[gentoo-user] Can't get iptables to work on AMD64, 2.6.12-gentoo-r10

[gentoo-user] Can't get iptables to work on AMD64, 2.6.12-gentoo-r10

[Michael Kjorling]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My system is AMD64, Linux 2.6.12-gentoo-r10 (from gentoo-sources),
iptables 1.3.2 and generally up-to-date. I can't seem to get iptables
to work. Netfilter support is compiled into the kernel (compiling it
as a module and loading that gave the same result), as evidenced by:

$ zgrep -i iptables /proc/config.gz
CONFIG_IP_NF_IPTABLES=y
$ 

but iptables refuses to run:

# iptables -L -n
FATAL: Module ip_tables not found.
iptables v1.3.2: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
# 

`iptables -X filter' gives me the same error message.

Any suggestions as for how to get packet filtering working (including
kernel configuration options to try) would be greatly appreciated.

- -- 
Michael Kjörling, michael@kjorling.com - http://michael.kjorling.com/
* ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments *
* ..... No bird soars too high if he soars with his own wings ..... *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDNcQzdY+HSb3praYRAmkVAJ4+l7uFwHsfQc5McejmrljuSLoWlwCgnjQP
eXGRvHKghiIcqXZephmOvn0=
=4Iep
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can't get iptables to work on AMD64, 2.6.12-gentoo-r10

[A. Khattri]

On Sat, 24 Sep 2005, Michael Kjorling wrote:

> My system is AMD64, Linux 2.6.12-gentoo-r10 (from gentoo-sources),
> iptables 1.3.2 and generally up-to-date. I can't seem to get iptables
> to work. Netfilter support is compiled into the kernel (compiling it
> as a module and loading that gave the same result), as evidenced by:
>
> $ zgrep -i iptables /proc/config.gz
> CONFIG_IP_NF_IPTABLES=y
> $
>
> but iptables refuses to run:
>
> # iptables -L -n
> FATAL: Module ip_tables not found.
> iptables v1.3.2: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.

If you run "dmesg | grep filter" do you see:

ip_tables: (C) 2000-2002 Netfilter core team

???

Can we assume you did "make modules_install" when building the current
kernel?

Did you run "emerge iptables" (Im assuming yes) ?

Do you have any IP tables modules too? ("grep IP_NF_
/usr/src/linx/.config" should tell you).


-- 

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can't get iptables to work on AMD64, 2.6.12-gentoo-r10

[Rumen Yotov]

[-- Attachment #1: Type: text/plain, Size: 2045 bytes --]

On Sat, 24 Sep 2005 21:25:07 +0000
Michael Kjorling <michael@kjorling.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> My system is AMD64, Linux 2.6.12-gentoo-r10 (from gentoo-sources),
> iptables 1.3.2 and generally up-to-date. I can't seem to get iptables
> to work. Netfilter support is compiled into the kernel (compiling it
> as a module and loading that gave the same result), as evidenced by:
> 
> $ zgrep -i iptables /proc/config.gz
> CONFIG_IP_NF_IPTABLES=y
> $ 
> 
> but iptables refuses to run:
> 
> # iptables -L -n
> FATAL: Module ip_tables not found.
> iptables v1.3.2: can't initialize iptables table `filter': Table does
> not exist (do you need to insmod?) Perhaps iptables or your kernel
> needs to be upgraded. # 
> 
> `iptables -X filter' gives me the same error message.
> 
> Any suggestions as for how to get packet filtering working (including
> kernel configuration options to try) would be greatly appreciated.
> 
> - -- 
> Michael Kjörling, michael@kjorling.com - http://michael.kjorling.com/
> * ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments *
> * ..... No bird soars too high if he soars with his own wings ..... *
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> 
> iD8DBQFDNcQzdY+HSb3praYRAmkVAJ4+l7uFwHsfQc5McejmrljuSLoWlwCgnjQP
> eXGRvHKghiIcqXZephmOvn0=
> =4Iep
> -----END PGP SIGNATURE-----
Hi,
Not very much info i'm afraid, but a working solution.
Choose to use shorewall and in their site-docs (pdf including) there is
a graphical example of kernel config to use with shorewall.
As their's intentions are for shorewall to be mostly used for quite
everything with iptables, it has IIRC quite all options turned ON under
iptables. Use this for some 2,5 years (with very small changes).
Think you can also check the iptables site/docs (Google too).
There was some site (easyiptables/easyfirewall) with a web-page menu
driven config, don't know about kernel-config (check this ML archives).
HTH. Rumen

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

FIXED: [gentoo-user] Can't get iptables to work on AMD64, 2.6.12-gentoo-r10

[Michael Kjorling]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2005-09-25 02:19 -0400, ajai@bway.net wrote:
> Do you have any IP tables modules too? ("grep IP_NF_
> /usr/src/linx/.config" should tell you).

That's it. Buried among those dozens of lines I found the clue I was
looking for: CONFIG_IP_NF_FILTER not being set.

	$ zgrep IP_NF_ /proc/config.gz 
	...
	# CONFIG_IP_NF_FILTER is not set
	...
	$

I just recompiled my kernel with it set and iptables now seems to
work. Now to see if I can get a decent rule-set set up, but at least
that is a different problem.

Thanks!

- -- 
Michael Kjörling, michael@kjorling.com - http://michael.kjorling.com/
* ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments *
* ..... No bird soars too high if he soars with his own wings ..... *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDNoZ9dY+HSb3praYRAkpHAJ94iG8bR94jxlWj/qQQ5KyzdrNhVgCfVOMH
1ITej41mT2ZEU9fPTd1B1aY=
=kWaR
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list