Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
taki oto problem sie pojawil:
grep "iptables" /var/log/kernel.log
Apr 22 07:53:39 sidbox kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. Apr 23 08:55:08 sidbox kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. Apr 24 10:00:52 sidbox kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. Apr 25 17:10:33 sidbox kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. Apr 26 16:27:32 sidbox kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
sudo iptables -t raw -S -P PREROUTING ACCEPT -P OUTPUT ACCEPT sudo iptables -t nat -S iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. sudo iptables -t mangle -S -P PREROUTING ACCEPT -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT sudo iptables -t filter -S -P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o lo -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Ostatnio edytowany przez pink (2014-04-28 13:18:31)
Offline
Tabeli NAT nie ma?
Jakim cudem?
Sam kompilowałeś jajo?
Offline
tak sam kompilowalem jajo.
Offline
[quote=pink]tak sam kompilowalem jajo.[/quote]
O tym widocznie też „zapomniałeś” napisać.
Pokaż:
zgrep CONFIG_NF_ /proc/config.gz
A co do tamtych komunikatów:
http://comments.gmane.org/gmane.linux.network/229974
https://home.regit.org/netfilter-en/secure-use-of-helpers/
Offline
zgrep CONFIG_NF_ /proc/config.gz CONFIG_NF_CONNTRACK=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y # CONFIG_NF_CONNTRACK_TIMEOUT is not set # CONFIG_NF_CONNTRACK_TIMESTAMP is not set # CONFIG_NF_CT_PROTO_DCCP is not set CONFIG_NF_CT_PROTO_GRE=y # CONFIG_NF_CT_PROTO_SCTP is not set CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_BROADCAST=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y # CONFIG_NF_CONNTRACK_SNMP is not set CONFIG_NF_CONNTRACK_PPTP=y # CONFIG_NF_CONNTRACK_SANE is not set CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NF_CT_NETLINK_TIMEOUT is not set CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y # CONFIG_NF_NAT_IPV4 is not set # CONFIG_NF_DEFRAG_IPV6 is not set # CONFIG_NF_CONNTRACK_IPV6 is not set
Offline
Kod:
# CONFIG_NF_NAT_IPV4 is not set[/quote]
Offline
no widze, widze zasysam nowy i kompiluje.
Offline
A po co ssać nowy i kompilować?
Zmieniasz w .config
linijkę
# CONFIG_NF_NAT_IPV4 is not set
na
CONFIG_NF_NAT_IPV4 = y (albo CONFIG_NF_NAT_IPV4 = m)
puszczasz make, podmieniasz kernel i finito
Offline
wiem ale jak juz sie mam bawic to sobie przy okazji swiezy zapodam.
grep CONFIG_NF_ .config CONFIG_NF_CONNTRACK=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y # CONFIG_NF_CONNTRACK_TIMEOUT is not set # CONFIG_NF_CONNTRACK_TIMESTAMP is not set # CONFIG_NF_CT_PROTO_DCCP is not set CONFIG_NF_CT_PROTO_GRE=y # CONFIG_NF_CT_PROTO_SCTP is not set CONFIG_NF_CT_PROTO_UDPLITE=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_BROADCAST=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y # CONFIG_NF_CONNTRACK_SNMP is not set CONFIG_NF_CONNTRACK_PPTP=y # CONFIG_NF_CONNTRACK_SANE is not set CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=y CONFIG_NF_CT_NETLINK=y # CONFIG_NF_CT_NETLINK_TIMEOUT is not set CONFIG_NF_NAT=y CONFIG_NF_NAT_NEEDED=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_SIP=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_NF_NAT_IPV4=y CONFIG_NF_NAT_PROTO_GRE=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y # CONFIG_NF_DEFRAG_IPV6 is not set # CONFIG_NF_CONNTRACK_IPV6 is not set
teraz bedzie ok???
