shorewall 问题。

Lssac

由于原来的内核没有编译  cbq  sfq  等一些整流功能。
shorewall 的TC 功能没有办法调用 。

于是重新编译内核，但奇怪的是升级内核后。。。shorewall 却没有办法启动了。
启动过程中shorewall提示 iptables 语法出错..... 晕。。。

请问有那位大侠有这方面的经验。。。请赐教！ 谢谢～～～～

roamingo

具体出错信息是啥？

Lssac

[root@localhost lssac]# /etc/init.d/shorewall restart
Compiling...
Determining Zones...
   IPv4 Zones: loc1 loc
   Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
   loc1 Zone: eth0:192.168.1.0/24
   loc Zone: eth0:0.0.0.0/0
Pre-processing Actions...
   Pre-processing /usr/share/shorewall/action.Drop...
   Pre-processing /usr/share/shorewall/action.Reject...
   Pre-processing /usr/share/shorewall/action.Limit...
Deleting user chains...
Compiling /etc/shorewall/routestopped ...
Compiling Accounting...
Creating Interface Chains...
Compiling Proxy ARP
Compiling NAT...
Compiling NETMAP...
Compiling Common Rules
Compiling IP Forwarding...
Compiling /etc/shorewall/rules...
Compiling /etc/shorewall/tunnels...
Compiling Actions...
Compiling /usr/share/shorewall/action.Drop for Chain Drop...
Compiling /usr/share/shorewall/action.Reject for Chain Reject...
Compiling /etc/shorewall/policy...
Compiling /etc/shorewall/tos...
Compiling /etc/shorewall/ecn...
Compiling Traffic Control Rules...
Validating /etc/shorewall/tcdevices...
Validating /etc/shorewall/tcclasses...
Compiling Rule Activation...
Compiling Refresh of Black List...
Compiling Refresh of /etc/shorewall/ecn...
Validating /etc/shorewall/tcdevices...
Validating /etc/shorewall/tcclasses...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Processing /etc/shorewall/params ...
   Shorewall is not running
Starting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Clearing Traffic Control/QOS
Deleting user chains...
iptables: Unknown error 4294967295
   ERROR: Command "/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT" Failed
Processing /etc/shorewall/stop ...
iptables v1.3.5: Couldn't load target `Ifw':/lib/iptables/libipt_Ifw.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
ipset v2.2.9: Error from kernel: Protocol not available
ipset v2.2.9: Error from kernel: Protocol not available
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
Processing /etc/shorewall/stopped ...
/sbin/shorewall: line 786:  6827 已终止               $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart

Lssac

用系统原来的内核 提示的错误是






Jun 28 09:08:06 mail shorewall: Setting up Masquerading/SNAT...
Jun 28 09:08:06 mail shorewall: Setting up TC Rules...
Jun 28 09:08:06 mail shorewall: Setting up Traffic Control...
Jun 28 09:08:06 mail shorewall: Unknown qdisc "htb", hence option "default" is unparsable
Jun 28 09:08:06 mail shorewall:    ERROR: Command "tc qdisc add dev ppp0 root handle 1: htb default 13" Failed
Jun 28 09:08:06 mail lssac: ERROR:Shorewall restart failed
Jun 28 09:08:06 mail shorewall: Processing /etc/shorewall/stop ...
Jun 28 09:08:06 mail shorewall:    WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables
Jun 28 09:08:06 mail shorewall: IP Forwarding Enabled
Jun 28 09:08:06 mail shorewall: Processing /etc/shorewall/stopped ...
Jun 28 09:08:06 mail lssac: Shorewall Stopped
Jun 28 09:08:06 mail shorewall: /sbin/shorewall: line 647: 32511 Terminated              $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
Jun 28 09:08:06 mail shorewall: shorewall startup failed

Lssac

Post by Lssac
用系统原来的内核 提示的错误是






Jun 28 09:08:06 mail shorewall: Setting up Masquerading/SNAT...
Jun 28 09:08:06 mail shorewall: Setting up TC Rules...
Jun 28 09:08:06 mail shorewall: Setting up Traffic Control...
Jun 28 09:08:06 mail shorewall: Unknown qdisc "htb", hence option "default" is unparsable
Jun 28 09:08:06 mail shorewall:    ERROR: Command "tc qdisc add dev ppp0 root handle 1: htb default 13" Failed
Jun 28 09:08:06 mail lssac: ERROR:Shorewall restart failed
Jun 28 09:08:06 mail shorewall: Processing /etc/shorewall/stop ...
Jun 28 09:08:06 mail shorewall:    WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables
Jun 28 09:08:06 mail shorewall: IP Forwarding Enabled
Jun 28 09:08:06 mail shorewall: Processing /etc/shorewall/stopped ...
Jun 28 09:08:06 mail lssac: Shorewall Stopped
Jun 28 09:08:06 mail shorewall: /sbin/shorewall: line 647: 32511 Terminated              $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
Jun 28 09:08:06 mail shorewall: shorewall startup failed

哈哈。。。。终于知道原因了。。。。

yum install iproute   安装上 iproute 这个包就可以解决问题了。

ibearz

楼主能详细说说，怎么用shorewall对数据进行整流么