Bastille on centos4 and ping6 error?

Discussion in 'HOWTO-Related Questions' started by zenny, Sep 2, 2007.

  1. zenny

    zenny Member

    I have installed Bastille as instructed here:

    But at the end, it gave an error message, that reads:

    ERROR: Bastille tried to use $GLOBAL_BIN{'ping6'} but it does not exist.

    I checked whether I have ping6 (it did) and found the following:

    -rwxr-xr-x 1 root root 33272 May 3 03:15 /bin/ping
    -rwsr-xr-x 1 root root 30924 May 3 03:15 /bin/ping6
    lrwxrwxrwx 1 root root 10 Aug 17 18:00 /usr/sbin/ping6 -> /bin/ping6

    ]# locate ping6

    I checked all over the internet and could not find a solution. Some links that I tried are:

    Everyone seems to have the same problem but could not locate a solution. Experts here, I am sure, might have encountered similar problem, and have overcome the problem. Please pass any suggestion. Thanks in advance.
  2. falko

    falko Super Moderator ISPConfig Developer

    Is ping6 referenced somewhere in bastille-firewall.cfg?
  3. zenny

    zenny Member

    Dear Falko:

    Thanks for your reply.

    1) Nowhere in the bastille-firewall.cfg is ping6 referenced!

    2) Another problem that I am encountering with centos4.4 with openvz is that after installing the bastille, I could not access the VEs from outside even after I added venet+ as public interfaces in the bastille-firewall.cfg?

    What other places that I need to tweak to get the VEs can be accessed from the internet?

    Thanks again!
    Last edited: Sep 4, 2007
  4. zenny

    zenny Member

    Solved: The second part

    The ping6 part is yet unresolved. However, I solved the second part of the problem with this:

    In the hardware node where I installed Bastille, I created a script at /etc/Bastille/firewall.d/post-rule.d and included the following lines to make port 80 and 22 of the VE to give access. I also added venet+ to the public interfaces in the bastille-firewall.cfg file. The contents of the post-rule.d are:

    iptables -A FORWARD -p tcp -d --dport 22 --syn -j ACCEPT
    iptables -A FORWARD -p tcp -d --dport 80 --syn -j ACCEPT
    iptables -A FORWARD -s -j ACCEPT

    At the end I made the script executable by 'chmod +x post-rule.d'.

    I hope it helps to someone who are having similar problem like mine.
  5. hansbkk

    hansbkk New Member

    Solved: the first part



    Explicitly define the full path of ping6 right after the package definition as shown below. Guess what, bastille runs without any error. I won't say the problem is solved, but at least I provided a workaround.
    $ cat
    package Bastille::API;

Share This Page