Ostatnio edytowany przez pink (2014-04-26 23:13:06)
Offline
CONFIG_NF_CONNTRACK=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NF_CONNTRACK_ZONES=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_TIMESTAMP=y CONFIG_NF_CT_PROTO_DCCP=m CONFIG_NF_CT_PROTO_GRE=m CONFIG_NF_CT_PROTO_SCTP=m CONFIG_NF_CT_PROTO_UDPLITE=m CONFIG_NF_CONNTRACK_AMANDA=m CONFIG_NF_CONNTRACK_FTP=m CONFIG_NF_CONNTRACK_H323=m CONFIG_NF_CONNTRACK_IRC=m CONFIG_NF_CONNTRACK_BROADCAST=m CONFIG_NF_CONNTRACK_NETBIOS_NS=m CONFIG_NF_CONNTRACK_SNMP=m CONFIG_NF_CONNTRACK_PPTP=m CONFIG_NF_CONNTRACK_SANE=m CONFIG_NF_CONNTRACK_SIP=m CONFIG_NF_CONNTRACK_TFTP=m CONFIG_NF_CT_NETLINK=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m CONFIG_NF_CONNTRACK_PROC_COMPAT=y CONFIG_NF_NAT=m CONFIG_NF_NAT_NEEDED=y CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_DCCP=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PROTO_UDPLITE=m CONFIG_NF_NAT_PROTO_SCTP=m CONFIG_NF_NAT_FTP=m CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_TFTP=m CONFIG_NF_NAT_AMANDA=m CONFIG_NF_NAT_PPTP=m CONFIG_NF_NAT_H323=m CONFIG_NF_NAT_SIP=m CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m
w standardowym debiana wszystko masz jako moduły
Offline
# CONFIG_NF_CONNTRACK_TIMEOUT is not set # CONFIG_NF_CONNTRACK_TIMESTAMP is not set
To mnie dziwi, ja mam:
zgrep -i CONNTRACK /proc/config.gz CONFIG_NF_CONNTRACK=y CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NF_CONNTRACK_ZONES=y CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_TIMEOUT=y CONFIG_NF_CONNTRACK_TIMESTAMP=y CONFIG_NF_CONNTRACK_LABELS=y CONFIG_NF_CONNTRACK_AMANDA=y CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_CONNTRACK_H323=y CONFIG_NF_CONNTRACK_IRC=y CONFIG_NF_CONNTRACK_BROADCAST=y CONFIG_NF_CONNTRACK_NETBIOS_NS=y CONFIG_NF_CONNTRACK_SNMP=m CONFIG_NF_CONNTRACK_PPTP=m CONFIG_NF_CONNTRACK_SANE=m CONFIG_NF_CONNTRACK_SIP=y CONFIG_NF_CONNTRACK_TFTP=m CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_CONNTRACK_PROC_COMPAT=y
Może coś za dużo, ale żadnych problemów nie widzę.
# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
To też bym włączył na twoim miejscu.
Ja mam:
CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_ACCT=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NF_CT_NETLINK=y CONFIG_NF_CT_NETLINK_TIMEOUT=m CONFIG_NF_CT_NETLINK_HELPER=m CONFIG_NETFILTER_NETLINK_QUEUE_CT=y CONFIG_NETLINK_MMAP=y CONFIG_NETLINK_DIAG=y # CONFIG_SCSI_NETLINK is not set CONFIG_QUOTA_NETLINK_INTERFACE=y
Pozdro
;-)
Offline
iptables -t nat -S -P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT root@sidbox:/home/przemo# iptables -t mangle -S -P PREROUTING ACCEPT -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT root@sidbox:/home/przemo# iptables -t filter -S -P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o lo -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ale firewall nie startuje
# openrc /lib/rc/sh/runscript.sh: 272: exec: : Permission denied * ERROR: firewall failed to start
openrc nie daje rady z sysv-rc-conf jest git
Ostatnio edytowany przez pink (2014-04-27 23:41:18)
Offline
A po co FW pakować do /etc/init.d/?
Albo go wsadź do /etc/network/if-pre-up.d/, albo wywołaj z /etc/network/interfaces.
Ja od zawsze skrypt do FW mam w /usr/local/bin/{nazwa_skrypta},
i podnosi się w Gentoo wywołany w konfigu /etc/conf.d/net, który jest odpowiednikiem Debianowego /etc/network/interfaces.
SOA#1
Ostatnio edytowany przez Jacekalex (2014-04-28 12:56:02)
Offline
dziala, dzieki.
Offline
[quote=pink]dziala, dzieki.[/quote]
Działa?
Jakoś w pierwszym poście w temacie żadnego [SOLVED] ani nic podobnego nie zauważyłem. ;)
Offline
no i znowu sie czapiaja ;-). to gdzie mam to [solved] dopisac??? do tematu.
Offline
Dokładnie, tematu w pierwszym poście, żeby było wiadome wszem i wobec, że wątek zawiera rozwiązanie problemu. ;)
Offline
Time (s) | Query |
---|---|
0.00012 | SET CHARSET latin2 |
0.00004 | SET NAMES latin2 |
0.00107 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.15.148.203' WHERE u.id=1 |
0.00071 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '3.15.148.203', 1732677797) |
0.00058 | SELECT * FROM punbb_online WHERE logged<1732677497 |
0.00069 | SELECT topic_id FROM punbb_posts WHERE id=264867 |
0.00005 | SELECT id FROM punbb_posts WHERE topic_id=25704 ORDER BY posted |
0.00082 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=25704 AND t.moved_to IS NULL |
0.00005 | SELECT search_for, replace_with FROM punbb_censoring |
0.00215 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=25704 ORDER BY p.id LIMIT 0,25 |
0.00090 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=25704 |
Total query time: 0.00718 s |