[gentoo-user] iptables error
i get the following error when trying to add an iptables rule. /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_unregister_sockopt /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_register_sockopt /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o failed /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed iptables v1.2.8: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. gentoo root # epm -qf /usr/src/linux-2.4.22/ vanilla-sources-2.4.22 any hints ? thank you ! -- Catalin Constantin Bounce Software www.bounce-software.com -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 26 January 2004 11:28, Catalin Constantin wrote: i get the following error when trying to add an iptables rule. /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_unregister_sockopt /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_register_sockopt /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o failed /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed iptables v1.2.8: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. gentoo root # epm -qf /usr/src/linux-2.4.22/ vanilla-sources-2.4.22 any hints ? Something b0rked in your kernel compile. I'd backup your .config, make mrproper. copy back the .config and re-'make dep make bzImage make modules modules_install', copy new kernel and reboot. - -- Mike Williams -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAFPyJInuLMrk7bIwRAp6EAJ94K9uciK2R8KxqI3u42rRSNpBvbgCfaWVW gkVFoXj1CJmwHIc1DsSXbmc= =cJ17 -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error
Emerge iptables again. - Original Message - From: Catalin Constantin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 12:28 PM Subject: [gentoo-user] iptables error i get the following error when trying to add an iptables rule. /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_unregister_sockopt /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_register_sockopt /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o failed /lib/modules/2.4.22/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed iptables v1.2.8: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. gentoo root # epm -qf /usr/src/linux-2.4.22/ vanilla-sources-2.4.22 any hints ? thank you ! -- Catalin Constantin Bounce Software www.bounce-software.com -- [EMAIL PROTECTED] mailing list -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error?
Hi, ip_conntrack_tftp.o != ip_conntrack_ftp.o You need to activate the module in your kernel config. /CrPy Am Samstag, 21. Juni 2003 02:09 schrieb Jorge Almeida: On Sat, 21 Jun 2003, Norbert Kamenicky wrote: Jorge Almeida wrote: unable to load module ip_conntrack_ftp ip_nat_ftp: error registering helper for port 21 Can somebody tell me what this means? I'm using kernel 2.4.21 vanilla. Let's have look to /lib/modules/2.4.21/kernel/net/ipv4/netfilter if you have these modules ... -- [EMAIL PROTECTED] mailing list localhost root # ls /lib/modules/2.4.21/kernel/net/ipv4/netfilter arp_tables.o arptable_filter.o ip_conntrack_amanda.o ip_conntrack_irc.o ip_conntrack_tftp.o ip_nat_amanda.o ip_nat_ftp.o ip_nat_irc.o ip_nat_snmp_basic.o ip_nat_tftp.o ip_queue.o ip_tables.o ipt_DSCP.o ipt_ECN.o ipt_LOG.o ipt_MARK.o ipt_MASQUERADE.o ipt_MIRROR.o ipt_REDIRECT.o ipt_REJECT.o ipt_TCPMSS.o ipt_TOS.o ipt_ULOG.o ipt_ah.o ipt_conntrack.o ipt_dscp.o ipt_ecn.o ipt_esp.o ipt_helper.o ipt_length.o ipt_limit.o ipt_mac.o ipt_mark.o ipt_multiport.o ipt_owner.o ipt_pkttype.o ipt_state.o ipt_tcpmss.o ipt_tos.o ipt_ttl.o ipt_unclean.o iptable_filter.o iptable_mangle.o iptable_nat.o -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error?
On Sat, 21 Jun 2003, CrPy wrote: Hi, ip_conntrack_tftp.o != ip_conntrack_ftp.o You need to activate the module in your kernel config. /CrPy Well, it seems that it should be there! Maybe some option of uninformative name is missing ... localhost root # ls /lib/modules/2.4.21/kernel/net/ipv4/netfilter|grep ftp ip_conntrack_tftp.o ip_nat_ftp.o ip_nat_tftp.o localhost root # cat /usr/src/linux/.config|grep CONN CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_MATCH_CONNTRACK=m localhost root # cat /usr/src/linux/.config|grep FTP CONFIG_IP_NF_FTP=y CONFIG_IP_NF_TFTP=m CONFIG_IP_NF_NAT_FTP=m CONFIG_IP_NF_NAT_TFTP=m localhost root # ls -l /usr/src total 26844 (...) lrwxr-xr-x1 root root 12 Jun 20 21:50 linux - linux-2.4.21 (...) -- Jorge Almeida -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error?
Hi Jorge, there is no Problem, because you have it in your Kernel and not as Module. This means that shorewall fails to load it as module. You have to do one of this: 1. live with the error message. 2. configure it as module (kernel) 3. change the shorewall skript I would prefer to make it as module, to have a minimalistic kernel. /CrPy Am Samstag, 21. Juni 2003 11:45 schrieb Jorge Almeida: On Sat, 21 Jun 2003, CrPy wrote: Hi, ip_conntrack_tftp.o != ip_conntrack_ftp.o You need to activate the module in your kernel config. /CrPy Well, it seems that it should be there! Maybe some option of uninformative name is missing ... localhost root # ls /lib/modules/2.4.21/kernel/net/ipv4/netfilter|grep ftp ip_conntrack_tftp.o ip_nat_ftp.o ip_nat_tftp.o localhost root # cat /usr/src/linux/.config|grep CONN CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_MATCH_CONNTRACK=m localhost root # cat /usr/src/linux/.config|grep FTP CONFIG_IP_NF_FTP=y CONFIG_IP_NF_TFTP=m CONFIG_IP_NF_NAT_FTP=m CONFIG_IP_NF_NAT_TFTP=m localhost root # ls -l /usr/src total 26844 (...) lrwxr-xr-x1 root root 12 Jun 20 21:50 linux - linux-2.4.21 (...) -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error?
On Sat, 21 Jun 2003, CrPy wrote: Hi Jorge, there is no Problem, because you have it in your Kernel and not as Module. This means that shorewall fails to load it as module. You have to do one of this: 1. live with the error message. 2. configure it as module (kernel) 3. change the shorewall skript I would prefer to make it as module, to have a minimalistic kernel. Thanks, I think I'll live with the error message, for now! :) -- Jorge Almeida -- [EMAIL PROTECTED] mailing list
[gentoo-user] iptables error?
I installed iptables+shorewall in single workstation (cable modem, no local network, no services provided). The config files are the ones provided by the vendor Shoreline (except that I commented out the rule allowing the box to be ping'ed, the purpose of which I can't guess). The thing works (I think), but dmesg outputs, just at the end: EXT3-fs: mounted filesystem with ordered data mode. eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 41e1. ip_tables: (C) 2000-2002 Netfilter core team unable to load module ip_conntrack_ftp ip_nat_ftp: error registering helper for port 21 Can somebody tell me what this means? I'm using kernel 2.4.21 vanilla. TIA. -- Jorge Almeida -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error?
Jorge Almeida wrote: unable to load module ip_conntrack_ftp ip_nat_ftp: error registering helper for port 21 Can somebody tell me what this means? I'm using kernel 2.4.21 vanilla. Let's have look to /lib/modules/2.4.21/kernel/net/ipv4/netfilter if you have these modules ... -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error?
On Sat, 21 Jun 2003, Norbert Kamenicky wrote: Jorge Almeida wrote: unable to load module ip_conntrack_ftp ip_nat_ftp: error registering helper for port 21 Can somebody tell me what this means? I'm using kernel 2.4.21 vanilla. Let's have look to /lib/modules/2.4.21/kernel/net/ipv4/netfilter if you have these modules ... -- [EMAIL PROTECTED] mailing list localhost root # ls /lib/modules/2.4.21/kernel/net/ipv4/netfilter arp_tables.o arptable_filter.o ip_conntrack_amanda.o ip_conntrack_irc.o ip_conntrack_tftp.o ip_nat_amanda.o ip_nat_ftp.o ip_nat_irc.o ip_nat_snmp_basic.o ip_nat_tftp.o ip_queue.o ip_tables.o ipt_DSCP.o ipt_ECN.o ipt_LOG.o ipt_MARK.o ipt_MASQUERADE.o ipt_MIRROR.o ipt_REDIRECT.o ipt_REJECT.o ipt_TCPMSS.o ipt_TOS.o ipt_ULOG.o ipt_ah.o ipt_conntrack.o ipt_dscp.o ipt_ecn.o ipt_esp.o ipt_helper.o ipt_length.o ipt_limit.o ipt_mac.o ipt_mark.o ipt_multiport.o ipt_owner.o ipt_pkttype.o ipt_state.o ipt_tcpmss.o ipt_tos.o ipt_ttl.o ipt_unclean.o iptable_filter.o iptable_mangle.o iptable_nat.o -- Jorge Almeida -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error
Thank you for all your help. I found another script that works for me to replace the old one. Mark -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error
