Re: [Nufw-users] no reaction

[Eric Leblond]

Le mar 23/12/2003 à 13:31, Henrik Lohse a écrit :
> hola,

Guten tag !
By the way, could you tell us in which context you are testing nufw ? 

> > ok, check two things :
> >  1. Is the ip_queue module loaded ? the QUEUE target does not complain
> > when it's missing.
> 
> that was the problem, i had a kernel with no support for loadable
> modules but all netfilter options built in. but i didn't have
> support for experimental stuff ...

ok

> >  2. iptables -L FORWARD -nv to check if you have packet reaching line 5
> > (we never know ;-)
> 
>     7   348 QUEUE      all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           state NEW

fine

> one request to the website, packet counter notes it...
> it reaches the QUEUE target ...
> > > nuauth ist running on the gateway,too. it produces some messages like
> > >
> > > entering user_check
> > > user
> > > connection: src=192.168.0.2 dst=ip_website proto=6
> > > sport=33764 dport=80

you should be able to see message like :
packet :
connection: src=192.168.0.2 dst=ip_website proto=6
sport=33764 dport=80

If it is not the case, check your nufw and nuauth param.
They should be as follow (or something approaching) :
/usr/sbin/nufw -D -vvvv -l 4128 -d 127.0.0.1 -p 4129 -t 15 -T 1000

nufw sends auth packet to loopback address on port 4129 and wait reply
on 4128.

In nuauth.conf you should have :

# port for nufw gw request
nuauth_gw_packet_port=4129
# port where the nufw gw waits for authentification answer
nufw_gw_port=4128


> [2399] Sending request for 3244901600
> [2397] Dropped 3244901600
> [2397] rx : 51, tx : 0, track_size : 3, start_list : 0x804ee50

ok so nufw is sending packets. Seems that nuauth don't receive them. The
previous setting should fix this.

BR,
-- 
Eric Leblond
NuFW, Now User Filtering Works (http://www.nufw.org)

signature.asc
Description: Ceci est une partie de message numériquement signée.