support for iptables in woody 3.0r1
I'm running Debian 'Woody' 3.0r1 and was wondering about its support for iptables. I confirmed that I have the latest version of iptables from apt-get, but..
# iptables -L modprobe: Can't locate module ip_tables iptables v1.2.6a: can't initialize iptables table 'filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel need to be upgraded. A related issue was on Debians lists... http://lists.debian.org/debian-user/.../msg00621.html Given all this, it still was not clear as to what is the ideal method for making iptables work... 1.) Run insmod as suggested by my error (staying w/ Woody 3.0r1) 2.) Download and compile Debian's latest distribution (Woody 3.0r2) 3.) Get the new 2.6 kernel 2.6 sounds promising, but I'm nervous about my first kernel update. |
Re: support for iptables in woody 3.0r1
Quote:
Code:
stephen@SleepyTux:~$ grep IP /boot/config-2.4.18-bf2.4 |
And to correct your confusion: moving to Debian 3.0r2 requires ZERO compiling. Debian packages are binaries. Sounds like you haven't compiled a home-rolled kernel and are using the install kernel. Do uname -a and see if its 2.2.XXX: if so, use ipchains as mentioned above. If bf24, run the command "modconf" as root and insert the iptables module.
|
# uname -a
Linux ... 2.2.20-idepci ... I'm aware that iptables wasn't available in the 2.2 kernel, but when I try to list the ipchains it returns an error... # ipchains -L ipchains: Incompatible with this kernel Also, only iptables is listed in /etc/init.d/ |
I find it hard to believe that firewalling Woody would be such a mess. If ipchains is incompatible and iptables can't be initialized, then there seems to be a major security flaw. The frustrating part is that I continually see related posts, but the solution remains vague and weakly-documented. Woody is popular, so how did everyone get around this?
------------------------------------------------------ Just to confirm... Debian 'Woody' 3.0r1 (2.2.20-idepci) # ipchains -L ipchains: Incompatible with this kernel # iptables -L modprobe: Can't locate module ip_tables iptables v1.2.6a: can't initialize iptales table 'filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Also, only iptables is listed in /etc/init.d/ ------------------------------------------------------ I'd like to avoid messing with the kernel if possible I looked into moving to the 2.6 kernel, but 2.6 is poorly documented for all distributions. There were a ton of posts about specifics and problems updating Woody's kernel to 2.4.22 (or is it 2.4.23). Basically, I'm concerned about firewalling for security purposes, not sure why it is not working with a clean install of Woody. Can someone please point me in the right direction, I've racked my brain for keyword combinations through Google.com (and the newly discovered http://www.google.com/linux) |
Do this:
apt-cache search kernel-image You'll get tons back like: kernel-image-2.4.18-1-386 - Linux kernel image for version 2.4.18 on 386. kernel-image-2.4.18-1-586tsc - Linux kernel image for version 2.4.18 on Pentium-Classic. kernel-image-2.4.18-1-686 - Linux kernel image 2.4.18 on PPro/Celeron/PII/PIII/PIV. kernel-image-2.4.18-1-686-smp - Linux kernel image 2.4.18 on PPro/Celeron/PII/PIII/PIV SMP. kernel-image-2.4.18-1-k6 - Linux kernel image for version 2.4.18 on AMD K6/K6-II/K6-III kernel-image-2.4.18-1-k7 - Linux kernel image for version 2.4.18 on AMD K7 kernel-image-2.4.18-bf2.4 - Linux kernel image for version 2.4.18 (bf variant) on 386. pcmcia-modules-2.4.18-bf2.4 - PCMCIA Modules for Linux (kernel 2.4.18-bf2.4). Chose the one you want and install it with apt-get. This way you don't have to run through the installer again and choose bf24 at the install prompt (which would have given you a iptables-compatible 2.4 kernel). You need a different kernel for iptables and it should be 2.4.X. There are many Debian packages that will make this very, very easy to do. Good luck. |
Worked like a charm. Thanks, that was painless.
# apt-cache search kernel-image # apt-get install kernel-image-2.4.18-686 * Not sure about the exact placement, but I got a message to do this... # vi /etc/lilo.conf (Added 'initrd=/initrd.img' after default=Linux and before image=/vmlinuz) Restarted and now iptables -L works! Thanks again. |
Disappering eth0
Somehow my Internet connection is no longer working after updating my kernel.
I originally set everything up during the install process, but not sure what to do to get it working again. Only the lo interface is displayed in ifconfig. I did find /etc/network/interfaces and it has all the info. What do I need to do to get this started upon boot? auto eth0 iface eth0 inet static address ... netmask ... network ... broadcast ... gateway ... |
Is eth0 seen by ifconfig? What is the output of lspci -v? Most likely you ONLY need to run "modconf" as root and insert the proper module for your NIC. That will let you ifup eth0 just fine.
|
# lspci -v
(shows my ethernet controller and loopback) # ifup eth0 ifup: interface eth0 already configured # ifconfig (shows only lo) |
Have you tried ifdowning it? ifdown eth0
And then ifup eth0 Was there anything in dmesg when you rebooted about eth? dmesg | grep eth0 Weird that its not working. |
Very weird...
# dmesg | grep eth0 (nothing) # ifdown eth0 SIOCSIFADDR: No such device # ifup eth0 eth0: ERROR while getting interface flags: No such device SIOCSIFNETMASK: No such device SIOCSIFBRDADDR: No such device eth0: ERROR while getting interface flags: No such device eth0: ERROR while getting interface flags: No such device |
I just had this same problem.
I upgraded kernel for iptables and now eth0 is gone. It isnt listed in /dev/ lspci finds and reports it as a: 3Com Corperation 3c590 10BaseT [Vortex] Im guessing that i lost support for my card with the upgrade perhaps... Any thoughts? EDIT: Also im going to buy a new card regardless tomorow. Hopefully that will make a difference. |
Perhaps you guys have already solved this ...
I could solve the problem above by hitting: # modprobe 8139too and after that, # /etc/init.d/networking restart Maybe it's just a proper module (in my case, it's 8139too) wasn't used. |
All times are GMT -5. The time now is 12:22 PM. |