| View previous topic :: View next topic |
| Author |
Message |
OldManRiver
Tux's lil' helper
Joined: 17 Jan 2007
Posts: 79
|
 Posted: Fri Aug 17, 2007 2:50 pm Post subject: Router Install - Following HOWTO, but getting errors |
 |
|
All,
Following the HOWTO at: http://www.gentoo.org/doc/en/home-router-howto.xml
Took all the iptables commands and put them into a script: | Code: | #! /bin/bash
set -x
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
export LAN=eth0
export WAN1=eth1
export WAN2=eth2
#export WAN=eth3
iptables -I INPUT 1 -i ${LAN} -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT
iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT
iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT
iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
iptables -I FORWARD -i ${LAN} -d 192.168.5.0/255.255.0.0 -j DROP
iptables -A FORWARD -i ${LAN} -s 192.168.5.0/255.255.0.0 -j ACCEPT
iptables -A FORWARD -i ${WAN1} -d 192.168.5.0/255.255.0.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ${WAN1} -j MASQUERADE
iptables -A FORWARD -i ${WAN2} -d 192.168.5.0/255.255.0.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ${WAN2} -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
/etc/init.d/iptables save
rc-update add iptables default
gedit /etc/sysctl.conf
# Add/Uncomment the following lines:
# net.ipv4.ip_forward = 1
# net.ipv4.conf.default.rp_filter = 1
# net.ipv4.ip_dynaddr = 1
#Forward port 2 to ssh on an internal host
# iptables -t nat -A PREROUTING -p tcp --dport 2 -i ${WAN} -j DNAT --to 192.168.0.2:22
#FTP forwarding to an internal host
# iptables -t nat -A PREROUTING -p tcp --dport 21 -i ${WAN} -j DNAT --to 192.168.0.56
HTTP forwarding to an internal host
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i ${WAN} -j DNAT --to 192.168.0.56
#VNC forwarding for internal hosts
# iptables -t nat -I PREROUTING -p tcp --dport 5900 -i ${WAN} -j DNAT --to 192.168.0.2
# iptables -t nat -I PREROUTING -p tcp --dport 5901 -i ${WAN} -j DNAT --to 192.168.0.3:5900
#If you want to VNC in to 192.168.0.3, then just add ':1' to the router's hostname
#SAMBA forwarding to an internal host (excess ports to cover Windows)
# iptables -t nat -I PREROUTING -p tcp --dport 135 -i ${WAN} -j DNAT --to 192.168.0.2
# iptables -t nat -I PREROUTING -p tcp --dport 139 -i ${WAN} -j DNAT --to 192.168.0.2
# iptables -t nat -I PREROUTING -p tcp --dport 445 -i ${WAN} -j DNAT --to 192.168.0.2
# iptables -t nat -I PREROUTING -p udp --dport 137:138 -i ${WAN} -j DNAT --to 192.168.0.2
# iptables -t nat -I PREROUTING -p udp --dport 445 -i ${WAN} -j DNAT --to 192.168.0.2
#Bittorrent forwarding
# iptables -t nat -A PREROUTING -p tcp --dport 6881:6889 -i ${WAN} -j DNAT --to 192.168.0.2
#eDonkey/eMule forwarding
# iptables -t nat -A PREROUTING -p tcp --dport 4662 -i ${WAN} -j DNAT --to 192.168.0.55
#Game Cube Warp Pipe support
# iptables -t nat -A PREROUTING -p udp --dport 4000 -i ${WAN} -j DNAT --to 192.168.0.56
#Playstation 2 Online support
# iptables -t nat -A PREROUTING -p tcp --dport 10070:10080 -i ${WAN} -j DNAT --to 192.168.0.11
# iptables -t nat -A PREROUTING -p udp --dport 10070:10080 -i ${WAN} -j DNAT --to 192.168.0.11
#Xbox Live
# iptables -t nat -A PREROUTING -p tcp --dport 3074 -i ${WAN} -j DNAT --to 192.168.0.69
# iptables -t nat -A PREROUTING -p udp --dport 3074 -i ${WAN} -j DNAT --to 192.168.0.69
# iptables -t nat -A PREROUTING -p udp --dport 88 -i ${WAN} -j DNAT --to 192.168.0.69 |
Executing the script I get the following error, that I do not know how to resolve (saw nothing in howto on this): | Code: | gen_nyle ~ # bash set_iptables.sh
+ iptables -F
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -t nat -F
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -P INPUT ACCEPT
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -P OUTPUT ACCEPT
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -P FORWARD DROP
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ export LAN=eth0
+ LAN=eth0
+ export WAN1=eth1
+ WAN1=eth1
+ export WAN2=eth2
+ WAN2=eth2
+ iptables -I INPUT 1 -i eth0 -j ACCEPT
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -I INPUT 1 -i lo -j ACCEPT
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -A INPUT -p UDP --dport bootps -i '!' eth0 -j REJECT
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -A INPUT -p UDP --dport domain -i '!' eth0 -j REJECT
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -A INPUT -p TCP --dport ssh -i -j ACCEPT
Warning: wierd character in interface `-j' (No aliases, :, ! or *).
Bad argument `ACCEPT'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -A INPUT -p TCP -i '!' eth0 -d 0/0 --dport 0:1023 -j DROP
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -A INPUT -p UDP -i '!' eth0 -d 0/0 --dport 0:1023 -j DROP
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -I FORWARD -i eth0 -d 192.168.5.0/255.255.0.0 -j DROP
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -A FORWARD -i eth0 -s 192.168.5.0/255.255.0.0 -j ACCEPT
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -A FORWARD -i eth1 -d 192.168.5.0/255.255.0.0 -j ACCEPT
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -A FORWARD -i eth2 -d 192.168.5.0/255.255.0.0 -j ACCEPT
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ echo 1
+ for f in '/proc/sys/net/ipv4/conf/*/rp_filter'
+ echo 1
+ for f in '/proc/sys/net/ipv4/conf/*/rp_filter'
+ echo 1
+ for f in '/proc/sys/net/ipv4/conf/*/rp_filter'
+ echo 1
+ for f in '/proc/sys/net/ipv4/conf/*/rp_filter'
+ echo 1
+ /etc/init.d/iptables save
* Saving iptables state ... [ !! ]
+ rc-update add iptables default
* iptables already installed in runlevel 'default'; skipping
+ gedit /etc/sysctl.conf
+ HTTP forwarding to an internal host
set_iptables.sh: line 49: HTTP: command not found |
What do I do to fix my errors?
Thanks!
OMR |
|
| Back to top |
|
 |
di1bert
l33t
Joined: 16 May 2002
Posts: 963
Location: Durban, South Africa
|
| Posted: Fri Aug 17, 2007 2:58 pm Post subject: |
|
|
Not really going to help you fix your problem but I'd install
Shorewall instead of using a firewall script.
There is so much you can do with Shorewall and it makes things
like traffic shaping and advanced routing really easy.
-m |
|
| Back to top |
|
|
cyrillic
Watchman
Joined: 19 Feb 2003
Posts: 7301
Location: Groton, Massachusetts USA
|
| Posted: Fri Aug 17, 2007 4:46 pm Post subject: |
|
|
Did you compile your own kernel ?
It looks like you are missing the stuff for iptables to work. |
|
| Back to top |
|
|
nixnut
Administrator
Joined: 09 Apr 2004
Posts: 10914
Location: the dutch mountains
|
| Posted: Fri Aug 17, 2007 5:14 pm Post subject: |
|
|
Moved from Installing Gentoo to Networking & Security.
Networking stuff, so moved here.
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered
talk is cheap. supply exceeds demand |
|
| Back to top |
|
|
OldManRiver
Tux's lil' helper
Joined: 17 Jan 2007
Posts: 79
|
| Posted: Mon Aug 20, 2007 7:18 pm Post subject: Deciphering the Error! |
|
|
All,
| Quote: | + iptables -F iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. |
So the part I do not understand is the Table does not exist (do you need to insmod?) part. What Table is it talking about? Is there a missing file I need to create and/or insert something into?
