Re: lookit does not start on bootup
On Sun, 04 Apr 2004 15:19:39 -0500, dircha <dircha@bethel.edu> wrote:
> I recall that lokkit never worked for me either. That prompted me just
> to learn how to use iptables manually, so I never figured out why lokkit
> was failing.
>
> After bringing it up manually, try:
> # iptables -L
> to be sure that it isn't just failing and suppressing the output, or
> failing and redirecting the ouput elsewhere.
No, iptables -L gives the right results.
> If the rules are being loaded when you bring it up manually, it's really
> hard to say what the problem might be, which is why I suspect it is just
> silently failing.
>
> If you could copy to the list the output of "$ ls /etc/rc*.d", "$ cat
> /etc/modules", "# iptables -L", "$ lsmod", and the contents of the rules
> script generated by lokkit, I could get a better idea of what is going
> on. At least these are the places I would look if I were going about
> diagnosing the problem on one of my own systems.
Ok. Output follows. Thanks.
> My hunch is that if it is silently failing when you bring it up
> manually, that the problem is that there are kernel modules not being
> loaded which are needed by iptables.
No, that is not the problem.
*****************************
$ ls /etc/rc*.d
*****************************
/etc/rc0.d:
K01kdm
K01xdm
K11cron
K14ppp
K15fetchmail
K19aumix
K19setserial
K19spamassassin
K20apache
K20apache2
K20athcool
K20bastille-firewall
K20cupsys
K20exim
K20inetd
K20lpd
K20lprng
K20makedev
K20rsync
K20ssh
K20timidity
K20udftools
K20xfs
K20xprint
K21alsa
K23ntp-server
K25hwclock.sh
K30etc-setserial
K55usbmgr
K75hdparm
K89atd
K89hotplug
K89klogd
K89shorewall
K90sysklogd
K99lokkit
S20sendsigs
S30urandom
S31umountnfs.sh
S35networking
S40umountfs
S90halt
/etc/rc1.d:
K01kdm
K01xdm
K11cron
K14ppp
K15fetchmail
K19aumix
K19spamassassin
K20apache
K20apache2
K20athcool
K20bastille-firewall
K20cupsys
K20exim
K20inetd
K20lpd
K20lprng
K20makedev
K20rsync
K20ssh
K20timidity
K20udftools
K20xfs
K20xprint
K21alsa
K23ntp-server
K55usbmgr
K89atd
K89klogd
K90sysklogd
K99lokkit
S11hotplug
S20single
S21aumix
/etc/rc2.d:
K11anacron
S01lokkit
S10sysklogd
S11hotplug
S11klogd
S14ppp
S15usbmgr
S19spamassassin
S20alsa
S20apache2
S20athcool
S20bastille-firewall
S20cupsys
S20exim
S20inetd
S20lpd
S20lprng
S20makedev
S20rsync
S20ssh
S20timidity
S20udftools
S20xfs
S20xprint
S21aumix
S23ntp-server
S89anacron
S89atd
S89cron
S91apache
S99fetchmail
S99kdm
S99rmnologin
S99stop-bootlogd
S99xdm
/etc/rc3.d:
K11anacron
S01lokkit
S10sysklogd
S11hotplug
S11klogd
S14ppp
S15usbmgr
S19spamassassin
S20alsa
S20apache2
S20athcool
S20bastille-firewall
S20cupsys
S20exim
S20inetd
S20lpd
S20lprng
S20makedev
S20rsync
S20ssh
S20timidity
S20udftools
S20xfs
S20xprint
S21aumix
S23ntp-server
S89anacron
S89atd
S89cron
S91apache
S99fetchmail
S99kdm
S99rmnologin
S99stop-bootlogd
S99xdm
/etc/rc4.d:
K11anacron
S01lokkit
S10sysklogd
S11hotplug
S11klogd
S14ppp
S15usbmgr
S19spamassassin
S20alsa
S20apache2
S20athcool
S20bastille-firewall
S20cupsys
S20exim
S20inetd
S20lpd
S20lprng
S20makedev
S20rsync
S20ssh
S20timidity
S20udftools
S20xfs
S20xprint
S21aumix
S23ntp-server
S89anacron
S89atd
S89cron
S91apache
S99fetchmail
S99kdm
S99rmnologin
S99stop-bootlogd
S99xdm
/etc/rc5.d:
K11anacron
S01lokkit
S10sysklogd
S11hotplug
S11klogd
S14ppp
S15usbmgr
S19spamassassin
S20alsa
S20apache2
S20athcool
S20bastille-firewall
S20cupsys
S20exim
S20inetd
