Bastille on centos4 and ping6 error?

Discussion in 'HOWTO-Related Questions' started by zenny, Sep 2, 2007.

  1. zenny

    zenny New Member

    I have installed Bastille as instructed here: http://www.howtoforge.com/bastille_firewall_centos

    But at the end, it gave an error message, that reads:

    ERROR: Bastille tried to use $GLOBAL_BIN{'ping6'} but it does not exist.


    I checked whether I have ping6 (it did) and found the following:

    -rwxr-xr-x 1 root root 33272 May 3 03:15 /bin/ping
    -rwsr-xr-x 1 root root 30924 May 3 03:15 /bin/ping6
    lrwxrwxrwx 1 root root 10 Aug 17 18:00 /usr/sbin/ping6 -> /bin/ping6

    ]# locate ping6
    /bin/ping6
    /usr/sbin/ping6

    I checked all over the internet and could not find a solution. Some links that I tried are: http://answers.yahoo.com/question/index?qid=20061027135436AA9K3iI
    http://www.linuxquestions.org/questions/showthread.php?t=273817
    http://osdir.com/ml/security.bastille.general/2005-06/msg00004.html
    http://66.102.9.104/search?q=cache:... exist.&hl=en&ct=clnk&cd=1&client=iceweasel-a

    Everyone seems to have the same problem but could not locate a solution. Experts here, I am sure, might have encountered similar problem, and have overcome the problem. Please pass any suggestion. Thanks in advance.
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Is ping6 referenced somewhere in bastille-firewall.cfg?
     
  3. zenny

    zenny New Member

    Dear Falko:

    Thanks for your reply.

    1) Nowhere in the bastille-firewall.cfg is ping6 referenced!


    2) Another problem that I am encountering with centos4.4 with openvz is that after installing the bastille, I could not access the VEs from outside even after I added venet+ as public interfaces in the bastille-firewall.cfg?

    What other places that I need to tweak to get the VEs can be accessed from the internet?

    Thanks again!
     
    Last edited: Sep 4, 2007
  4. zenny

    zenny New Member

    Solved: The second part

    The ping6 part is yet unresolved. However, I solved the second part of the problem with this:

    In the hardware node where I installed Bastille, I created a script at /etc/Bastille/firewall.d/post-rule.d and included the following lines to make port 80 and 22 of the VE to give access. I also added venet+ to the public interfaces in the bastille-firewall.cfg file. The contents of the post-rule.d are:

    iptables -A FORWARD -p tcp -d 192.168.1.251 --dport 22 --syn -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.251 --dport 80 --syn -j ACCEPT
    iptables -A FORWARD -s 192.168.1.251 -j ACCEPT

    At the end I made the script executable by 'chmod +x post-rule.d'.

    I hope it helps to someone who are having similar problem like mine.
     
  5. hansbkk

    hansbkk New Member

    Solved: the first part

    From http://chihungchan.blogspot.com/2008/04/bastille-tried-to-use-globalbinping6.html

    --------------

    Explicitly define the full path of ping6 right after the package definition as shown below. Guess what, bastille runs without any error. I won't say the problem is solved, but at least I provided a workaround.
    $ cat API.pm
    ...
    ...
    package Bastille::API;
    $GLOBAL_BIN{'ping6'}="/bin/ping6";
     

Share This Page