Comments for ipkungfu
Re: Multiple Ext IP Addresses
I'm glad you're enjoying it! No new features are currently planned, and none are likely to be added unless someone else wants to develop a patch. I will likely be replacing ipkungfu in the future, and I don't currently have any development plans other than a small bugfix release in the near future.
Multiple Ext IP Addresses
Really loving IPKungfu but support for multiple external / internet IP addresses would be fantastic. Are there still plans to develop this feature and if so any timetime?
Re: IPKungfu - 0.6.1 - chkconfig not setting start up
Rocco,
Yep, that worked. Thanks!
Copied from the directory I untarred the source files and then copied from ./files/rc.ipkungfu in to /etc/init.d/ipkungfu
Then ran chkconfig --add ipkungfu and then chkconfig --level 2345 ipkungfu on
This worked like a charm!
Thanks!
Re: IPKungfu - 0.6.1 - chkconfig not setting start up
Rob,
There's currently no installer for the init script, since it's only been tested on about half a dozen distros. Manually copy files/rc.ipkungfu from the source into /etc/init.d, then chkconfig and all the other commands should work. If not, pop into the IRC channel and stick around for a bit (I noticed you stopped by but left before I got back).
Rocco
IPKungfu - 0.6.1 - chkconfig not setting start up
Hi folks,
I just installed IPKungfu on a CentOS 5 server and when i run the command 'chkconfig --levels 2345 ipkungfu on' I get this error:
error reading information on service ipkungfu: No such file or directory
This is on a Linux kernel 2.6.18-53.1.4.el5
While I can go in to /usr/local/sbin/ and get ipkungfu to run using this command: ipkungfu or ipkungfu --init
I'm also not finding the startup script in /etc/init.d or /etc/rc.d/*
ipkungfu doesn't exist in the services list when I do: chkconfig --list
I tried to add it using the command 'chkconfig --add ipkungfu' but I get the same error as before.
Any suggestions?
Squid transparent proxy problem
I have a problem with using ipkungfu to set up a transparent proxy with squid. I had everything working on one network. I moved the machine to its permanent home on another network and everything broke. I traced the problem with the gateway configuration to too many conflicting rules not getting cleared out when ipkungfu runs, so that is fixed.
/etc/ipkungfu/redirect.conf includes a line that says tcp:80:3128:internal. This doesn't seem to be used in the actual configuration. When I list the rules in iptables and grep for port 3128, I find there is not rule. What can I do?
Re: strange errors upon startup after upgrade to 2.6.17 kernel
> Andrew,
>
> Ipkungfu hasn't been tested yet on
> 2.6.17. There were a lot of changes to
> the netfilter code there, and it's very
> possible that it's incompatible with
> ipkungfu. I'll get around to testing it
> soon, and if necessary I'll release an
> update for compatibility.
>
>
> % I'd be very grateful for any hints
> what
> % should be done to take away these
> % errors. They did not show up while
> the
> % kernel was 2.6.16 and i wonder what
> went
> % wrong, perhaps some kernel options
> % should be enabled. My kernel config
> is
> % accessible at
> %
> %
> % gentoo tmp # /etc/init.d/ipkungfu
> start
> % * Starting ipkungfu ...
> % Bad argument `10.0.0.0/255.0.0.0'
> % Try `iptables -h' or 'iptables
> --help'
> % for more information.
> % Bad argument `10.0.0.0/255.0.0.0'
> % Try `iptables -h' or 'iptables
> --help'
> % for more information.
> % getsockopt failed strangely: No such
> % file or directory
> % getsockopt failed strangely: No such
> % file or directory
> % getsockopt failed strangely: No such
> % file or directory
> % getsockopt failed strangely: No such
> % file or directory
> [
> % ok ]
>
>
>
You can fix this by commenting the following line out of /etc/ipkungfu/cache/rules.cache
-A PREROUTING -s 10.0.0.0/255.0.0.0 -d ! 10.0.0.0/255.0.0.0 -j RETURN
Log gone awry
Great tool! Much more functional than many of the competitors. One issue that's cropped up is that my logging seems to be broken. Despite the conf file pointing at syslog (which is right) and ipkungfu -c coming up as loaded, nothing from it is showing up in syslog. Some attack analysis tools seem to indicate that the firewall is working perfectly, but there ought be a log of the attempts.
grep IPKF /var/log/syslog returns nothing.
I'm running mepis 6.0 (essentially dapper ubuntu). Any idea where my log output could be going?
Two question on ipkungfu
First off... I am thinking about running this on a WRT54gs under openwrt RC6. Is there anyway to allow for time restrictions. I know that I can set time restriction with iptables, but if I remember correctly, that is kernel based.
Secondly, is there any real documentation on using ipkungfu?
Does that mean you'll be replacing ipkungfu with a newer utility that you'll create (and hopefully publish), or getting rid of it in favor for something else.