Bastille on centos4 and ping6 error?

Discussion in 'HOWTO-Related Questions' started by zenny, Sep 2, 2007.

  1. zenny

    zenny New Member

    I have installed Bastille as instructed here: http://www.howtoforge.com/bastille_firewall_centos

    But at the end, it gave an error message, that reads:

    ERROR: Bastille tried to use $GLOBAL_BIN{'ping6'} but it does not exist.


    I checked whether I have ping6 (it did) and found the following:

    -rwxr-xr-x 1 root root 33272 May 3 03:15 /bin/ping
    -rwsr-xr-x 1 root root 30924 May 3 03:15 /bin/ping6
    lrwxrwxrwx 1 root root 10 Aug 17 18:00 /usr/sbin/ping6 -> /bin/ping6

    ]# locate ping6
    /bin/ping6
    /usr/sbin/ping6

    I checked all over the internet and could not find a solution. Some links that I tried are: http://answers.yahoo.com/question/index?qid=20061027135436AA9K3iI
    http://www.linuxquestions.org/questions/showthread.php?t=273817
    http://osdir.com/ml/security.bastille.general/2005-06/msg00004.html
    http://66.102.9.104/search?q=cache:... exist.&hl=en&ct=clnk&cd=1&client=iceweasel-a

    Everyone seems to have the same problem but could not locate a solution. Experts here, I am sure, might have encountered similar problem, and have overcome the problem. Please pass any suggestion. Thanks in advance.
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Is ping6 referenced somewhere in bastille-firewall.cfg?
     
  3. zenny

    zenny New Member

    Dear Falko:

    Thanks for your reply.

    1) Nowhere in the bastille-firewall.cfg is ping6 referenced!


    2) Another problem that I am encountering with centos4.4 with openvz is that after installing the bastille, I could not access the VEs from outside even after I added venet+ as public interfaces in the bastille-firewall.cfg?

    What other places that I need to tweak to get the VEs can be accessed from the internet?

    Thanks again!
     
    Last edited: Sep 4, 2007
  4. zenny

    zenny New Member

    Solved: The second part

    The ping6 part is yet unresolved. However, I solved the second part of the problem with this:

    In the hardware node where I installed Bastille, I created a script at /etc/Bastille/firewall.d/post-rule.d and included the following lines to make port 80 and 22 of the VE to give access. I also added venet+ to the public interfaces in the bastille-firewall.cfg file. The contents of the post-rule.d are:

    iptables -A FORWARD -p tcp -d 192.168.1.251 --dport 22 --syn -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.251 --dport 80 --syn -j ACCEPT
    iptables -A FORWARD -s 192.168.1.251 -j ACCEPT

    At the end I made the script executable by 'chmod +x post-rule.d'.

    I hope it helps to someone who are having similar problem like mine.
     
  5. hansbkk

    hansbkk New Member

    Solved: the first part

    From http://chihungchan.blogspot.com/2008/04/bastille-tried-to-use-globalbinping6.html

    --------------

    Explicitly define the full path of ping6 right after the package definition as shown below. Guess what, bastille runs without any error. I won't say the problem is solved, but at least I provided a workaround.
    $ cat API.pm
    ...
    ...
    package Bastille::API;
    $GLOBAL_BIN{'ping6'}="/bin/ping6";
     

Share This Page