iptables broken ? what the fudge..

Message

Krisserferson · Post by **Krisserferson** » Fri May 09, 2003 10:36 am

Am I just getting screwed sideways here ?!

Just did a fresh install of the new 1.4 and compiled the fresh kernel with netfilter support. All things well.. Booting:.....

Code: Select all

May  9 10:26:07 bintje kernel: NET4: Linux TCP/IP 1.0 for NET4.0
May  9 10:26:07 bintje kernel: IP Protocols: ICMP, UDP, TCP, IGMP
May  9 10:26:07 bintje kernel: IP: routing cache hash table of 2048 buckets, 16Kbytes
May  9 10:26:07 bintje kernel: TCP: Hash tables configured (established 16384 bind 16384)
May  9 10:26:07 bintje kernel: ip_tables: (C) 2000-2002 Netfilter core team
May  9 10:26:07 bintje kernel: ipt_recent v0.3.1: Stephen Frost <sfrost@snowman.net>.  http://snowman.net/projects/ipt_recent/
May  9 10:26:07 bintje kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
May  9 10:26:07 bintje kernel: reiserfs: checking transaction log (device 48:03) ...

So you'd expect that after emerging iptables, iptables should work....

Unfortunately, this is what I get:

Code: Select all

bintje linux # iptables --list
modprobe: Can't locate module ip_tables
iptables v1.2.8: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
bintje linux #

Re-emerging iptables just won't work..
I have the newest gentoo-sources.
Maybe that is the problem, it would seem so after reading some messages on the forums.

Any idea?? Anyone ??

ProjectDEAD · Post by **ProjectDEAD** » Fri May 09, 2003 1:41 pm

i have/had same problem once u select Netfilter as a package Y(in kernel) u must also go down to the bottom of the kernel configuration in same place as NetFilter option and u will see Netfilter Configuration etc etc or something as suck press enter and enable iptables through that and make it a module M, that will get rid to unable to loadmod ip_tables, now u have to figure WTF filter is (lol im at school so i cant go look, and ive had same problem) so i guess its prolly another feature needing to be enabled in same place as iptables

HF

Krisserferson · Post by **Krisserferson** » Fri May 09, 2003 2:03 pm

I guess I could build iptables as a module, though I don't see how building it within the kernel would cause it not to work... Maybe my /proc/config could shed some light on the subject:

Code: Select all

CONFIG_X86=y
CONFIG_UID16=y
CONFIG_EXPERIMENTAL=y
CONFIG_MODULES=y
CONFIG_MODVERSIONS=y
CONFIG_KMOD=y
CONFIG_LOLAT=y
CONFIG_M686=y
CONFIG_X86_WP_WORKS_OK=y
CONFIG_X86_INVLPG=y
CONFIG_X86_CMPXCHG=y
CONFIG_X86_XADD=y
CONFIG_X86_BSWAP=y
CONFIG_X86_POPAD_OK=y
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_X86_L1_CACHE_SHIFT=5
CONFIG_X86_HAS_TSC=y
CONFIG_X86_GOOD_APIC=y
CONFIG_X86_PGE=y
CONFIG_X86_USE_PPRO_CHECKSUM=y
CONFIG_X86_PPRO_FENCE=y
CONFIG_X86_F00F_WORKS_OK=y
CONFIG_X86_MCE=y
CONFIG_NOHIGHMEM=y
CONFIG_1GB=y
CONFIG_MTRR=y
CONFIG_SMP=y
CONFIG_PREEMPT=y
CONFIG_X86_TSC=y
CONFIG_HAVE_DEC_LOCK=y
CONFIG_HZ=200
CONFIG_NET=y
CONFIG_X86_IO_APIC=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_PCI=y
CONFIG_PCI_GOANY=y
CONFIG_PCI_BIOS=y
CONFIG_PCI_DIRECT=y
CONFIG_ISA=y
CONFIG_PCI_NAMES=y
CONFIG_EISA=y
CONFIG_HOTPLUG=y
CONFIG_SYSVIPC=y
CONFIG_SYSCTL=y
CONFIG_KCORE_ELF=y
CONFIG_BINFMT_AOUT=y
CONFIG_BINFMT_ELF=y
CONFIG_BINFMT_MISC=y
CONFIG_PM=y
CONFIG_ACPI=y
CONFIG_ACPI_BOOT=y
CONFIG_ACPI_BUS=y
CONFIG_ACPI_INTERPRETER=y
CONFIG_ACPI_EC=y
CONFIG_ACPI_POWER=y
CONFIG_ACPI_PCI=y
CONFIG_ACPI_SLEEP=y
CONFIG_ACPI_SYSTEM=y
CONFIG_PNP=y
CONFIG_ISAPNP=m
CONFIG_BLK_DEV_FD=y
CONFIG_BLK_CPQ_DA=y
CONFIG_BLK_DEV_LOOP=m
CONFIG_BLK_DEV_NBD=m
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=8192
CONFIG_BLK_DEV_INITRD=y
CONFIG_BLK_STATS=y
CONFIG_EVMS=y
CONFIG_EVMS_LOCAL_DEV_MGR=y
CONFIG_EVMS_DOS_SEGMENT_MGR=y
CONFIG_EVMS_SNAPSHOT=y
CONFIG_EVMS_DRIVELINK=y
CONFIG_EVMS_BBR=y
CONFIG_EVMS_LVM=y
CONFIG_EVMS_MD=y
CONFIG_EVMS_MD_LINEAR=y
CONFIG_EVMS_MD_RAID0=y
CONFIG_EVMS_MD_RAID1=y
CONFIG_EVMS_MD_RAID5=y
CONFIG_EVMS_AIX=y
CONFIG_EVMS_INFO_DEFAULT=y
CONFIG_MD=y
CONFIG_BLK_DEV_MD=y
CONFIG_MD_LINEAR=y
CONFIG_MD_RAID0=y
CONFIG_MD_RAID1=y
CONFIG_MD_RAID5=y
CONFIG_MD_MULTIPATH=y
CONFIG_BLK_DEV_LVM=y
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
CONFIG_NETFILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_QUOTA=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_STEALTH=y
CONFIG_IP_NF_MATCH_STRING=y
CONFIG_IP_NF_TARGET_ROUTE=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IDE=y
CONFIG_BLK_DEV_IDE=y
CONFIG_BLK_DEV_IDEDISK=y
CONFIG_IDEDISK_MULTI_MODE=y
CONFIG_IDEDISK_STROKE=y
CONFIG_BLK_DEV_IDECD=y
CONFIG_BLK_DEV_IDEFLOPPY=y
CONFIG_BLK_DEV_CMD640=y
CONFIG_BLK_DEV_CMD640_ENHANCED=y
CONFIG_BLK_DEV_RZ1000=y
CONFIG_BLK_DEV_IDEPCI=y
CONFIG_IDEPCI_SHARE_IRQ=y
CONFIG_BLK_DEV_IDEDMA_PCI=y
CONFIG_IDEDMA_PCI_AUTO=y
CONFIG_BLK_DEV_IDEDMA=y
CONFIG_BLK_DEV_ADMA=y
CONFIG_BLK_DEV_AEC62XX=y
CONFIG_BLK_DEV_ALI15X3=y
CONFIG_BLK_DEV_AMD74XX=y
CONFIG_BLK_DEV_CMD64X=y
CONFIG_BLK_DEV_CY82C693=y
CONFIG_BLK_DEV_CS5530=y
CONFIG_BLK_DEV_HPT34X=y
CONFIG_BLK_DEV_PIIX=y
CONFIG_PIIX_TUNING=y
CONFIG_BLK_DEV_NS87415=y
CONFIG_BLK_DEV_OPTI621=y
CONFIG_BLK_DEV_SVWKS=y