On Thursday 05 June 2003 04:22 am, Mark Fisher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 05 Jun 2003 3:08 am, Klaus D. Neumann wrote: modprobe: Can't locate module ip_tables iptables v1.2.8: can't initialize iptables table `nat': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. What did I do wrong? What happens when you type the command: insmod ip_tables bash-2.05b# insmod ip_tables insmod: ip_tables: no module by that name found Well, I didn't compile iptables as module, I think. Should I? I tend to write a bash script which contains my rules in the format you describe, the first 3 things being to load the modules, flush the old rules and set the default policies. After I'll get it to work, I'll get back to you on this one, okay? ;-) -- Best regards, Klaus -- Gentoo Linux = the better choice! -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error
On Thursday 05 June 2003 04:22 am, Mark Fisher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 05 Jun 2003 3:08 am, Klaus D. Neumann wrote: modprobe: Can't locate module ip_tables iptables v1.2.8: can't initialize iptables table `nat': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. What did I do wrong? What happens when you type the command: insmod ip_tables After recompiling my kernel, iptables as module this time, the comand gives my this: bash-2.05b# insmod ip_tables Using /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_register_sockopt_Rsmp_09a77aa2 /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_unregister_sockopt_Rsmp_7569bdc4 /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol remove_proc_entry_Rsmp_3740881b /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol proc_net_Rsmp_8ee840e3 /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol create_proc_entry_Rsmp_b28c3205 /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol irq_stat_Rsmp_fb5eda84 Any idea what that means? -- Best regards, Klaus -- Gentoo Linux = the better choice! -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 06 Jun 2003 7:12 am, Klaus D. Neumann wrote: After recompiling my kernel, iptables as module this time, the comand gives my this: bash-2.05b# insmod ip_tables Using /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_register_sockopt_Rsmp_09a77aa2 /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol nf_unregister_sockopt_Rsmp_7569bdc4 /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol remove_proc_entry_Rsmp_3740881b /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol proc_net_Rsmp_8ee840e3 /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol create_proc_entry_Rsmp_b28c3205 /lib/modules/2.4.20-gentoo-r5/kernel/net/ipv4/netfilter/ip_tables.o: unresolved symbol irq_stat_Rsmp_fb5eda84 Any idea what that means? My gut feeling is that the module didnt compile correctly, probably because of a missed-out make clean or make mrproper at the kernel compiling stage... without these lines the /urc/src/linux dir is still dirty from the last compile. Try the following: cp /usr/src/linux/.config /root cd /usr/src/linux make clean make mrproper make menuconfig [ just save and exit ... this will recreate your .config file - as the 'mrproper' stage just deleted it ;) ] cp /root/.config ./ make dep make clean bzImage modules modules_install Then copy the bzImage file to /boot, point grub at it and try again :o) HTH - -- Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+4HWCzrmqzOOQUj8RAtKrAJ9EmU+pPQd5A4LdKBas95g4DHvqXQCffBf1 cKfqr/Qwpvr4+14dFfwpprI= =dCvo -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error
On Friday 06 June 2003 04:05 am, Mark Fisher wrote: My gut feeling is that the module didnt compile correctly, probably because of a missed-out make clean or make mrproper at the kernel compiling stage... without these lines the /urc/src/linux dir is still dirty from the last compile. Try the following: cp /usr/src/linux/.config /root cd /usr/src/linux make clean make mrproper make menuconfig [ just save and exit ... this will recreate your .config file - as the 'mrproper' stage just deleted it ;) ] cp /root/.config ./ make dep make clean bzImage modules modules_install At this point I get : /usr/src/linux-2.4.20-gentoo-r5/include/linux/usb.h:1117: `usbdevfs_init' previously defined here inode.c:775: redefinition of `usbdevfs_cleanup' /usr/src/linux-2.4.20-gentoo-r5/include/linux/usb.h:1118: `usbdevfs_cleanup' previously defined here make[3]: *** [inode.o] Error 1 make[3]: Leaving directory `/usr/src/linux-2.4.20-gentoo-r5/drivers/usb' make[2]: *** [first_rule] Error 2 make[2]: Leaving directory `/usr/src/linux-2.4.20-gentoo-r5/drivers/usb' make[1]: *** [_subdir_usb] Error 2 make[1]: Leaving directory `/usr/src/linux-2.4.20-gentoo-r5/drivers' make: *** [_dir_drivers] Error 2 What is going on here? I never had a compiling error with a kernel! Hope somebody knows the amnswer to this one ... Then copy the bzImage file to /boot, point grub at it and try again :o) HTH - -- Mark -- Best regards, Klaus -- Gentoo Linux = the better choice! -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error
