Shorewall Error

[ZDevil]

Hi,

I wonder if anyone can teach me how to get Shorewall to work in my C860 (Cacko Lite 122 + Hotfix).  

I installed these packages:
iptables-base_1.2.11-lite-1_arm.ipk and iptables-extras_1.2.11-2_arm.ipk (or either one is enough?)
iptables-modules_2.4.18-rmk 7-pxa3-embedix.ipk
iproute_2.2.4-sharprom-1.ipk
shorewall-1.4.5-1_sharprom_arm.ipk

When I enter the command to try to start the firewall I got this:

Code: [Select]

$ su
# /etc/rc.d/init.d/shorewall start
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Starting Shorewall...
Loading Modules...
Initializing...
Determining Zones...
   Zones: loc vpn
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
   Local Zone: eth0:0.0.0.0/0
   VPN Zone: ipsec0:0.0.0.0/0
Processing /etc/shorewall/init ...
iptables v1.2.11: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Processing /etc/shorewall/stop ...
iptables v1.2.11: can't initialize iptables table `mangle': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter':
Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter':
Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter':
Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter':
Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Processing /etc/shorewall/stopped ...
Terminated      
I try chmod 744 /etc/shorewall but it didn't help.  Very likely I just lose the picture.

However as I remember there was no issue at all when running Shorewall in the original sharp rom in the past.  Any idea?  

Thanks a zillion!
zdevil

[Meanie]

Hi,

I wonder if anyone can teach me how to get Shorewall to work in my C860 (Cacko Lite 122 + Hotfix). 

I installed these packages:
iptables-base_1.2.11-lite-1_arm.ipk and iptables-extras_1.2.11-2_arm.ipk (or either one is enough?)
iptables-modules_2.4.18-rmk 7-pxa3-embedix.ipk
iproute_2.2.4-sharprom-1.ipk
shorewall-1.4.5-1_sharprom_arm.ipk

When I enter the command to try to start the firewall I got this:

Code: [Select]

$ su
# /etc/rc.d/init.d/shorewall start
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Starting Shorewall...
Loading Modules...
Initializing...
Determining Zones...
   Zones: loc vpn
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
   Local Zone: eth0:0.0.0.0/0
   VPN Zone: ipsec0:0.0.0.0/0
Processing /etc/shorewall/init ...
iptables v1.2.11: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Processing /etc/shorewall/stop ...
iptables v1.2.11: can't initialize iptables table `mangle': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter':
Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter':
Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter':
Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.11: can't initialize iptables table `filter':
Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Processing /etc/shorewall/stopped ...
Terminated      
I try chmod 744 /etc/shorewall but it didn't help.  Very likely I just lose the picture.

However as I remember there was no issue at all when running Shorewall in the original sharp rom in the past.  Any idea?   

Thanks a zillion!
zdevil
[div align=\"right\"][a href=\"index.php?act=findpost&pid=77377\"][{POST_SNAPBACK}][/a][/div]

Since I only got a c3000, I am only guessing here, but you will need both iptables-base_1.2.11-lite-1_arm.ipk and iptables-extras_1.2.11-2_arm.ipk because iptables-base only has the most minimal set of modules required to run iptables, but shorewall is fully flexed and requires more modules to do everything so you will need iptables-extras as well. But you do not and should not have installed iptables-modules_2.4.18-rmk 7-pxa3-embedix.ipk, because it contains modules that iptables-base and iptables-extras contain as well and probably overriden some of them and might have broken some dependancies. iproute is only required if you are using dhcp but it wont hurt to have it. and of course you will need shorewall

[ZDevil]

Wow.  You're great!  Thanks for your advice.  I'll try it out tonight and report the results here.