CONFIG_BLK_DEV_SIS5513=y
CONFIG_BLK_DEV_SLC90E66=y
CONFIG_BLK_DEV_TRM290=y
CONFIG_BLK_DEV_VIA82CXXX=y
CONFIG_IDEDMA_AUTO=y
CONFIG_BLK_DEV_IDE_MODES=y
CONFIG_SCSI=y
CONFIG_BLK_DEV_SD=y
CONFIG_SD_EXTRA_DEVS=40
CONFIG_CHR_DEV_ST=y
CONFIG_CHR_DEV_SG=y
CONFIG_SCSI_MULTI_LUN=y
CONFIG_SCSI_CONSTANTS=y
CONFIG_SCSI_NCR53C7xx=m
CONFIG_SCSI_SYM53C8XX_2=m
CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1
CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16
CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64
CONFIG_SCSI_SYM53C8XX=y
CONFIG_SCSI_NCR53C8XX_DEFAULT_TAGS=4
CONFIG_SCSI_NCR53C8XX_MAX_TAGS=32
CONFIG_SCSI_NCR53C8XX_SYNC=20
CONFIG_NETDEVICES=y
CONFIG_DUMMY=m
CONFIG_NET_ETHERNET=y
CONFIG_NET_PCI=y
CONFIG_TLAN=y
CONFIG_INPUT=y
CONFIG_INPUT_KEYBDEV=y
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_SERIAL_NONSTANDARD=y
CONFIG_UNIX98_PTYS=y
CONFIG_UNIX98_PTY_COUNT=256
CONFIG_RTC=y
CONFIG_AUTOFS4_FS=y
CONFIG_REISERFS_FS=y
CONFIG_REISERFS_PROC_INFO=y
CONFIG_EXT3_FS=y
CONFIG_JBD=y
CONFIG_FAT_FS=m
CONFIG_MSDOS_FS=m
CONFIG_VFAT_FS=m
CONFIG_CRAMFS=y
CONFIG_TMPFS=y
CONFIG_RAMFS=y
CONFIG_ISO9660_FS=y
CONFIG_JOLIET=y
CONFIG_ZISOFS=y
CONFIG_PROC_FS=y
CONFIG_PROC_CONFIG=y
CONFIG_DEVFS_FS=y
CONFIG_ROMFS_FS=y
CONFIG_EXT2_FS=y
CONFIG_NFS_FS=y
CONFIG_NFS_V3=y
CONFIG_NFSD=y
CONFIG_NFSD_V3=y
CONFIG_SUNRPC=y
CONFIG_LOCKD=y
CONFIG_LOCKD_V4=y
CONFIG_ZISOFS_FS=y
CONFIG_FS_MBCACHE=y
CONFIG_PARTITION_ADVANCED=y
CONFIG_MSDOS_PARTITION=y
CONFIG_BSD_DISKLABEL=y
CONFIG_MINIX_SUBPARTITION=y
CONFIG_SOLARIS_X86_PARTITION=y
CONFIG_UNIXWARE_DISKLABEL=y
CONFIG_LDM_PARTITION=y
CONFIG_SUN_PARTITION=y
CONFIG_EFI_PARTITION=y
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="iso8859-1"
CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_UTF8=y
CONFIG_VGA_CONSOLE=y
CONFIG_VIDEO_SELECT=y
CONFIG_DEBUG_KERNEL=y
CONFIG_MAGIC_SYSRQ=y
CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=y

paranode · Post by **paranode** » Fri May 09, 2003 2:50 pm

What I do personally is just enable almost every option for the Netfilter Configuration in the kernel. This seems to work for me.

uzik · Post by **uzik** » Fri May 09, 2003 3:04 pm

There's also another option you need to make it compile.
If I remember right it's the 'quality of service' or something.
I can send you my .config tonight after I get home if you like.
It took a while to find out what all the options were.

Krisserferson · Post by **Krisserferson** » Fri May 09, 2003 3:09 pm

Afaik iptables does not depend on QoS... But thanks anyway

Any suggestions are welcome...

Kris

uzik · Post by **uzik** » Sat May 10, 2003 1:22 am

This thread might be of some help to you:

http://forums.gentoo.org/viewtopic.php? ... lm+compile

iptables broken ? what the fudge..

iptables broken ? what the fudge..

hmm ok