netfilter broken witn 2.6.16 kernel?

binro

I just built gentoo-sources-2.6.16 with the latest suspend2 patch applied. When I booted I got an error when iptables was started:

radfoj · Posted: Thu Mar 23, 2006 3:21 pm Post subject:

Hi,

go to "Core Netfilter Configuration" and enable there "Netfilter Xtables Support" (its required for iptables support). There were some changes in 2.6.16 I guess, postmerge info about it would be nice.

binro · Posted: Thu Mar 23, 2006 3:39 pm Post subject:

OK, that fixed the problem, thanks! The explanatory text for Netlink could be a bit clearer, like "You really need this"...
_________________
"Ship me somewheres east of Suez, where the best is like the worst,
Where there ain't no Ten Commandments an' a man can raise a thirst"
from "Mandalay" by Rudyard Kipling

DerRalf · n00b Joined: 13 Dec 2003 Posts: 34 Location: Bay Area, CA

Thanks, this is good to know. I ran into the same problem.

luche21 · n00b Joined: 18 Aug 2005 Posts: 20 Location: Milwaukee, WI

k, i'm seeing the same thing here... i've compiled in everything i see available, directly to the kernel... i don't load modules... i've got:
Network packet filtering
Network packet filtering debugging
Netfilter Xtables support
conntrack
Connection tracking
IP tables support

all compiled into the kernel...

dmesg shows on boot:
euclid linux # dmesg | grep tables
TCP: Hash tables configured (established 131072 bind 65536)
ip_tables: (C) 2000-2006 Netfilter Core Team

now i emerged iptables fine i've got an iptables list of chains already... so i can use iptables-restore, then... nothing... still gets this

euclid linux # iptables-restore /etc/iptables
FATAL: Module ip_tables not found.
iptables-restore v1.3.5: iptables-restore: unable to initializetable 'filter'

Error occurred at line: 3
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

also, when trying to list the available chains (which should be none currently)
euclid linux # iptables -L
FATAL: Module ip_tables not found.
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

ideas anyone?... haven't found anything besides this post about the 2.6.16 kernel and iptables... and haven't come across anything on netfilter.org yet...
someone help please!

pumpichank · Tux's lil' helper Joined: 28 Jul 2005 Posts: 81

I had very similar problems, but if you're diligent with genkernel, you can eventually get all the appropriate modules enabled so that your old iptables configs will work again. There's no magic other than just trial and error.

rishi · n00b Joined: 11 Sep 2005 Posts: 56 Location: Australia

Hi there,

This one got me too!

I notice there are now heaps of new options in the kernel config relating to iptables...

Which ones do I need to set to get full / proper iptables functionality like before? :?:

I've looked through all the new options and there are many I don't understand.

Thanks!
_________________
--
Rishi
Melbourne, Australia.

swimmer · Posted: Wed Apr 26, 2006 10:31 am Post subject:

This is how my .config looks like:

dj_farid · l33t Joined: 14 Jun 2004 Posts: 613

I've upgraded my kernel from some four months old kernel to the vanilla-sources-2.6.19. I had a working iptables config with the old kernel.
After installing the new kernel, I had my first reboot of the server for four months...

I am having the same problem as this thread describes. So I rebooted with the old kernel and got iptables working.

I don't have module support compiled into my kernel. Everything is compiled in.
Does anyone figure out, what is need needed in the new kernels to get netfilter working with the old iptables configs?

PS.
After the reboot I get "Connection refused" when I try to ssh into the server. Don't know why yet.
The monitor that I have for the server is a TFT that works for only 6 minutes before the picture either goes black or scrambled

Instead of dragging my 19" monitor in to the small closet with a lot of junk on the other side of my apartment, I am hoping to get the new kernel working within 6 minutes with your help

AndiZed · Posted: Fri Jun 16, 2006 11:48 am Post subject:

i had similar problems with iptables and the 2.6.16 kernel.

i finally got it working again by using the following settings. maybe you wont need all these options, but i was too lazy to find out which i dont really need :-)

:

-> Networking -> Networking Options -> Network Packet Filtering -> Core Netfilter Configuration
[*] .. Everything except "Netfilter netlink interface"

-> Networking -> Networking Options -> Network Packet Filtering -> IP: Netfilter Configuration
[*] Connection tracking (required for masq/NAT)
[*] IP tables support (required for filtering/masq/NAT) and all Sub-Options!

dj_farid · l33t Joined: 14 Jun 2004 Posts: 613

Thanks AndiZed, that did the trick!

rizzurant · Posted: Wed Aug 09, 2006 12:15 am Post subject:

OMG,
severeal times i change kernel, but netfilter dont want to start
i use 2.6.16-gentoo-r3

let me try before :mrgreen:

donjames · Posted: Wed Oct 18, 2006 4:45 am Post subject: iptables not working with nat

Hi Andized,

I tried what you suggested with the kernel configuration.

Now nat works.

Thanks for the help.

Sincerely,

Don James
Henderson, TX USA