iptables 2.6.16 broken? module ip_tables not found [Solved]

[luche21]

i just build a new gentoo system, 2.6.16-gentoo-r1, got everything running that i installed except iptables... this works fine with my 2.6.15 kernel i had on this server before i reinstalled and built the new kernel... not sure what the issue with starting this is...

i've compiled in everything i see available, directly in the kernel... i compile nothing as modules... i've got:
Network packet filtering
Network packet filtering debugging
Netfilter Xtables support
conntrack
Connection tracking
IP tables support

all compiled into the kernel...

dmesg shows on boot:
euclid linux # dmesg | grep tables
TCP: Hash tables configured (established 131072 bind 65536)
ip_tables: (C) 2000-2006 Netfilter Core Team

now i emerged iptables fine i've got an iptables rules conf already... so i try to iptables-restore, then... nothing... still gets this

euclid linux # iptables-restore /etc/iptables
FATAL: Module ip_tables not found.
iptables-restore v1.3.5: iptables-restore: unable to initializetable 'filter'

Error occurred at line: 3
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

also, when trying to list the available chains (which should be none currently)
euclid linux # iptables -L
FATAL: Module ip_tables not found.
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.



ideas anyone?... haven't found anything besides "netfilter broken witn 2.6.16 kernel?" forum post here (which i posted this in with no reply)... and haven't come across anything on netfilter.org yet...
someone help please!

[himpierre]

hello.

Don't know what kind of problem you have but i can say iptables and kernel 2.6.16 are working.

t.

[cocainomano]

Hi, i have problems with iptables in kernel 2.6.15.

I installed iptables with #emerge iptables, it did good.
I recompile the kernel with activation iptables in kernel.

Networking support --->
[*] Networking support
Networking options --->
<*> Packet socket (needed by dhcpcd)
<*> Unix domain sockets (needed by X)
[*] TCP/IP networking (no comment!)
[*] IP: multicasting (not needed on home lan)
[*] Network packet filtering (replaces ipchains) --->
IP: Netfilter configuration --->
<*> Connection tracking (required for masq/NAT)
< > Userspace queueing via NETLINK
<*> IP tables support (required for filtering/masq/NAT)
<M> Limit match support
<M> IP Range march support
<M> MAC address match support
<M> Packet type march support
<M> Netfilter MARK match support
<M> Multiple port match support
<M> TOS match support
<M> recent match support
<M> ECN match support
<M> DSCP match support
<M> AH/ESP match support
<M> LENGTH match support
<M> TTL match support
<M> tcpmss match support
<M> Limit match support
<*> Connection state match support
<*> Owner match support
<M> address type match support
<M> realm match support
<M> SCTP match support
<M> Coment match support
<*> Packet filtering
<*> REJECT target support
<*> LOG target support
<*> ULOG target support
<*> TCPMSS target support

Reboot system and boot with new kernel.

System ~ # iptables -F
FATAL: Module ip_tables not found.
iptables v1.3.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
System ~ #

Ummm, i dont have modules of iptables.... i think...

System ~ # modprobe ip_tables
FATAL: Module ip_tables not found.
System ~ #

who do i repaer Iptables?

[sobers_2002]

@ luche:

if you have used oldconfig then u'll have to manually go and change stuff in the config use menuconfig or w.e. . The new stuff is inside some x-tables or something.
_________________
Pdict - dockable dictionary client for linux
FREE97WIN: Use this code on Dreamhost and you get $97 off !!

[luche21]

i didn't use oldconfig... i compiled the kernel from scratch... i looked into what was needed for the 2.6.16 kernel for iptables to compile and run correctly, and as far as i know, everything is fine... but i keep getting this issue... anyone out there compile iptables into the 2.6.16 kernel, can maybe send me their .config?

thanks in advance

[himpierre]

Okay.

http://www.meine-oma.de/config

t.

[luche21]

ok, i went thru your config... i noticed you compiled everything except iptables itself as a module... this isn't exactly what i was looking for, but either way - this solved my issue, so many thanks to you... as soon as i get a chance i'll go through the kernel and compile what is actually needed without modules... for anyone else out there with the same issue... this is taken from the .config file in the 2.6.16-gentoo-r1 gentoo-sources kernel (just in case the link is taken down):

# Networking options
#
# CONFIG_NETDEBUG is not set
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
CONFIG_UNIX=y
CONFIG_XFRM=y
# CONFIG_XFRM_USER is not set
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
CONFIG_NET_IPGRE=y
# CONFIG_NET_IPGRE_BROADCAST is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_SYN_COOKIES is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
CONFIG_INET_TUNNEL=y
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_BIC=y

#
# IP: Virtual Server Configuration
#
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set

#
# Core Netfilter Configuration
#
# CONFIG_NETFILTER_NETLINK is not set
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m

#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_EVENTS=y
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_MATCH_POLICY=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m

[dj_farid]

Did anyone figure out which new modules that are needed in the new kernels?

This thread discusses the same problem: https://forums.gentoo.org/viewtopic-p-3383224.html#3383224

[rizzurant]

thanks luche21
its works
iam using 2.6.16-gentoo-r3

[cercasi]

I've had troubles too (I'm using 2.6.20-r8)

in order to get iptables working, I activated (according to the wiki guidline):