LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-29-2006, 07:55 PM   #1
mohawx
LQ Newbie
 
Registered: Mar 2006
Posts: 5

Rep: Reputation: 0
Unhappy Iptables problem - Linux 2.6.16 and structure changes, what do I do?


Hi.

My iptables used to work fine but due to an error I had to have my server re-imaged with Fedora 4, Plesk 8.0 and Linux 2.6.16. Now whenever I try to do anything iptables-ish I get the following error :

iptables v1.3.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

I have tried to find an answer to this by going through the forum and the internet for hours and hours but to no avail.

Having read lots and lots of posts I am now aware that something has changed in the structure for iptables since the upgrade but being fairly new to Linux I haven't a clue where to even start looking!

It is a remote server but I do have total root access.

I was really pleased when I got it all working before so this has kind of knocked me back as I am back to square one again.

I really don't have a clue where to start, altough I know it involves configs I don't know where they are, how to edit them, what to edit or anything else! Sorry to be so useless!

A complete idiots guide to sorting this out would be SO appreciated as I can't seem to find the answers anywhere, here or on the net, although I'm sure they are here somewhere!

Hope you can help, I have posted before and you were all a great help then.... thanks in advance.

Alex
 
Old 04-29-2006, 09:11 PM   #2
Centinul
Member
 
Registered: Jun 2005
Distribution: Gentoo
Posts: 552

Rep: Reputation: 30
Can you give us some examples of the IPTables commands that you were trying?
 
Old 04-30-2006, 01:09 PM   #3
mohawx
LQ Newbie
 
Registered: Mar 2006
Posts: 5

Original Poster
Rep: Reputation: 0
Anything at all - iptables -L and all the rest... also when I try to load a new config to iptables, all comes up with the same error... any ideas how to change it?

I am sure that I need to change something in the NETFILTER config to point to the new structure but where is that and how do I do it?

Thanks for the reply.. hope you can help further!

Just in case you need it here is my config that worked with the old kernel and was going great till the re-image



# import this saved configuration into your iptables configuration with the following command:
# iptables-restore < web_server.config

*nat
:PREROUTING ACCEPT [127173:7033011]
:POSTROUTING ACCEPT [31583:2332178]
:OUTPUT ACCEPT [32021:2375633]
COMMIT

*mangle
:PREROUTING ACCEPT [444:43563]
:INPUT ACCEPT [444:43563] :FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [402:144198]
:POSTROUTING ACCEPT [402:144198]
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
COMMIT

*filter
:INPUT DROP [1:242]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:icmp_packets - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 43 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 783 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
#-A INPUT -p udp -m udp --dport 8443 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -p udp -m udp --dport 8767 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 12000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 14534 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 15000 -j ACCEPT
-A INPUT -p udp -m udp --dport 20700 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20700 -j ACCEPT
-A INPUT -p udp -m udp --dport 20710 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20710 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 28960 -j ACCEPT
-A INPUT -p udp -m udp --dport 28960 -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -p icmp -j icmp_packets
-A INPUT -j LOG --log-prefix "IPTABLES-IN Default Drop: " --log-level 7


-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 23 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 43 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 783 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 2210 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT
#-A OUTPUT -p udp -m udp --dport 8443 -j ACCEPT
#-A OUTPUT -p tcp -m tcp --dport 8443 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 8767 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 12000 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 14534 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 15000 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 20700 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 20700 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 20710 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 20710 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 28960 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 28960 -j ACCEPT
-A OUTPUT -d 127.0.0.1 -j ACCEPT
-A OUTPUT -p icmp -j icmp_packets
-A OUTPUT -j LOG --log-prefix "IPTABLES-OUT Default Drop: " --log-level 7


-A icmp_packets -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A icmp_packets -s 127.0.0.1 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
COMMIT



Thanks for your time.
Alex
 
Old 04-30-2006, 02:00 PM   #4
Centinul
Member
 
Registered: Jun 2005
Distribution: Gentoo
Posts: 552

Rep: Reputation: 30
Something I just thought of. When you reimaged your machine and compiled the kernel, did you enable IPTables support in the kernel? Also, did you install IPTables? I would check those two things. I know they are something simple but you never know
 
Old 04-30-2006, 02:28 PM   #5
mohawx
LQ Newbie
 
Registered: Mar 2006
Posts: 5

Original Poster
Rep: Reputation: 0
When I type iptables -V it says :

iptables v1.3.0

so I think it is installed?

It is a remote server so the re-imaging was done by the provider.. how can I check if it has been installed and whether support is enabled? Sorry to be so lame!

Thanks again for your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Database Problem, File Structure Help Kazul Linux - Networking 1 03-08-2006 08:38 AM
Linux general structure woranl Linux - Newbie 4 05-26-2005 06:14 AM
Linux Directory Structure Boffy Linux - General 9 11-01-2004 02:50 PM
Directory structure in linux hero Linux - Newbie 1 09-04-2003 04:55 AM
File structure of Linux TDEE Linux - Software 6 02-27-2003 12:10 AM


All times are GMT -5. The time now is 10:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration