[TriLUG] Shorewall and iptable_nat
Owen Berry
trilugbucket at berrybunch.net
Thu Mar 11 22:44:59 EST 2004
I managed to figure out what is happening. Here's the answer for those
who are interested. Shorewall tests to see if the current system has NAT
capabilities by executing 'iptables -t nat -L -n' in the startup script,
and this is what causes the messages in my system log.
After detecting that there are no capabilities NAT, it gives error
messages if you try and specify anything that would cause something to
be created in the NAT table. I don't have anything so everything is
apparently running smoothly.
Commenting the unwanted modules out of the modules file only seems to do
something if the modules actually exist on the system. In this case they
don't and Shorewall picks that up before trying to load them.
Owen
On Thu, 2004-03-11 at 22:15, Owen Berry wrote:
> > One of the shorewall configuration files is called "modules" and it
> > contains a list of modules to be loaded. Your system will be no less
> > secure, as adding the NAT module simply allows for a new set of tables to
> > be setup in iptables PREROUTING,POSTROUTING, and OUTPUT, which occur
> > before routing, after routing, and right before sending packets onto the
> > wire (respectively).
> >
> > David
>
> I commented out the relevant lines in this file and still got the errors
> in my system log. Strange. I'll read up more about it tomorrow, but
> thanks for the tip.
More information about the TriLUG
mailing list