[TriLUG] Shorewall and iptable_nat

rasch at raschnet.com rasch at raschnet.com
Thu Mar 11 17:56:35 EST 2004


On Thu, Mar 11, 2004 at 04:54:27PM -0500, Owen Berry <trilugbucket at berrybunch.net> wrote:
> I recently installed shorewall on my box but don't seem to have covered
> all the possible bases in terms of my kernel configuration. Shorewall
> starts fine and seems to have done its job, but I get the following in
> my system log:
> 
> modprobe: Can't locate module iptable_nat
> 
> The most likely cause of this is that I chose to exclude iptable_nat
> (i.e. the module can't be found because it doesn't exist) when
> configuring my kernel, mainly because I'm only wanting a firewall, not a
> router.
> 
> Do I really need this module even if I'm not doing any routing?
> If I leave this as is, will my firewall be less secure?
> Any option within shorewall to turn off attempts to masquerade?
> 
> Thanks for any suggestions. I've googled and looked through the
> documentation but didn't see what I was looking for.

One of the shorewall configuration files is called "modules" and it
contains a list of modules to be loaded.  Your system will be no less
secure, as adding the NAT module simply allows for a new set of tables to
be setup in iptables PREROUTING,POSTROUTING, and OUTPUT, which occur
before routing, after routing, and right before sending packets onto the
wire (respectively).  

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040311/be249aee/attachment.pgp>


More information about the TriLUG mailing list