ebuild for 西厢计划（west-chamber)

viogus

Post by danielliu;2074955
sudo FEATURES="-sandbox" emerge west-chamber -av
结果也不行：

发你的emerge --info上来看看

viogus

Post by Mie;2074969
突然发现这个好像还不支持局域网..郁闷了...我是校园网阿...

我在路由器后可以用，lan应该没问题，校园网就没条件测试了，哈哈

viogus

Post by kwindva;2074970
bzcat YOUTUBE.bz2 | ipset -R
FATAL: Module ip_set not found.
ipset v4.2: Couldn't verify kernel module version!

这个是什么问题呢？

应该是你没编译进kernel module support

pjq

重新编译了两次内核，终于可以正常启用iptables ,
但还是不能上youtube.com

从下面可以看出，已经正常启用了iptables。

2. gentoo-pjq examples # iptables -L
3. Chain INPUT (policy ACCEPT)
4. target     prot opt source               destination         
5. ZHANG      tcp  --  anywhere             anywhere            tcp spt:http flags:FIN,SYN,RST,ACK/SYN,ACK state ESTABLISHED match-set NOCLIP src
6. LOG        tcp  --  anywhere             anywhere            tcp spt:http state ESTABLISHED gfw LOG level info prefix `gfw: '
7. DROP       udp  --  anywhere             anywhere            udp spt:domain state ESTABLISHED gfw
9. Chain FORWARD (policy ACCEPT)
10. target     prot opt source               destination         
12. Chain OUTPUT (policy ACCEPT)
13. target     prot opt source               destination         
14. gentoo-pjq examples #

复制代码

从/var/log/message中可以看到相关log,我试过刷youtube.com和facebook.com的时候，就会刷新log.

