type Match: Not available
   Policy Match: Not available
   Physdev Match: Not available
   Physdev-is-bridged Support: Not available
   Packet length Match: Available
   IP range Match: Not available
   Recent Match: Not available
   Owner Match: Not available
   CONNMARK Target: Not available
   Connmark Match: Not available
   Raw Table: Available
   Rawpost Table: Not available
   IPP2P Match: Not available
   CLASSIFY Target: Not available
   Extended REJECT: Available
   Repeat match: Not available
   MARK Target: Available
   Extended MARK Target: Available
   Extended MARK Target 2: Available
   Mangle FORWARD Chain: Available
   Comments: Available
   Address Type Match: Available
   TCPMSS Match: Not available
   Hashlimit Match: Not available
   NFQUEUE Target: Not available
   Realm Match: Not available
   Helper Match: Not available
   Connlimit Match: Not available
   Time Match: Not available
   Goto Support: Available
   LOGMARK Target: Not available
   IPMARK Target: Not available
   LOG Target: Available
   ULOG Target: Available
   NFLOG Target: Not available
   Persistent SNAT: Available
   TPROXY Target: Not available
   FLOW Classifier: Available
   fwmark route mask: Available
   Mark in any table: Available
   Header Match: Not available
   ACCOUNT Target: Not available
   AUDIT Target: Not available
   ipset V5: Not available
   Condition Match: Not available
   Statistic Match: Not available
   IMQ Target: Not available
   DSCP Match: Not available
   DSCP Target: Not available
   iptables -S: Available
   Basic Filter: Available
   CT Target: Not available

Ty for ur time even readin this, waitin for ur help smile I m sure i mmissing smth on kernel...

John

Last edited by CoMfUcIoS (2012-03-28 14:58:41)

Offline

Pages: 1

Board footer

Powered by FluxBB