Not able to set iptables rule

[ashulinux]

satellite ~ # iptables -A INPUT -s 192.168.1.166 -p tcp --dport 22 -j DROP
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.


hi list ...

above is my error list which i am getting when i set iptable rule.
i have enabled all options in # make menuconfig as mentioned in HOWTO configuring iptables on gentoo.

can anyone please help me out !!

cheers
ashutosh
bangalore

[aqu]

Douse

Code: Select all

# lsmod | grep iptable

and

Code: Select all

# lsmod | grep ip_

gave you some output ?
if not you need to add some modules

my output (for second command):
ip_nat 21804 1 iptable_nat
ip_conntrack 52960 3 xt_state,iptable_nat,ip_nat
nfnetlink 11032 2 ip_nat,ip_conntrack
ip_tables 17604 3 iptable_mangle,iptable_nat,iptable_filter

[vatsu]

Hi,

The message says that the table filter wasn't compiled in your kernel. Maybe, you compiled it as a module and you need to load it.

To discover if you compiled the table filter as a module do this:

Code: Select all

$ grep CONFIG_IP_NF_FILTER /usr/src/linux/.config

If CONFIG_IP_NF_FILTER=m, then you compiled table filter as a module and you need to load it with modprobe.

Otherwise, I bet that you forgot to mark the table filter option in menuconfig.

I hope that it helps you.

Cheers
Vatsu

[ashulinux]

satellite apolo # lsmod | grep iptable

satellite apolo # lsmod | grep ip_

satellite apolo # grep CONFIG_IP_NF_FILTER /usr/src/linux/.config
CONFIG_IP_NF_FILTER=m

satellite apolo # modprobe ip_tables
WARNING: Error inserting x_tables (/lib/modules/2.6.20-gentoo-r8/kernel/net/netfilter/x_tables.ko): Unknown symbol in module, or unknown parameter (see dmesg)
FATAL: Error inserting ip_tables (/lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/netfilter/ip_tables.ko): Unknown symbol in module, or unknown parameter (see dmesg)


hi i got the following errors.

i got CONFIG_IP_NF_FILTER=m

how shall i proced now ?

[smoco]

this command gives you list of modules which you have compiled to use with iptables(netfilter)
ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/
here you have to choose thatone you need (in your case propably ip_tables.ko and iptable_filter.ko) and with command
modprobe module_name (without .ko extension) you can insert it into kernel

so in your case it will looks like
modprobe ip_tables
modprobe iptable_filter

[Rob1n]

See what dmesg says about why the modules failed to load.

The error as reported would suggest that the installed modules were not compiled for the kernel you're currently running. Have you rebuilt the kernel and forgotten to run "make modules_install"? Or rebuilt the kernel and not yet rebooted?

[ashulinux]

hi....

the o/p of the comand you said is as shown

satellite linux # ls /lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/netfilter/
arp_tables.ko arpt_mangle.ko arptable_filter.ko


i am doing exactly the same as given in gentoo wiki below
i am using 2.6.20 kernel

http://gentoo-wiki.com/HOWTO_Iptables_f ... el_Support

i am posting my /usr/src/linux-2.6.20-gentoo-r8/.config IP list..
just see if i need to edit some more

satellite linux # vi /usr/src/linux-2.6.20-gentoo-r8/.config

#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.20-gentoo-r8
# Thu Jul 5 19:48:58 2007
# Loadable module support
#
CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
CONFIG_MODULE_FORCE_UNLOAD=y
# CONFIG_MODVERSIONS is not set
# CONFIG_MODULE_SRCVERSION_ALL is not set
CONFIG_KMOD=y
CONFIG_STOP_MACHINE=y
CONFIG_STOP_MACHINE=y

#
# Block layer
#
CONFIG_BLOCK=y
# CONFIG_BLK_DEV_IO_TRACE is not set
"
------------------------------------------------------------------------------------------

#
# IP: Netfilter Configuration
#
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
CONFIG_NF_NAT_SNMP_BASIC=y
CONFIG_NF_NAT_PROTO_GRE=y
CONFIG_NF_NAT_FTP=y
CONFIG_NF_NAT_IRC=y
CONFIG_NF_NAT_TFTP=y
CONFIG_NF_NAT_AMANDA=y
CONFIG_NF_NAT_PPTP=y
CONFIG_NF_NAT_H323=y
CONFIG_NF_NAT_SIP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
# CONFIG_IP_NF_TARGET_TTL is not set
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
CONFIG_IP_NF_RAW=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y



thanks

[vatsu]

There is something strange:

satellite apolo # grep CONFIG_IP_NF_FILTER /usr/src/linux/.config
CONFIG_IP_NF_FILTER=m

And

satellite linux # vi /usr/src/linux-2.6.20-gentoo-r8/.config
(...)
CONFIG_IP_NF_FILTER=y

This means that your linux symlink isn't pointing to linux-2.6.20-gentoo-r8

Is this kernel version you are running?