2. ar 12 21:54:01 localhost kernel: [  870.407387] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.146.25 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=1844 DF PROTO=TCP SPT=80 DPT=40578 WINDOW=771 RES=0x00 ACK RST URGP=0
3. Mar 12 21:54:05 localhost kernel: [  873.641274] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.146.25 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=65 ID=60778 DF PROTO=TCP SPT=80 DPT=40579 WINDOW=25 RES=0x00 ACK RST URGP=0
4. Mar 12 21:54:05 localhost kernel: [  873.643237] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.146.25 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=65 ID=60778 DF PROTO=TCP SPT=80 DPT=40579 WINDOW=25 RES=0x00 ACK RST URGP=0
5. Mar 12 21:54:05 localhost kernel: [  873.643372] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.146.25 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=65 ID=60778 DF PROTO=TCP SPT=80 DPT=40579 WINDOW=25 RES=0x00 ACK RST URGP=0
6. Mar 12 21:54:05 localhost kernel: [  873.643534] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.146.25 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64 PROTO=TCP SPT=80 DPT=40579 WINDOW=25735 RES=0x00 RST URGP=0
7. Mar 12 21:54:06 localhost kernel: [  874.981351] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64 PROTO=TCP SPT=80 DPT=55880 WINDOW=22225 RES=0x00 RST URGP=0
8. Mar 12 21:54:06 localhost kernel: [  874.981481] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=47190 DF PROTO=TCP SPT=80 DPT=55880 WINDOW=197 RES=0x00 ACK RST URGP=0
9. Mar 12 21:54:06 localhost kernel: [  874.983318] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=47190 DF PROTO=TCP SPT=80 DPT=55880 WINDOW=197 RES=0x00 ACK RST URGP=0
10. Mar 12 21:54:06 localhost kernel: [  874.983455] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=47190 DF PROTO=TCP SPT=80 DPT=55880 WINDOW=197 RES=0x00 ACK RST URGP=0
11. Mar 12 21:54:07 localhost kernel: [  876.139776] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64 PROTO=TCP SPT=80 DPT=55881 WINDOW=18868 RES=0x00 RST URGP=0
12. Mar 12 21:54:07 localhost kernel: [  876.140049] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=68 ID=25149 DF PROTO=TCP SPT=80 DPT=55881 WINDOW=476 RES=0x00 ACK RST URGP=0
13. Mar 12 21:54:07 localhost kernel: [  876.140272] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=68 ID=25149 DF PROTO=TCP SPT=80 DPT=55881 WINDOW=476 RES=0x00 ACK RST URGP=0
14. Mar 12 21:54:07 localhost kernel: [  876.140436] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=68 ID=25149 DF PROTO=TCP SPT=80 DPT=55881 WINDOW=476 RES=0x00 ACK RST URGP=0
15. Mar 12 21:54:15 localhost kernel: [  883.825748] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=15353 DF PROTO=TCP SPT=80 DPT=55882 WINDOW=600 RES=0x00 ACK RST URGP=0
16. Mar 12 21:54:15 localhost kernel: [  883.825881] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=15353 DF PROTO=TCP SPT=80 DPT=55882 WINDOW=600 RES=0x00 ACK RST URGP=0
17. Mar 12 21:54:15 localhost kernel: [  883.826045] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=15353 DF PROTO=TCP SPT=80 DPT=55882 WINDOW=600 RES=0x00 ACK RST URGP=0
18. Mar 12 21:54:15 localhost kernel: [  883.827646] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=66.220.145.13 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64 PROTO=TCP SPT=80 DPT=55882 WINDOW=10435 RES=0x00 RST URGP=0
19. Mar 12 21:54:17 localhost kernel: [  885.719980] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64 PROTO=TCP SPT=80 DPT=48143 WINDOW=31252 RES=0x00 RST URGP=0
20. Mar 12 21:54:17 localhost kernel: [  885.721914] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=26808 DF PROTO=TCP SPT=80 DPT=48143 WINDOW=455 RES=0x00 ACK RST URGP=0
21. Mar 12 21:54:17 localhost kernel: [  885.727769] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=26650 DF PROTO=TCP SPT=80 DPT=48143 WINDOW=457 RES=0x00 ACK RST URGP=0
22. Mar 12 21:54:17 localhost kernel: [  885.729722] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64 PROTO=TCP SPT=80 DPT=48143 WINDOW=16627 RES=0x00 RST URGP=0
23. Mar 12 21:54:18 localhost kernel: [  886.907824] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64 PROTO=TCP SPT=80 DPT=48144 WINDOW=11326 RES=0x00 RST URGP=0
24. Mar 12 21:54:18 localhost kernel: [  886.909774] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=67 ID=65484 DF PROTO=TCP SPT=80 DPT=48144 WINDOW=795 RES=0x00 ACK RST URGP=0
25. Mar 12 21:54:18 localhost kernel: [  886.913793] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64 PROTO=TCP SPT=80 DPT=48144 WINDOW=17455 RES=0x00 RST URGP=0
26. Mar 12 21:54:18 localhost kernel: [  886.915776] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=41 ID=62674 DF PROTO=TCP SPT=80 DPT=48144 WINDOW=1 RES=0x00 ACK RST URGP=0
27. Mar 12 21:54:19 localhost kernel: [  887.799886] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64 PROTO=TCP SPT=80 DPT=48145 WINDOW=1660 RES=0x00 RST URGP=0
28. Mar 12 21:54:19 localhost kernel: [  887.800573] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=90 ID=13299 DF PROTO=TCP SPT=80 DPT=48145 WINDOW=626 RES=0x00 ACK RST URGP=0
29. Mar 12 21:54:19 localhost kernel: [  887.809859] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=92 ID=13141 DF PROTO=TCP SPT=80 DPT=48145 WINDOW=628 RES=0x00 ACK RST URGP=0
30. Mar 12 21:54:19 localhost kernel: [  887.810030] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=72.14.203.138 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64 PROTO=TCP SPT=80 DPT=48145 WINDOW=13333 RES=0x00 RST URGP=0
31. Mar 12 21:54:20 localhost kernel: [  889.305938] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=64 PROTO=TCP SPT=80 DPT=39338 WINDOW=31342 RES=0x00 RST URGP=0
32. Mar 12 21:54:20 localhost kernel: [  889.357987] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=93 ID=2950 DF PROTO=TCP SPT=80 DPT=39338 WINDOW=757 RES=0x00 ACK RST URGP=0
33. Mar 12 21:54:20 localhost kernel: [  889.358123] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=93 ID=2950 DF PROTO=TCP SPT=80 DPT=39338 WINDOW=757 RES=0x00 ACK RST URGP=0
34. Mar 12 21:54:20 localhost kernel: [  889.361074] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=93 ID=2950 DF PROTO=TCP SPT=80 DPT=39338 WINDOW=757 RES=0x00 ACK RST URGP=0
35. Mar 12 21:54:21 localhost kernel: [  889.579920] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=64 PROTO=TCP SPT=80 DPT=39338 WINDOW=23836 RES=0x00 RST URGP=0
36. Mar 12 21:54:21 localhost kernel: [  889.633952] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=98 ID=2555 DF PROTO=TCP SPT=80 DPT=39338 WINDOW=762 RES=0x00 ACK RST URGP=0
37. Mar 12 21:54:21 localhost kernel: [  889.658574] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=64 PROTO=TCP SPT=80 DPT=39338 WINDOW=16780 RES=0x00 RST URGP=0
38. Mar 12 21:54:21 localhost kernel: [  889.660272] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=64 PROTO=TCP SPT=80 DPT=39338 WINDOW=3298 RES=0x00 RST URGP=0
39. Mar 12 21:54:21 localhost kernel: [  889.660429] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=64 PROTO=TCP SPT=80 DPT=39338 WINDOW=10426 RES=0x00 RST URGP=0
40. Mar 12 21:54:21 localhost kernel: [  889.660592] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=64 PROTO=TCP SPT=80 DPT=39338 WINDOW=25771 RES=0x00 RST URGP=0
41. Mar 12 21:54:21 localhost kernel: [  889.705985] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=100 ID=2397 DF PROTO=TCP SPT=80 DPT=39338 WINDOW=764 RES=0x00 ACK RST URGP=0
42. Mar 12 21:54:21 localhost kernel: [  889.706136] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=102 ID=2239 DF PROTO=TCP SPT=80 DPT=39338 WINDOW=766 RES=0x00 ACK RST URGP=0
43. Mar 12 21:54:21 localhost kernel: [  889.706299] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=40 ID=2081 DF PROTO=TCP SPT=80 DPT=39338 WINDOW=768 RES=0x00 ACK RST URGP=0
44. Mar 12 21:54:21 localhost kernel: [  889.707904] gfw: IN=eth0 OUT= MAC=00:e0:4d:1b:76:9c:00:1b:11:a6:7f:bc:08:00 SRC=69.63.181.15 DST=192.168.0.160 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=1923 DF PROTO=TCP SPT=80 DPT=39338 WINDOW=770 RES=0x00 ACK RST URGP=0

