LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Iptables problem - Linux 2.6.16 and structure changes, what do I do? (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-problem-linux-2-6-16-and-structure-changes-what-do-i-do-440134/)

mohawx 04-29-2006 06:55 PM
Iptables problem - Linux 2.6.16 and structure changes, what do I do?
 
Hi.

My iptables used to work fine but due to an error I had to have my server re-imaged with Fedora 4, Plesk 8.0 and Linux 2.6.16. Now whenever I try to do anything iptables-ish I get the following error :

iptables v1.3.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

I have tried to find an answer to this by going through the forum and the internet for hours and hours but to no avail.

Having read lots and lots of posts I am now aware that something has changed in the structure for iptables since the upgrade but being fairly new to Linux I haven't a clue where to even start looking!

It is a remote server but I do have total root access.

I was really pleased when I got it all working before so this has kind of knocked me back as I am back to square one again.

I really don't have a clue where to start, altough I know it involves configs I don't know where they are, how to edit them, what to edit or anything else! Sorry to be so useless!

A complete idiots guide to sorting this out would be SO appreciated as I can't seem to find the answers anywhere, here or on the net, although I'm sure they are here somewhere!

Hope you can help, I have posted before and you were all a great help then.... thanks in advance.

Alex

Centinul 04-29-2006 08:11 PM
Can you give us some examples of the IPTables commands that you were trying?

mohawx 04-30-2006 12:09 PM
Anything at all - iptables -L and all the rest... also when I try to load a new config to iptables, all comes up with the same error... any ideas how to change it?

I am sure that I need to change something in the NETFILTER config to point to the new structure but where is that and how do I do it?

Thanks for the reply.. hope you can help further!

Just in case you need it here is my config that worked with the old kernel and was going great till the re-image :(



# import this saved configuration into your iptables configuration with the following command:
# iptables-restore < web_server.config

*nat
:PREROUTING ACCEPT [127173:7033011]
:POSTROUTING ACCEPT [31583:2332178]
:OUTPUT ACCEPT [32021:2375633]
COMMIT

*mangle
:PREROUTING ACCEPT [444:43563]
:INPUT ACCEPT [444:43563] :FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [402:144198]
:POSTROUTING ACCEPT [402:144198]
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
COMMIT

*filter
:INPUT DROP [1:242]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:icmp_packets - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 43 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 783 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
#-A INPUT -p udp -m udp --dport 8443 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -p udp -m udp --dport 8767 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 12000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 14534 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 15000 -j ACCEPT
-A INPUT -p udp -m udp --dport 20700 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20700 -j ACCEPT
-A INPUT -p udp -m udp --dport 20710 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20710 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 28960 -j ACCEPT
-A INPUT -p udp -m udp --dport 28960 -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -p icmp -j icmp_packets
-A INPUT -j LOG --log-prefix "IPTABLES-IN Default Drop: " --log-level 7


-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 23 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 43 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 783 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 2210 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT
#-A OUTPUT -p udp -m udp --dport 8443 -j ACCEPT
#-A OUTPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 8767 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 12000 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 14534 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 15000 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 20700 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 20700 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 20710 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 20710 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 28960 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 28960 -j ACCEPT
-A OUTPUT -d 127.0.0.1 -j ACCEPT
-A OUTPUT -p icmp -j icmp_packets
-A OUTPUT -j LOG --log-prefix "IPTABLES-OUT Default Drop: " --log-level 7


-A icmp_packets -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A icmp_packets -s 127.0.0.1 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
COMMIT



Thanks for your time.
Alex

Centinul 04-30-2006 01:00 PM
Something I just thought of. When you reimaged your machine and compiled the kernel, did you enable IPTables support in the kernel? Also, did you install IPTables? I would check those two things. I know they are something simple but you never know :)

mohawx 04-30-2006 01:28 PM
When I type iptables -V it says :

iptables v1.3.0

so I think it is installed?

It is a remote server so the re-imaging was done by the provider.. how can I check if it has been installed and whether support is enabled? Sorry to be so lame!

Thanks again for your help.


All times are GMT -5. The time now is 12:51 AM.