Code: Select all

uname -r

will answer this question.

I will be waiting the answer.

[ashulinux]

Douse

Code: Select all

# lsmod | grep iptable

and

Code: Select all

# lsmod | grep ip_

gave you some output ?
if not you need to add some modules

my output (for second command):
ip_nat 21804 1 iptable_nat
ip_conntrack 52960 3 xt_state,iptable_nat,ip_nat
nfnetlink 11032 2 ip_nat,ip_conntrack
ip_tables 17604 3 iptable_mangle,iptable_nat,iptable_filter

after i compile my kernel i do the following

echo "ip_tables" >> /etc/modules.autoload.d/kernel-2.6
echo "iptable_filter" >> /etc/modules.autoload.d/kernel-2.6
update-modules

reboot my box

then emerge iptables

#modprobe ip_tables
ip_tables not FOUND

how shall i proceed then... i have enabled all required things in make menuconfig

plz help

[ashulinux]

yes i am running the same kernel...2.6.20-gentoo-r8

actually i changed the module & rebooted.

so what exactly i need to do why am i not getting ip_tables or iptable_filter when i modprobe it..

i am emerging "iptables" after i reboot the machine

[Rob1n]

The last .config file you posted had everything built into the kernel, so there won't be any modules. Have you retried running the iptables command?

[ashulinux]

iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

yes i retried & getting same error as above

[vatsu]

Have you compiled iptables with IPv6 support?

[ashulinux]

Have you compiled iptables with IPv6 support?

YES but i didn't mark all modules in menuconfig

[vatsu]

First, Excuse for my grammar errors, english isn't my first language

Second, I made a mistake. If the problem is IPv6 the error message would be Can't initialize ip6table...

Your issue is freaking me out...If you solve it, please let me know...

Cheers

[ashulinux]

hey vastu...

can u give me your email id so that i can attach screenshots of my kernel config.
'm still trying

[ashulinux]

satellite linux # modprobe ip_tables
WARNING: Error inserting x_tables (/lib/modules/2.6.20-gentoo-r8/kernel/net/netfilter/x_tables.ko): Unknown symbol in module, or unknown parameter (see dmesg)
FATAL: Error inserting ip_tables (/lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/netfilter/ip_tables.ko): Unknown symbol in module, or unknown parameter (see dmesg)


how to overcome this error ?

[ashulinux]

satellite ~ # modprobe iptable_filter
WARNING: Error inserting x_tables (/lib/modules/2.6.20-gentoo-r8/kernel/net/netfilter/x_tables.ko): Unknown symbol in module, or unknown parameter (see dmesg)
WARNING: Error inserting ip_tables (/lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/netfilter/ip_tables.ko): Unknown symbol in module, or unknown parameter (see dmesg)
FATAL: Error inserting iptable_filter (/lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/netfilter/iptable_filter.ko): Unknown symbol in module, or unknown parameter (see dmesg)


same error for iptable_filter ??

[ashulinux]

satellite apolo # cd /lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/netfilter/
satellite netfilter # ls
arp_tables.ko ipt_REDIRECT.ko ipt_iprange.ko nf_nat.ko
arpt_mangle.ko ipt_REJECT.ko ipt_owner.ko nf_nat_amanda.ko
arptable_filter.ko ipt_SAME.ko ipt_recent.ko nf_nat_ftp.ko
ip_queue.ko ipt_TCPMSS.ko ipt_tos.ko nf_nat_h323.ko
ip_tables.ko ipt_TOS.ko ipt_ttl.ko nf_nat_irc.ko
ipt_CLUSTERIP.ko ipt_TTL.ko iptable_filter.ko nf_nat_pptp.ko
ipt_ECN.ko ipt_ULOG.ko iptable_mangle.ko nf_nat_proto_gre.ko
ipt_LOG.ko ipt_addrtype.ko iptable_nat.ko nf_nat_sip.ko
ipt_MASQUERADE.ko ipt_ah.ko iptable_raw.ko nf_nat_snmp_basic.ko
ipt_NETMAP.ko ipt_ecn.ko nf_conntrack_ipv4.ko nf_nat_tftp.ko
satellite netfilter #

[vatsu]

I sent a e-mail to you.

Post your dmesg when you try to load the modules

Cheers

[Rob1n]

This is very confusing - the kernel modules aren't matching to your running kernel, and that doesn't match to the .config file you posted earlier. I'd recommend the following steps:

• Delete the /lib/modules/2.6.20-gentoo-r8 directory altogether.
• Check that /usr/src/linux is a symlink to linux-2.6.20-gentoo-r8.
• Reinstall the kernel & modules (cd /usr/src/linux && make install && make modules_install).
• Check the timestamp on /boot/vmlinuz-2.6.20-gentoo-r8 and ensure that it's newly created.
• Checking that /boot/grub/menu.conf is set to boot the new kernel (either /boot/vmlinuz-2.6.20-gentoo-r8 or /boot/vmlinuz, which should be a symlink to the first).
• Reboot & try iptables again.

[theMikeroy]

Interesting...

I seem to be having a similar issue over here.

I'm using linux-2.6.20-gentoo-r8 and I can actually start iptables, but when I try to load in a ruleset i exported from an older server i'm greeted with:

# iptables-restore < iptables.conf
FATAL: Module ip_tables not found.
iptables-restore v1.3.5: iptables-restore: unable to initializetable 'raw'

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

Ok, fine...

# modprobe ip_tables
FATAL: Module ip_tables not found.

# modprobe iptable_filter
FATAL: Module iptable_filter not found.


# cd /lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/netfilter/
# ls
arp_tables.ko ipt_ULOG.ko ipt_recent.ko nf_nat_amanda.ko nf_nat_sip.ko
arpt_mangle.ko ipt_addrtype.ko ipt_tos.ko nf_nat_ftp.ko nf_nat_tftp.ko
arptable_filter.ko ipt_ah.ko ipt_ttl.ko nf_nat_h323.ko
ipt_LOG.ko ipt_ecn.ko iptable_nat.ko nf_nat_irc.ko
ipt_REJECT.ko ipt_iprange.ko nf_conntrack_ipv4.ko nf_nat_pptp.ko
ipt_TCPMSS.ko ipt_owner.ko nf_nat.ko nf_nat_proto_gre.ko

# ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/
arp_tables.ko ipt_ULOG.ko ipt_recent.ko nf_nat_amanda.ko nf_nat_sip.ko
arpt_mangle.ko ipt_addrtype.ko ipt_tos.ko nf_nat_ftp.ko nf_nat_tftp.ko
arptable_filter.ko ipt_ah.ko ipt_ttl.ko nf_nat_h323.ko
ipt_LOG.ko ipt_ecn.ko iptable_nat.ko nf_nat_irc.ko
ipt_REJECT.ko ipt_iprange.ko nf_conntrack_ipv4.ko nf_nat_pptp.ko
ipt_TCPMSS.ko ipt_owner.ko nf_nat.ko nf_nat_proto_gre.ko


What I don't see in here is ip_tables.ko

# lsmod | grep iptable
# lsmod | grep ip_

Nothing, however:
# dmesg | grep ip_
ip_tables: (C) 2000-2006 Netfilter Core Team


# grep CONFIG_IP_NF_FILTER /usr/src/linux/.config
CONFIG_IP_NF_FILTER=y


Here's some relevant output from .config:
.
.
.
* edit - didn't want to totally steal this thread, so i clipped my .config...

Ok, so all of that...

But here's the REALLY fun part...

# /etc/init.d/iptables start
* Loading iptables state and starting firewall ... [ ok ]

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

And back to square 1 again:

# iptables-restore < iptables.conf
FATAL: Module ip_tables not found.
iptables-restore v1.3.5: iptables-restore: unable to initializetable 'raw'

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.


I'm a little stumped with this one.
Am I missing something glaringly obvious, am I crazy or is there a bug in here somewhere?

Cheers!

[Hu]

You are missing the raw table, which your saved configuration is trying to populate. You should add support for the raw table or remove its configuration from your saved rules.

[theMikeroy]

Thanks, Hu... that did it...

I tried adding it as a module, but with no luck. I just compiled it straight into the kernel, and now I can load my ruleset.

Just an oversight on my part...

Sorry for cutting in on the thread,

Thanks again for the help =)

[pingp]

Hi, guys

I have exactly same problem, here is some more information

pingp@localhost /lib/modules/2.6.20-gentoo-r8/kernel/net/ipv4/netfilter $ ls
nf_conntrack_ipv4.ko

Even i have changed configs, i can not get the ip_tables in kernel compiled. Who can share me the part for netfilters in ur .config? thanx alot!!!