Re: [Nufw-users] setting up nuFW

[Vincent Deffontaines]

Muhammad wrote:
> Hi
> I have been having a tough time setting up nuFW. Having installed the
> package (with it's own pains of course! ;-)) I followed the instruction
> from nuFW howto to test my nuFW but with no luck.
> I start 'nuauth' and 'nufw' processes on a  same machine. I use plaintext
> mode for user list as well as acls. When I set netfilter rules, I start
> nutcpc and the authentication seemingly takes place successfully (by
> entering username and passwrod). But I see no log about authenticating a
> user in nuath output (though I use -vvvvvvvvv for most verbose mode).
> Moreover, when I try 'ssh' or there is no sign of activity in the nufw
> output and packets are dropped as if never taken from the QUEUE. Am I
> losing any details in configuration?
>
> *netfilter rules:
> $iptables -A OUTPUT -p tcp --dport ssh -m state --state NEW --syn -j QUEUE
> $iptables -A OUTPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> *services:
> $nuauth -vvvvvvvvv
> $nufw -vvvvvvvvv
>
> * and the config file:
> same as default except for the following lines:
>
> nuauth_client_listen_addr="192.168.70.85"
> nuauth_nufw_listen_addr="192.168.70.85"
> nufw_gw_addr="192.168.70.85"
> nuauth_user_check_module="libplaintext"
>
> Thanks,
> --Muhammad
>

Hi,

Your config seems fine.
Maybe you forgot to "modprobe ip_queue" ? If so, nufw receives no packet,
and Netfilter does not complain about you using the QUEUE target (ie,
QUEUEd packets go nowhere).

If that is not the problem, try to also run "nufw -vvvvvvvvvv" and see if
it sees packets through.

Also, you can ./configure with the "--with-debug" option for more verbose
output, if neeeded.

Regards,

Vincent