[TriLUG] Shorewall and iptable_nat

[Chris Knowles]

If all you're doing is protecting just that box, then no, you don't need
nat.  However, shorewall tries to load it, and I've never loaded it on a
box that didn't have nat available.  

the question is, is shorewall working.  The best way to find out is to
ask it.  "shorewall status" will give you a list of all rules in the
tables, and current connections through the firewall.

if that has the rules you are expecting, then yahoo!  if not, then
apparently shorewall freaks out when NAT is loaded.

HTH,
CJK

On Thu, 2004-03-11 at 16:54, Owen Berry wrote:
> I recently installed shorewall on my box but don't seem to have covered
> all the possible bases in terms of my kernel configuration. Shorewall
> starts fine and seems to have done its job, but I get the following in
> my system log:
> 
> modprobe: Can't locate module iptable_nat
> 
> The most likely cause of this is that I chose to exclude iptable_nat
> (i.e. the module can't be found because it doesn't exist) when
> configuring my kernel, mainly because I'm only wanting a firewall, not a
> router.
> 
> Do I really need this module even if I'm not doing any routing?
> If I leave this as is, will my firewall be less secure?
> Any option within shorewall to turn off attempts to masquerade?
> 
> Thanks for any suggestions. I've googled and looked through the
> documentation but didn't see what I was looking for.
-- 
Chris Knowles <chrisk at trilug.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040311/bc466e8e/attachment.pgp>