S20lpd
S20lprng
S20makedev
S20rsync
S20ssh
S20timidity
S20udftools
S20xfs
S20xprint
S21aumix
S23ntp-server
S89anacron
S89atd
S89cron
S91apache
S99fetchmail
S99kdm
S99rmnologin
S99stop-bootlogd
S99xdm
/etc/rc6.d:
K01kdm
K01xdm
K11cron
K14ppp
K15fetchmail
K19aumix
K19setserial
K19spamassassin
K20apache
K20apache2
K20athcool
K20bastille-firewall
K20cupsys
K20exim
K20inetd
K20lpd
K20lprng
K20makedev
K20rsync
K20ssh
K20timidity
K20udftools
K20xfs
K20xprint
K21alsa
K23ntp-server
K25hwclock.sh
K30etc-setserial
K55usbmgr
K75hdparm
K89atd
K89hotplug
K89klogd
K89shorewall
K90sysklogd
K99lokkit
S20sendsigs
S30urandom
S31umountnfs.sh
S35networking
S40umountfs
S90reboot
/etc/rcS.d:
README
S02mountvirtfs
S05bootlogd
S05keymap.sh
S07hdparm
S10checkroot.sh
S18hwclockfirst.sh
S20module-init-tools
S20modutils
S30checkfs.sh
S30etc-setserial
S30procps.sh
S35devpts.sh
S35mountall.sh
S35mountkernfs
S36discover
S36hotplug
S38pppd-dns
S39dns-clean
S39ifupdown
S40hostname.sh
S40networking
S40shorewall
S45mountnfs.sh
S46setserial
S48console-screen.sh
S50hwclock.sh
S51ntpdate
S55bootmisc.sh
S55urandom
S70screen-cleanup
S70xfree86-common
S75sudo
*************************
/etc/modules
*************************
# /etc/modules: kernel modules to load at boot time.
#
# This file should contain the names of kernel modules that are
# to be loaded at boot time, one per line. Comments begin with
# a "#", and everything on the line after them are ignored.
usb-uhci
input
usbkbd
keybdev
emu10k1
usbmouse
agpgart
parport
parport_pc
isa-pnp
hid
input
keybdev
usbkbd
#added 7th June 2002 by Faheem
apm
#added 17th February 2004 by Faheem
psmouse
***************************
iptables -L
***************************
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere
tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere
udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere
udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
ACCEPT udp -- ns1.mindspring.com anywhere
udp spt:domain
ACCEPT udp -- ns2.mindspring.com anywhere
udp spt:domain
ACCEPT udp -- ns3.mindspring.com anywhere
udp spt:domain
REJECT tcp -- anywhere anywhere
tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere
udp reject-with icmp-port-unreachable
******************************
lsmod
******************************
Module Size Used by Not tainted
ipt_REJECT 3992 2 (autoclean)
mga 94460 11
iptable_filter 1772 1 (autoclean)
ip_tables 12288 2 [ipt_REJECT iptable_filter]
mousedev 4180 1
lp 6176 0 (autoclean)
apm 10028 1
hid 15240 0 (unused)
parport_pc 13444 1
parport 14272 1 [lp parport_pc]
agpgart 16444 3
emu10k1 56140 0
ac97_codec 13428 0 [emu10k1]
keybdev 2116 0 (unused)
input 3424 0 [mousedev hid keybdev]
usb-uhci 23248 0 (unused)
*********************************
/etc/default/lokkit
*********************************
#!/bin/sh
PATH=/sbin:$PATH
iptables -N RH-Lokkit-0-50-INPUT
iptables -F RH-Lokkit-0-50-INPUT
iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j
ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d
0/0 --dport 67:68 -i eth0 -j ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d
0/0 --dport 67:68 -i eth1 -j ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.185
--sport 53 -d 0/0 -j ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.186
--sport 53 -d 0/0 -j ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.187
--sport 53 -d 0/0 -j ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
Reply to: