Re: [Nufw-users] no reaction

[Henrik Lohse]

hi again,

> Le ven 19/12/2003 à 21:35, Henrik Lohse a écrit :
> > hi everybody,
> >
> > i am trying to get nufw working... after some work and a lot
> > of try and error the sources of nufw-0.6.1 compiled.
>
> Could you indicate us which problem did occur ?

my distro didn't set the PKG_CONFIG_PATH correctly, thus ./configure
didn't find glib2 (i am using a suse 8.1 minimal installation recently
updated to 9.0). before i found the solution of the problem i tried
to use autogen.sh but the autogen.sh complained that there is an
"underquoted definition of AM_PATH_GLIB_2_0" but the shipped ./configure
script works despite it.

then i recompiled iptables but the configure-script was unable to find the
libipq. when i copied the headerfiles to /usr/include it worked.

finally there was a problem with the postgressql-library. i had to adjust
the include line of libpq_fe.h in file log_pgsql.h to make it run.
(btw, i didn't want to use pgsql_log and didn't configure it
"--with-pgsql-log", but it seemed the libs where needed)


>
>
> > to try it out, i put a nuAccount user (gid 1000) into my ldap and put
> > the rule allow all like this:
> > nuaclgen -A "cn=complete,ou=acls,dc=example,dc=com" -j ACCEPT -g 0,1000
>
> Have you add an iptables rules on the gateway ?
> try someting like :
>       iptables -I FORWARD -d IP_WEBSITE -p tcp --dport 80 \\
>       -m state --state NEW -j QUEUE
> to check nufw on a website

i had a rule
iptables -I FORWARD 5 -j QUEUE
(thus without the state NEW thing, but it doesn't work with it, either)

> Is nufw running on the gateway ?
yes it is running and in full debug mode, it frequently prints a line
[25460] rx : 0, tx : 0, track_size : 0, start_list : (nil)

no change while trying to connect to the website.

nuauth ist running on the gateway,too. it produces some messages like

entering user_check
user
connection: src=192.168.0.2 dst=ip_website proto=6
sport=33764 dport=80

reading password

inititiating crypt internal structure
creating new user 10000

starting search and fill

creating new element

user packet before auth packet

leaving user_check

that's all, nufw doesn't change it's output ...

on the router nutcpc, nuauth and nufw are listening on the udp-ports
1037,1038,4128,4129,4130


> > on the client machine i start the nutcpc with my nuAccount userid.
> > when i start a website (first try by ip) from the client, it seems like
> > the authentification works. (at least the -v x 10 - switch with nuauth
> > doesn't say anything about a wrong password).
>
> in full debug mode you should see something like :
>       Sending auth answer 1 for 3327739616
> if all work correctly (both nufw and user packet receive)

i don't get such a message :-(

> > but then happens nothing, i don't get an error nor do i see the website.
> >
> > does anybody have any idea about what i am missing ?
>
> Hope this mail help.
>
> BR,
> --
> Eric Leblond
> Nufw, Now User Filtering Works (http://www.nufw.org)
>

thank you very much, any further assistance would be greatly appreciated.

best regards
 henne