[TriLUG] Shorewall and iptable_nat
Chris Knowles
chrisk at trilug.org
Thu Mar 11 17:09:57 EST 2004
If all you're doing is protecting just that box, then no, you don't need
nat. However, shorewall tries to load it, and I've never loaded it on a
box that didn't have nat available.
the question is, is shorewall working. The best way to find out is to
ask it. "shorewall status" will give you a list of all rules in the
tables, and current connections through the firewall.
if that has the rules you are expecting, then yahoo! if not, then
apparently shorewall freaks out when NAT is loaded.
HTH,
CJK
On Thu, 2004-03-11 at 16:54, Owen Berry wrote:
> I recently installed shorewall on my box but don't seem to have covered
> all the possible bases in terms of my kernel configuration. Shorewall
> starts fine and seems to have done its job, but I get the following in
> my system log:
>
> modprobe: Can't locate module iptable_nat
>
> The most likely cause of this is that I chose to exclude iptable_nat
> (i.e. the module can't be found because it doesn't exist) when
> configuring my kernel, mainly because I'm only wanting a firewall, not a
> router.
>
> Do I really need this module even if I'm not doing any routing?
> If I leave this as is, will my firewall be less secure?
> Any option within shorewall to turn off attempts to masquerade?
>
> Thanks for any suggestions. I've googled and looked through the
> documentation but didn't see what I was looking for.
--
Chris Knowles <chrisk at trilug.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040311/bc466e8e/attachment.pgp>
More information about the TriLUG
mailing list