Bastille on centos4 and ping6 error? [Archive] - HowtoForge Forums

View Full Version : Bastille on centos4 and ping6 error?

zenny

2nd September 2007, 11:50

I have installed Bastille as instructed here: http://www.howtoforge.com/bastille_firewall_centos

But at the end, it gave an error message, that reads:

ERROR: Bastille tried to use $GLOBAL_BIN{'ping6'} but it does not exist.

I checked whether I have ping6 (it did) and found the following:

-rwxr-xr-x 1 root root 33272 May 3 03:15 /bin/ping
-rwsr-xr-x 1 root root 30924 May 3 03:15 /bin/ping6
lrwxrwxrwx 1 root root 10 Aug 17 18:00 /usr/sbin/ping6 -> /bin/ping6

]# locate ping6
/bin/ping6
/usr/sbin/ping6

I checked all over the internet and could not find a solution. Some links that I tried are: http://answers.yahoo.com/question/index?qid=20061027135436AA9K3iI
http://www.linuxquestions.org/questions/showthread.php?t=273817
http://osdir.com/ml/security.bastille.general/2005-06/msg00004.html
http://66.102.9.104/search?q=cache:PT1k02ZkBN0J:sourceforge.net/mailarchive/forum.php%3Fforum_id%3D7003%26max_rows%3D25%26styl e%3Dnested%26viewmonth%3D200501+ERROR:+Bastille+tr ied+to+use+%24GLOBAL_BIN%7B%27ping6%27%7D+but+it+d oes+not+exist.&hl=en&ct=clnk&cd=1&client=iceweasel-a

Everyone seems to have the same problem but could not locate a solution. Experts here, I am sure, might have encountered similar problem, and have overcome the problem. Please pass any suggestion. Thanks in advance.

falko

3rd September 2007, 22:06

Is ping6 referenced somewhere in bastille-firewall.cfg?

zenny

4th September 2007, 10:15

Dear Falko:

Thanks for your reply.

1) Nowhere in the bastille-firewall.cfg is ping6 referenced!

2) Another problem that I am encountering with centos4.4 with openvz is that after installing the bastille, I could not access the VEs from outside even after I added venet+ as public interfaces in the bastille-firewall.cfg?

What other places that I need to tweak to get the VEs can be accessed from the internet?

Thanks again!

zenny

4th September 2007, 10:47

The ping6 part is yet unresolved. However, I solved the second part of the problem with this:

In the hardware node where I installed Bastille, I created a script at /etc/Bastille/firewall.d/post-rule.d and included the following lines to make port 80 and 22 of the VE to give access. I also added venet+ to the public interfaces in the bastille-firewall.cfg file. The contents of the post-rule.d are:

iptables -A FORWARD -p tcp -d 192.168.1.251 --dport 22 --syn -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.1.251 --dport 80 --syn -j ACCEPT
iptables -A FORWARD -s 192.168.1.251 -j ACCEPT

At the end I made the script executable by 'chmod +x post-rule.d'.

I hope it helps to someone who are having similar problem like mine.

hansbkk

16th April 2009, 11:50

From http://chihungchan.blogspot.com/2008/04/bastille-tried-to-use-globalbinping6.html

--------------

Explicitly define the full path of ping6 right after the package definition as shown below. Guess what, bastille runs without any error. I won't say the problem is solved, but at least I provided a workaround.
$ cat API.pm
...
...
package Bastille::API;
$GLOBAL_BIN{'ping6'}="/bin/ping6";