Link to home
Start Free TrialLog in
Avatar of maomorta
maomorta

asked on

Linux firewall

Hi
I am using mandrake 8.2
I need to protect against atacks from the net
What is the best firewall for my case?
Is there some firewall that I can configure in X86 environment?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of ahoffmann
ahoffmann
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of maomorta
maomorta

ASKER

Hi
The program have a good interface but I have a problem
When I try to execute the shell script I receive the following error:

./test.fw
+ '[' -x /usr/bin/logger ']'
+ logger -p info 'Activating firewall script compaq.ottolini.pt.fw generated Fri May 31 01:27:34 2002 WET by fmmr'
+ modprobe ip_conntrack
/lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_conntrack.o.gz: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
modprobe: insmod /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_conntrack.o.gz failed
modprobe: insmod ip_conntrack failed
+ exit 1

Do you know how to correct it?
I highly recommend to build the iptables into the kernel, and not use modules.
The erro seems to be as it says: busy (invalid parameters, etc).
As root, list the modules you have currently loaded with lsmod. You should see something like this:

ipt_state                608   3  (autoclean)
ipt_MASQUERADE          1216   1  (autoclean)
ipt_LOG                 3104   7  (autoclean)
iptable_mangle          2144   0  (autoclean) (unused)
iptable_filter          1728   1  (autoclean)
iptable_nat            12756   1  [ipt_MASQUERADE]
ip_conntrack           12748   2  [ipt_state ipt_MASQUERADE iptable_nat]
ip_tables              10304   8  [ipt_state ipt_MASQUERADE ipt_LOG iptable_mangle iptable_filter iptable_nat]

These are the modules you need loaded for most iptables functions (if you want MAC filtering, you need to load ipt_mac as well).

Try loading the modules outside of the shell script using modprobe. Try:

modprobe ip_conntrack

and see what happens. Also try loading a couple of the other modules (like ip_tables and iptable_nat) and see if they load.