Got it. I had to copy back my .config before reloading it into menuconfig. My internet sharing works now. Thanks to all the help I got from this list. I really appreciate it! One last question for today: How can I make the comands: echo 1 /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE permanent, meaning executed at boot time? On Friday 06 June 2003 06:29 pm, Klaus D. Neumann wrote: On Friday 06 June 2003 04:05 am, Mark Fisher wrote: My gut feeling is that the module didnt compile correctly, probably because of a missed-out make clean or make mrproper at the kernel compiling stage... without these lines the /urc/src/linux dir is still dirty from the last compile. Try the following: cp /usr/src/linux/.config /root cd /usr/src/linux make clean make mrproper make menuconfig [ just save and exit ... this will recreate your .config file - as the 'mrproper' stage just deleted it ;) ] cp /root/.config ./ make dep make clean bzImage modules modules_install -- Best regards, Klaus -- Gentoo Linux = the better choice! -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error
One last question for today:
How can I make the comands:
echo 1 /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
permanent, meaning executed at boot time?
Copy one of the /etc/init.d scripts and make it your own. For example (here's
a quick example):
=
#!/sbin/runscript
INTERNAL = eth0
EXTERNAL = ppp0
start() {
ebegin Starting simple firewall
# This line I think only needs to be done once
# in the entire life of the system, well, until a 0
# has been echoed (which we'll do to stop)
echo 1 /proc/sys/net/ipv4/ip_forward
# Firewall code
# Clear all previous rules
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
# Allow only masq'ing on the IN and RELATED and
# ESTABLISHED from the OUT
iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
iptables -A FORWARD -j LOG
# Enable MASQ'ing
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
# Done firewall code
eend $? Failed to start simple firewall
}
stop() {
ebegin Stopping simple firewall
# Just a 0 to forwarding should do it, but we'll go a step further and go
# just to default rules
echo 0 /proc/sys/net/ipv4/ip_forward
# Clear all previous rules
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
eend $? Failed to stop simple firewall
}
=
a couple things about this script:
1) Save it in /etc/init.d/ and chmod +x it. Then use rc-update to add it to
the default runlevel (or whichever runlevel you want to run it in)
2) I'm unsure about variables in Gentoo script, so I don't know if this will
work without some hacking of INTERNAL and EXTERNAL.
3) This is the firewall I'm currently using. It looks alright, though I may
want to change the default of the internet to DROP ... how do I do that?
MIKE
--
Beware the JabberOrk
--
[EMAIL PROTECTED] mailing list
Re: [gentoo-user] iptables error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 05 Jun 2003 3:08 am, Klaus D. Neumann wrote: modprobe: Can't locate module ip_tables iptables v1.2.8: can't initialize iptables table `nat': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. What did I do wrong? What happens when you type the command: insmod ip_tables I tend to write a bash script which contains my rules in the format you describe, the first 3 things being to load the modules, flush the old rules and set the default policies. - -- Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+3ygGzrmqzOOQUj8RAtiGAJ92lUtJMXEJzgCUZIsYk3glVFI9MACfQ9hR UyCvdi0DtcBqz73Mmk6nt18= =+ZWb -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
[gentoo-user] iptables error
Hi, I emerged iptables, compiled into my kernel everything that smelled like forwarding, filtering, iptables, (no modules), and yet, when I issue: compaq root # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE I get: modprobe: Can't locate module ip_tables iptables v1.2.8: can't initialize iptables table `nat': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. What did I do wrong? -- Best regards, Klaus -- [EMAIL PROTECTED] mailing list