复制代码

viogus

Post by xcxxb;2074961
這幾個分別對應什麽模塊？我好手動加載之。

@xcxxb
kernel里开启自动加载模块，应该不用手动modprobe的。

Post by pjq;2074967
我有截了几张图，你可以看看，也不到正不正确：
下图是：NETFILTER_XT_MATCH_STATE
http://www.flickr.com/photos/pengjianqing/4426415799/#preview

@pjq
看了下，没错，可以先编译成模块测试，没问题的话再编译进内核

viogus

Post by pjq;2074982
重新编译了两次内核，终于可以正常启用iptables ,
但还是不能上youtube.com

从下面可以看出，已经正常启用了iptables。

1. 
   
2. gentoo-pjq examples # iptables -L
   
3. Chain INPUT (policy ACCEPT)
   
4. target     prot opt source               destination         
   
5. ZHANG      tcp  --  anywhere             anywhere            tcp spt:http flags:FIN,SYN,RST,ACK/SYN,ACK state ESTABLISHED match-set NOCLIP src
   
6. LOG        tcp  --  anywhere             anywhere            tcp spt:http state ESTABLISHED gfw LOG level info prefix `gfw: '
   
7. DROP       udp  --  anywhere             anywhere            udp spt:domain state ESTABLISHED gfw
   
8. 
   
9. Chain FORWARD (policy ACCEPT)
   
10. target     prot opt source               destination         
    
11. 
    
12. Chain OUTPUT (policy ACCEPT)
    
13. target     prot opt source               destination         
    
14. gentoo-pjq examples #
    
15. 
    

复制代码

从/var/log/message中可以看到相关log,我试过刷youtube.com和facebook.com的时候，就会刷新log.

try this，再不行就删掉wiki上三条语句里的第二句，换成这句看看。

iptables -I INPUT -p tcp --sport 80 -m state --state ESTABLISHED -m gfw -j DROP

Hosanna

AMD64 安装成功，可是运行到下面这一步时出现错误：

1. sudo iptables -A INPUT -p tcp --sport 80 --tcp-flags FIN,SYN,RST,ACK SYN,ACK -m state --state ESTABLISHED -m set --match-set NOCLIP src -j ZHANG

复制代码

iptables v1.4.7: Couldn't load target `ZHANG':/lib64/xtables/libipt_ZHANG.so: cannot open shared object file: No such file or directory

Mie

Post by viogus;2074977
我在路由器后可以用，lan应该没问题，校园网就没条件测试了，哈哈

在路由器后支持??看来我要试试了~~
坐等32位的出来~~~呵呵~~

pjq

Post by viogus;2074986
try this，再不行就删掉wiki上三条语句里的第二句，换成这句看看。

iptables -I INPUT -p tcp --sport 80 -m state --state ESTABLISHED -m gfw -j DROP

谢谢，添加这句之后iptables -I INPUT -p tcp --sport 80 -m state --state ESTABLISHED -m gfw -j DROP
可以上facebook.com了，但youtube.com还是上不去，我想能上facebook就表示成功了吧。

独钓寒江雪

Kernel 2.6.33编译出错。
* CPV:  net-firewall/west-chamber-0.0.1
* REPO: gentoo-china
* USE:  elibc_glibc kernel_linux userland_GNU x86
* Determining the location of the kernel source code
* Found kernel source directory:
*     /usr/src/linux
* Found kernel object directory:
*     /lib/modules/2.6.33-gentoo/build
* Found sources for kernel version:
*     2.6.33-gentoo
* Checking for suitable kernel configuration options...
*   CONFIG_NF_CONNTRACK_MARK:         is not set when it should be.
我在2.6.33里面就没有找到NF_CONNTRACK_MARK这个选项。有同样问题的老兄没，指导下~~