Also are there any other HOWTOs on this subject where I can compare notes and maybe get a hint?
Thanks much!!
OMR |
|
| Back to top |
|
|
cyrillic
Watchman
Joined: 19 Feb 2003
Posts: 7301
Location: Groton, Massachusetts USA
|
| Posted: Mon Aug 20, 2007 7:57 pm Post subject: Re: Deciphering the Error! |
|
|
| OldManRiver wrote: | | So the part I do not understand is the Table does not exist (do you need to insmod?) part. |
The table will be created when the apropriate iptables kernel module gets loaded. This should happen automatically, unless your kernel has module autoloading disabled, or the module it is looking for was not compiled. |
|
| Back to top |
|
|
OldManRiver
Tux's lil' helper
Joined: 17 Jan 2007
Posts: 79
|
| Posted: Fri Aug 24, 2007 1:38 pm Post subject: Re: Deciphering the Error! |
|
|
| cyrillic wrote: | | OldManRiver wrote: | | So the part I do not understand is the Table does not exist (do you need to insmod?) part. |
The table will be created when the apropriate iptables kernel module gets loaded. This should happen automatically, unless your kernel has module autoloading disabled, or the module it is looking for was not compiled. |
Cyrillic,
Sorry to act ignorant, but noob here.
So, if I do this right, I need to manually enable logging during the install, to track any install error, as there are currently none in the syslog, so I can see what module is having trouble. Then with that I can repost, so you and I, or others can help figure out why the install is not going right and why I am getting this error.
Is that the correct understanding and approach? 
Also please instruct on how to check on the <b>"autoloading"</b> thing, you referred to. I need to check on that.
OMR |
|
| Back to top |
|
|
OldManRiver
Tux's lil' helper
Joined: 17 Jan 2007
Posts: 79
|
| Posted: Fri Aug 24, 2007 7:49 pm Post subject: Error Source Found - Maybe? |
|
|
All,
Checking out error logs, etc directed me to the "rc-status" where I found dhcpd, iptables and net.eth1 stopped. I successfully restarted iptables, after finding and clearing errors in the /etc/dmsmasq.conf and /etc/conf.d/net files.
However dhcpd and net.eth1 will not restart. Get this output: | Code: | * Starting eth1
* Bringing up eth1
* dhcp
* network interface eth1 does not exist
* Please verify hardware or kernel module (driver) [ !! ] |
Tried reloading the kernal and redoing the symlink, but no change. My ouptput from lspci is: | Code: | gen_nyle ~ # lspci | grep Ethernet
01:04.0 Ethernet controller: 3Com Corporation 3c905B 100BaseTX [Cyclone] (rev 30)
01:05.0 Ethernet controller: 3Com Corporation 3c905B 100BaseTX [Cyclone] (rev 30)
01:08.0 Ethernet controller: Intel Corporation 82801DB PRO/100 VE (LOM) Ethernet Controller (rev 82) |
So you see my cards are being read by the system, but it just does not activate the 3Com cards, even though the modules are selected in the make file.
How do I solve this problem? Can't seem to find any HOWTOs on this "When NICs won't setup"! Sure can use some help here.
Thanks!
OMR |
|
| Back to top |
|
|
cyrillic
Watchman
Joined: 19 Feb 2003
Posts: 7301
Location: Groton, Massachusetts USA
|
| Posted: Fri Aug 24, 2007 8:33 pm Post subject: Re: Error Source Found - Maybe? |
|
|
| OldManRiver wrote: | | So you see my cards are being read by the system, but it just does not activate the 3Com cards, even though the modules are selected in the make file. |
"lspci" shows that your NICs are plugged into the motherboard, and detected by the PCI bus.
The next step is to check if the drivers are loaded and working.
If you compiled the drivers as modules, "lsmod" should show 3c59x loaded for the 3Com NICs, and e100 loaded for the Intel NIC.
If you compiled the drivers into the kernel, then they won't show up in "lsmod", but the kernel should say something in "dmesg" when each NIC driver is activated.
Once the drivers are working, then "ifconfig -a" should show all your interfaces (eth0, eth1, eth2, lo).
If something went wrong, then "dmesg" should have some error messages to help diagnose the problem. |
|
| Back to top |
|
|
OldManRiver
Tux's lil' helper
Joined: 17 Jan 2007
Posts: 79
|
| Posted: Sat Aug 25, 2007 7:56 pm Post subject: |
|
|
cyrillic,
I issued the following commands and stored the results in pastebin: | Code: | dhcpd eth1 http://rafb.net/p/ypwt0d93.html
cat /var/log/dmesg | grep eth | wgetpaste http://rafb.net/p/uSQayV77.html |
Seems that somehow the 3Com drivers are not getting into the system right, even though I've gone through the "make makemenu" and the "make && make install_modules" process several times.
Not sure where I'm at in this now? All should be there but is not. Not sure why it is failing. Could use help on where to look to find errors and why the modules are not there. Doing a restart, just to make sure all is properly loaded.
Thanks!
OMR |
|
| Back to top |
|
|
cyrillic
Watchman
Joined: 19 Feb 2003
Posts: 7301
Location: Groton, Massachusetts USA
|
| Posted: Sun Aug 26, 2007 5:51 pm Post subject: |
|
|
| OldManRiver wrote: | | Seems that somehow the 3Com drivers are not getting into the system right, even though I've gone through the "make makemenu" and the "make && make install_modules" process several times. |
You can list modules that are available for the currently running kernel like this.
If you see the 3c59x module in the list, try loading it, and then see what dmesg has to say.
If the module you want is not in the list, then you need to compile and install it.
One thing to be careful of :
If you have more than one set of kernel sources, make sure you are booting the same one as you are compiling modules for, or else you will wonder why the modules don't show up. |
|
| Back to top |
|
|
OldManRiver
Tux's lil' helper
Joined: 17 Jan 2007
Posts: 79
|
| Posted: Wed Aug 29, 2007 4:27 pm Post subject: Not Showing |
|
|
cyrillic,
The 3 Com NICs do not show when I run the modprobe -l cmd.
What now?
OMR |
|
| Back to top |
|
|
OldManRiver
Tux's lil' helper
Joined: 17 Jan 2007
Posts: 79
|
| Posted: Thu Aug 30, 2007 3:05 pm Post subject: Make Tried - Diff Options |
|
|
All,
Ran the menuconfig with the "M" option, rather than "*" and saw the modules build, but still nothing in "modprobe -1"
I even tried "modprobe -a <modname>" but get "File does't exist" errors.
OMR |
|
| Back to top |
|
|
deathcon1
Apprentice
Joined: 30 Aug 2007
Posts: 182
Location: Canada
|
| Posted: Thu Aug 30, 2007 3:36 pm Post subject: |
|
|
Are you sure you're switching to the new kernel? Also, not sure how much this matters but when I recompile my kernel I do
| Code: | | make [b]modules_install[/b] |
|
|
| Back to top |
|
|
cyrillic
Watchman
Joined: 19 Feb 2003
Posts: 7301
Location: Groton, Massachusetts USA
|
| Posted: Thu Aug 30, 2007 3:39 pm Post subject: |
|
|
Take a look at the output of
This will tell you the time and date that the currently running kernel was built.
My guess is that you have compiled the kernel and modules several times, but you are not booting the most recent one. |
|
| Back to top |
|
|
OldManRiver
Tux's lil' helper
Joined: 17 Jan 2007
Posts: 79
|
| Posted: Thu Aug 30, 2007 5:14 pm Post subject: Pb |
|
|
All,
Create PB at: http://pastebin.org/1437
Which contains: | Code: | Command => /etc/init.d/net.eth1 start
* Starting eth1
* Bringing up eth1
* dhcp
* network interface eth1 does not exist
* Please verify hardware or kernel module (driver) [ !! ]
Command => lspci | grep -i eth
eth0=Ethernet controller: Intel Corporation 82801DB PRO/100 VE (LOM) Ethernet Controller (rev 82)
eth1=Ethernet controller: 3Com Corporation 3c905B 100BaseTX [Cyclone] (rev 30)
eth2=Ethernet controller: 3Com Corporation 3c905B 100BaseTX [Cyclone] (rev 30)
Command => dhcp eth1
Internet System Consortium DHCP Server V3.0.3-Gentoo-r9
Copyright 2004-2005 Internet System Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp
/etc/dhcp/dhcpd.conf line 7: subnet 192.168.1.1 netmask 255.255.255.0: bad subnet/mask combination.
subnet 192.168.1.1 netmask 255.255.255.0
^
Configuration file errors encountered -- exiting
Command => cat /var/log/dmesg | grep -i eth0
e100: eth0: e100_probe: addr 0xff8fe000, irq 16, MAC addr 00:07:E9:5D:02:C0
Command => cat /var/log/dmesg | grep -i eth1
<blank>
Command => cat /var/log/dmesg | grep -i eth2
<blank>
Command => modprobe -l
/lib/modules/2.6.20-gentoo-r8/kernel/drivers/char/speakup/speakup_keyhelp.ko
/lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/tcp_westwood.ko
/lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/tcp_bic.ko
/lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/tcp_htcp.ko
Command => modprobe 3c59x
FATAL: Module 3c59x not found.
Searching for the modules I found them in:
/lib/modules/2.6.20-gentoo-r8y
and the modprobe does not query there. |
I do not understand why the modules are building into the wrong directory. I tried moving them but that did not fix the problem.
OMR |
|
| Back to top |
|
|
OldManRiver
Tux's lil' helper
Joined: 17 Jan 2007
Posts: 79
|
| Posted: Sun Sep 02, 2007 8:34 pm Post subject: Grub Problem |
|
|
All,
We found the problems at the root of all this:
1. Grub was corrupted,
2. Phantom /boot dir which had to be deleted,
3. Kernel rebuild, /boot copy, and re-init of Grub to correct after cleanup.
Had to write a script to force mount of /boot and execute copy of kernel image into /boot to make sure phantom dir did not re-occur.
Script: cpKern.sh | Code: | umount /boot
cd /usr/src/linux
make && make modules_install
cd /
mount /boot
cp /usr/src/linux/arch/i386/boot/bzImage /boot/kernel-2.6.20-gentoo-r8
umount /boot |
Simple script, but keeps the kernel build/copy procedure from erroring.
Original Problem:
As for solution on the original problem, Installing "Home Router", I re-ran my script and kept getting error on the 3c59x 3Com drivers, so realized these were corrupt. This forced me to execute: | Code: | | emerge --update --newuse --deep world |
which then blew on module 21 of 29 (gtk) with "X flag" error. I then had to edit the "/etc/make.conf" file and change | Code: | USE="gtk vram gnome qt3 qt4 kde dvd alsa cdr Xdri ipv6 nptl sdl xorg"
to
USE="X gtk vram gnome qt3 qt4 kde dvd alsa cdr Xdri ipv6 nptl sdl xorg" |
then re-run the "WORLD" update cmd above.
The "WORLD" rebuild went OK, so then executed:which added my two nic cards as eth3 & 4. However since these are supposed to be configured as eth1 & 2, I had to edit the "/etc/udev/rules.d/70-persistent-net.rules" file and delete all the eth card defs past eth0. Then a re-run of "modprobe 3c59x" assigned the 3Com NICs as eth1 & 2.
This started all the Card working correctly, but was unable to connect to the internet. The problem encountered was the gateway statement (3rd line): | Code: | # Set eth0 to dhcp Server
config_eth0=( "77.78.7.1 broadcast 77.78.7.255 netmask 255.255.255.0" )
# routes_eth0=( "default gw 77.78.7.1" ) |
had to be commented out since it was locking up eth1 & 2 and not letting internet traffic through.
Next I had a minor problem with Xwindows/xdm which force more work on getting up there.
Finally I had a with all this done, I had this router installed and working, but still is under test and NAT config, so not 100% sure of operatbility.
Will keep you posted on progress here!
OMR |
|
| Back to top |
|
|
|
Networking & Security
