LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-01-2010, 07:58 AM   #1
geovg
Member
 
Registered: Mar 2010
Posts: 40

Rep: Reputation: 1
Owner match support in kernel


Hi,

I have enabled owner match support in kernel version 2.6.35.5 through,

Networking -- Networking options -- Network packet filtering framework (Netfilter) -- Core netfilter configuration -- "owner" match support

I have compiled the kernel and rebooted, but csf is showing this error,

************
iptables: Unknown error 4294967295
Error: iptables command [/sbin/iptables -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 338
************

I have found out that the ipt_owner module is not enabled in the kernel. can you help me enabling this module in the kernel?
 
Old 10-28-2010, 12:47 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
Iptables should have its own "libipt_owner.so" and the kernel should have "/lib/modules/2.6.35.5*/kernel/net/ipv4/netfilter/ipt_owner.ko": please check. If the kernel was installed properly then running 'modprobe ipt_owner' should load the module and its dependencies (check by running 'lsmod') before applying your iptables rule set.

//NTLB
 
Old 12-07-2010, 01:07 AM   #3
geovg
Member
 
Registered: Mar 2010
Posts: 40

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by unSpawn View Post
Iptables should have its own "libipt_owner.so" and the kernel should have "/lib/modules/2.6.35.5*/kernel/net/ipv4/netfilter/ipt_owner.ko": please check. If the kernel was installed properly then running 'modprobe ipt_owner' should load the module and its dependencies (check by running 'lsmod') before applying your iptables rule set.

//NTLB
~]# find /lib/modules/2.6.35.7/kernel/ -name *owner* -type f
/lib/modules/2.6.35.7/kernel/net/netfilter/xt_owner.ko


# lsmod
Module Size Used by
iptable_nat 3107 0
iptable_filter 1038 1
iptable_mangle 1011 0
ip_tables 8849 3 iptable_nat,iptable_filter,iptable_mangle
xt_hl 869 0
xt_dscp 1121 0
xt_tcpmss 985 0
xt_length 820 0
tun 11005 0
xt_DSCP 1497 0
xt_TCPMSS 2335 0
xt_helper 923 0
ipt_MASQUERADE 1323 0
ipt_REDIRECT 929 0
nf_nat 13495 3 iptable_nat,ipt_MASQUERADE,ipt_REDIRECT
xt_recent 6320 0
xt_conntrack 1932 0
nf_conntrack_ftp 4650 0
ipt_REJECT 1561 0
ipt_LOG 4039 6
xt_multiport 1225 0
autofs4 17734 3
ipv6 217150 71
xt_owner 790 0
xt_limit 1170 10
nf_conntrack_ipv4 8885 63 iptable_nat,nf_nat
nf_defrag_ipv4 957 1 nf_conntrack_ipv4
xt_state 854 60
nf_conntrack 53715 8 iptable_nat,xt_helper,ipt_MASQUERADE,nf_nat,xt_conntrack,nf_conntrack_ftp,nf_conntrack_ipv4,xt_state
xt_tcpudp 1703 137
x_tables 13150 22 iptable_nat,iptable_filter,iptable_mangle,ip_tables,xt_hl,xt_dscp,xt_tcpmss,xt_length,xt_DSCP,xt_TCP MSS,xt_helper,ipt_MASQUERADE,ipt_REDIRECT,xt_recent,xt_conntrack,ipt_REJECT,ipt_LOG,xt_multiport,xt_ owner,xt_limit,xt_state,xt_tcpudp
loop 10126 0
dm_mirror 10142 0
dm_region_hash 8061 1 dm_mirror
dm_log 7335 2 dm_mirror,dm_region_hash
dm_multipath 12095 0
dm_mod 49321 3 dm_mirror,dm_log,dm_multipath
video 17790 0
output 1627 1 video
sbs 9046 0
sbshc 3423 1 sbs
battery 8366 0
ac 2586 0
lp 6925 0
option 12685 0
sg 21619 0
usb_wwan 8366 1 option
usbserial 27325 2 option,usb_wwan
button 4534 0
parport_pc 18063 1
parport 27574 2 lp,parport_pc
serio_raw 3288 0
i6300esb 4146 0
rtc_cmos 7127 0
e1000 82809 0
i2c_i801 6659 0
pcspkr 1338 0
floppy 44470 0
i2c_core 17551 1 i2c_i801
rtc_core 11376 1 rtc_cmos
rtc_lib 2005 1 rtc_core
e752x_edac 9134 0
edac_core 32185 1 e752x_edac
ata_piix 18671 4
ata_generic 2467 0
libata 144217 2 ata_piix,ata_generic
sd_mod 24950 6
scsi_mod 154344 3 sg,libata,sd_mod
ext3 98093 4
jbd 37553 1 ext3
uhci_hcd 15885 0
ohci_hcd 17095 0
ehci_hcd 28940 0

This is my lsmod output and that of find command, can you please advice.
 
Old 12-07-2010, 02:00 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
ipt_owner is xt_owner in newer kernels so that's OK. Searching for "iptables: Unknown error 4294967295" yields a lot of information but I can't anything that relates to your posted rule (if that actually is line number 338), sorry.
 
Old 12-07-2010, 02:05 PM   #5
geovg
Member
 
Registered: Mar 2010
Posts: 40

Original Poster
Rep: Reputation: 1
am guessing that ipt_owner is xt_owner in new kernel versions and xt_ replaces ipt_.....
is that rite? please help!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] my version of ssh doesn't support 'Match' and 'ForceCommand'? c0pe Red Hat 6 12-20-2012 05:36 AM
openssh Match block support for Ldap? Centos 5.3 whit_wolf1 Linux - Server 2 10-14-2010 09:23 AM
I need Policy Match Support for iptables cccc Debian 2 03-18-2006 03:19 PM
kernel includes at /usr/src/linux/include do not match current kernel. blanny Red Hat 1 03-09-2006 08:53 AM


All times are GMT -5. The time now is 08:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration