[CentOS] Problems with 'iptables'
Hello! Sorry if this question is already asked, but I not finding answer for it... I have server with CentOS 6.4, later it will be router for home network. When I tried tune iptables I have error: [root@gateway sysconfig]# iptables -t NAT -A POSTROUTING -o eth0 -j MASQUERADE iptables v1.4.7: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. iptables 1.4.7 (latest version), custom kernel 3.8.3. from kernel.org (too latest version) How to fix this error, it's desirable without rebuild kernel? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with 'iptables'
On 03/22/2013 02:16 PM, Andrey B. Kiselev wrote: Hello! Sorry if this question is already asked, but I not finding answer for it... I have server with CentOS 6.4, later it will be router for home network. When I tried tune iptables I have error: [root@gateway sysconfig]# iptables -t NAT -A POSTROUTING -o eth0 -j MASQUERADE iptables v1.4.7: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. iptables 1.4.7 (latest version), custom kernel 3.8.3. from kernel.org (too latest version) How to fix this error, it's desirable without rebuild kernel? The NAT table is actually 'nat', not 'NAT'. Try it with the lower case and you should have better luck. -Zack ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with 'iptables'
From: Andrey B. Kiselev mr.slono...@gmail.com To: centos@centos.org Sent: Friday, March 22, 2013 11:16 AM Subject: [CentOS] Problems with 'iptables' Hello! Sorry if this question is already asked, but I not finding answer for it... I have server with CentOS 6.4, later it will be router for home network. When I tried tune iptables I have error: [root@gateway sysconfig]# iptables -t NAT -A POSTROUTING -o eth0 -j MASQUERADE iptables v1.4.7: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. iptables 1.4.7 (latest version), custom kernel 3.8.3. from kernel.org (too latest version) How to fix this error, it's desirable without rebuild kernel? ___ === Try lowercase 'nat' (instead of uppercase 'NAT'). If life gives you lemons, keep them-- because hey.. free lemons. ~heart~ Sticker fixer: http://microflush.org/stuff/stickers/heartFix.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with 'iptables'
First tried lowercase - no matter, error remains. 2013/3/22 Joseph Spenner joseph85...@yahoo.com From: Andrey B. Kiselev mr.slono...@gmail.com To: centos@centos.org Sent: Friday, March 22, 2013 11:16 AM Subject: [CentOS] Problems with 'iptables' Hello! Sorry if this question is already asked, but I not finding answer for it... I have server with CentOS 6.4, later it will be router for home network. When I tried tune iptables I have error: [root@gateway sysconfig]# iptables -t NAT -A POSTROUTING -o eth0 -j MASQUERADE iptables v1.4.7: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. iptables 1.4.7 (latest version), custom kernel 3.8.3. from kernel.org(too latest version) How to fix this error, it's desirable without rebuild kernel? ___ === Try lowercase 'nat' (instead of uppercase 'NAT'). If life gives you lemons, keep them-- because hey.. free lemons. ~heart~ Sticker fixer: http://microflush.org/stuff/stickers/heartFix.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with 'iptables'
On 03/22/2013 02:47 PM, Andrey B. Kiselev wrote: First tried lowercase - no matter, error remains. To be fair, as soon as you started recompiling your kernel, you no longer had a supported CentOS system. It starts to call into question what options you have enabled for your custom kernel build. For example, do you have NAT support either built-in to your kernel, or built as a module? -Zack 2013/3/22 Joseph Spenner joseph85...@yahoo.com From: Andrey B. Kiselev mr.slono...@gmail.com To: centos@centos.org Sent: Friday, March 22, 2013 11:16 AM Subject: [CentOS] Problems with 'iptables' Hello! Sorry if this question is already asked, but I not finding answer for it... I have server with CentOS 6.4, later it will be router for home network. When I tried tune iptables I have error: [root@gateway sysconfig]# iptables -t NAT -A POSTROUTING -o eth0 -j MASQUERADE iptables v1.4.7: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. iptables 1.4.7 (latest version), custom kernel 3.8.3. from kernel.org(too latest version) How to fix this error, it's desirable without rebuild kernel? ___ === Try lowercase 'nat' (instead of uppercase 'NAT'). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with IPTABLES recent module.
James B. Byrne wrote: On Fri, January 8, 2010 15:32, James B. Byrne wrote: I went to reload (iptables-restore) my iptables configuration and obtained an error at the COMMIT statement. No further details were provided even when I ran restore with the -v option. I ran lsmod and I do not find that ipt_recent is loaded. In fact, I don not see any ipt modules other than itp_LOG. There was a recent kernel update. Does anyone know if this had any adverse effects on loading ipt_recent? . . . ip_tables 17029 3 iptable_nat,iptable_mangle,iptable_filter ipt_LOG10049 6 ipv6 267489 23 ip6t_REJECT . . . And this does not look good either: # modprobe --first-time ipt_recent FATAL: Error inserting ipt_recent (/lib/modules/2.6.18-164.9.1.el5/kernel/net/ipv4/netfilter/ipt_recent.ko): Unknown symbol in module, or unknown parameter (see dmesg) There is no entry in /var/log/dmesg relating to this problem. fwiw, no problem here with the before-last kernel: [r...@tryo nthierry]# uname -a Linux tryo.imag.fr 2.6.18-164.9.1.el5 #1 SMP Tue Dec 15 20:57:57 EST 2009 x86_64 x86_64 x86_64 GNU/Linux [r...@tryo nthierry]# modprobe --first-time ipt_recent [r...@tryo nthierry]# lsmod | grep ipt_recent ipt_recent 42969 0 x_tables 50505 5 ipt_recent,ipt_REJECT,xt_state,xt_tcpudp,ip_tables And also no problem with the latest kernel: [after a reboot to 2.6.18-164.10.1.el5] [r...@tryo nthierry]# uname -a Linux tryo.imag.fr 2.6.18-164.10.1.el5 #1 SMP Thu Jan 7 19:54:26 EST 2010 x86_64 x86_64 x86_64 GNU/Linux [r...@tryo nthierry]# modprobe --first-time ipt_recent [r...@tryo nthierry]# lsmod ipt_recent Usage: lsmod [r...@tryo nthierry]# lsmod | grep ipt_recent ipt_recent 42969 0 x_tables 50505 5 ipt_recent,ipt_REJECT,xt_state,xt_tcpudp,ip_tables what's your kernel? did you reboot after upgrading? modprobe is trying to insert the 2.6.18-164.9.1.el5 module, but you mentioned the latest kernel upgrade (which is 164-10.1) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Problems with IPTABLES recent module.
I went to reload (iptables-restore) my iptables configuration and obtained an error at the COMMIT statement. No further details were provided even when I ran restore with the -v option. I determined that none of my backed up configuration files going back to October will load either. This is more than passing strange because I altered and uploaded the iptables configuration on this host several times in December alone. These alterations certainly applied without error at the time. Through painful trial and error (it is a fairly large configuration) I discovered that I cannot add any rule using the __recent__ module. Adding a single rule referencing that module inevitably results in a load error reported at the following COMMIT statement. An example of an actual rule that fails follows: . . . :BRUTE_FORCE - [0:0] . . . -A BRUTE_FORCE -p tcp -m tcp -m state -m recent --set -i eth0 --dport 22 --state NEW -A BRUTE_FORCE -m comment -j RETURN --comment Return to calling chain COMMIT Perhaps I am missing something obvious but as far as I can determine the rule using the recent module should simply add all traffic coming in over i/f eth0 consigned to port 22 on any ip-addr to the DEFAULT list. I do not expect it to give an error. If I remove this statement then the iptables file loads without error. An interesting thing happens if I simply add a trailing -j to the end of recent module rule above. It fails with this specific error: -c packet counter not numeric Does anyone see what I am doing wrong? Sincerely, -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with IPTABLES recent module.
Quoting James B. Byrne byrn...@harte-lyne.ca: I went to reload (iptables-restore) my iptables configuration and obtained an error at the COMMIT statement. No further details were provided even when I ran restore with the -v option. I determined that none of my backed up configuration files going back to October will load either. This is more than passing strange because I altered and uploaded the iptables configuration on this host several times in December alone. These alterations certainly applied without error at the time. Through painful trial and error (it is a fairly large configuration) I discovered that I cannot add any rule using the __recent__ module. Adding a single rule referencing that module inevitably results in a load error reported at the following COMMIT statement. An example of an actual rule that fails follows: . . . :BRUTE_FORCE - [0:0] . . . -A BRUTE_FORCE -p tcp -m tcp -m state -m recent --set -i eth0 --dport 22 --state NEW -A BRUTE_FORCE -m comment -j RETURN --comment Return to calling chain COMMIT Perhaps I am missing something obvious but as far as I can determine the rule using the recent module should simply add all traffic coming in over i/f eth0 consigned to port 22 on any ip-addr to the DEFAULT list. I do not expect it to give an error. If I remove this statement then the iptables file loads without error. An interesting thing happens if I simply add a trailing -j to the end of recent module rule above. It fails with this specific error: -c packet counter not numeric Does anyone see what I am doing wrong? I don't think you need the -m state .. From the iptables man page ... # iptables -A FORWARD -m recent --name badguy --rcheck --seconds 60 -j DROP # iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent --name badguy --set -j DROP Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with IPTABLES recent module.
On Friday 08 January 2010 15:32, James B. Byrne wrote: :BRUTE_FORCE - [0:0] . . . -A BRUTE_FORCE -p tcp -m tcp -m state -m recent --set -i eth0 --dport 22 --state NEW -A BRUTE_FORCE -m comment -j RETURN --comment Return to calling chain COMMIT Check out this TUTORIAL http://www.zoominternet.net/~lazydog/iptables-tutorial.html#RECENTMATCH -- Regards Robert Linux User #296285 http://counter.li.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with IPTABLES recent module.
On Fri, January 8, 2010 15:32, James B. Byrne wrote: I went to reload (iptables-restore) my iptables configuration and obtained an error at the COMMIT statement. No further details were provided even when I ran restore with the -v option. I ran lsmod and I do not find that ipt_recent is loaded. In fact, I don not see any ipt modules other than itp_LOG. There was a recent kernel update. Does anyone know if this had any adverse effects on loading ipt_recent? . . . ip_tables 17029 3 iptable_nat,iptable_mangle,iptable_filter ipt_LOG10049 6 ipv6 267489 23 ip6t_REJECT . . . And this does not look good either: # modprobe --first-time ipt_recent FATAL: Error inserting ipt_recent (/lib/modules/2.6.18-164.9.1.el5/kernel/net/ipv4/netfilter/ipt_recent.ko): Unknown symbol in module, or unknown parameter (see dmesg) There is no entry in /var/log/dmesg relating to this problem. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with IPTABLES recent module.
Check out this TUTORIAL http://www.zoominternet.net/~lazydog/iptables- tutorial.html#RECENTMATCH I do not seem to be making myself clear. I do not need a tutorial on how to use the recent module of iptables. The recent module itself seems not to be available on this particular host anymore. There seems a problem with the module itself and it will not load even if I try to do this manually using modprobe. I will revert to the previous kernel as soon as I can and see if the problem disappears, as I think likely. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
