Owner match support in kernel

geovg · 10-01-2010, 06:58 AM

Hi,

I have enabled owner match support in kernel version 2.6.35.5 through,

Networking -- Networking options -- Network packet filtering framework (Netfilter) -- Core netfilter configuration -- "owner" match support

I have compiled the kernel and rebooted, but csf is showing this error,

************
iptables: Unknown error 4294967295
Error: iptables command [/sbin/iptables -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 338
************

I have found out that the ipt_owner module is not enabled in the kernel. can you help me enabling this module in the kernel?

unSpawn · 10-28-2010, 11:47 AM

Iptables should have its own "libipt_owner.so" and the kernel should have "/lib/modules/2.6.35.5*/kernel/net/ipv4/netfilter/ipt_owner.ko": please check. If the kernel was installed properly then running 'modprobe ipt_owner' should load the module and its dependencies (check by running 'lsmod') before applying your iptables rule set.

//NTLB

geovg · 12-07-2010, 12:07 AM

Quote:

Originally Posted by unSpawn

Iptables should have its own "libipt_owner.so" and the kernel should have "/lib/modules/2.6.35.5*/kernel/net/ipv4/netfilter/ipt_owner.ko": please check. If the kernel was installed properly then running 'modprobe ipt_owner' should load the module and its dependencies (check by running 'lsmod') before applying your iptables rule set.

//NTLB

~]# find /lib/modules/2.6.35.7/kernel/ -name *owner* -type f
/lib/modules/2.6.35.7/kernel/net/netfilter/xt_owner.ko

# lsmod
Module Size Used by
iptable_nat 3107 0
iptable_filter 1038 1
iptable_mangle 1011 0
ip_tables 8849 3 iptable_nat,iptable_filter,iptable_mangle
xt_hl 869 0
xt_dscp 1121 0
xt_tcpmss 985 0
xt_length 820 0
tun 11005 0
xt_DSCP 1497 0
xt_TCPMSS 2335 0
xt_helper 923 0
ipt_MASQUERADE 1323 0
ipt_REDIRECT 929 0
nf_nat 13495 3 iptable_nat,ipt_MASQUERADE,ipt_REDIRECT
xt_recent 6320 0
xt_conntrack 1932 0
nf_conntrack_ftp 4650 0
ipt_REJECT 1561 0
ipt_LOG 4039 6
xt_multiport 1225 0
autofs4 17734 3
ipv6 217150 71
xt_owner 790 0
xt_limit 1170 10
nf_conntrack_ipv4 8885 63 iptable_nat,nf_nat
nf_defrag_ipv4 957 1 nf_conntrack_ipv4
xt_state 854 60
nf_conntrack 53715 8 iptable_nat,xt_helper,ipt_MASQUERADE,nf_nat,xt_conntrack,nf_conntrack_ftp,nf_conntrack_ipv4,xt_state
xt_tcpudp 1703 137
x_tables 13150 22 iptable_nat,iptable_filter,iptable_mangle,ip_tables,xt_hl,xt_dscp,xt_tcpmss,xt_length,xt_DSCP,xt_TCP MSS,xt_helper,ipt_MASQUERADE,ipt_REDIRECT,xt_recent,xt_conntrack,ipt_REJECT,ipt_LOG,xt_multiport,xt_ owner,xt_limit,xt_state,xt_tcpudp
loop 10126 0
dm_mirror 10142 0
dm_region_hash 8061 1 dm_mirror
dm_log 7335 2 dm_mirror,dm_region_hash
dm_multipath 12095 0
dm_mod 49321 3 dm_mirror,dm_log,dm_multipath
video 17790 0
output 1627 1 video
sbs 9046 0
sbshc 3423 1 sbs
battery 8366 0
ac 2586 0
lp 6925 0
option 12685 0
sg 21619 0
usb_wwan 8366 1 option
usbserial 27325 2 option,usb_wwan
button 4534 0
parport_pc 18063 1
parport 27574 2 lp,parport_pc
serio_raw 3288 0
i6300esb 4146 0
rtc_cmos 7127 0
e1000 82809 0
i2c_i801 6659 0
pcspkr 1338 0
floppy 44470 0
i2c_core 17551 1 i2c_i801
rtc_core 11376 1 rtc_cmos
rtc_lib 2005 1 rtc_core
e752x_edac 9134 0
edac_core 32185 1 e752x_edac
ata_piix 18671 4
ata_generic 2467 0
libata 144217 2 ata_piix,ata_generic
sd_mod 24950 6
scsi_mod 154344 3 sg,libata,sd_mod
ext3 98093 4
jbd 37553 1 ext3
uhci_hcd 15885 0
ohci_hcd 17095 0
ehci_hcd 28940 0

This is my lsmod output and that of find command, can you please advice.

unSpawn · 12-07-2010, 01:00 PM

ipt_owner is xt_owner in newer kernels so that's OK. Searching for "iptables: Unknown error 4294967295" yields a lot of information but I can't anything that relates to your posted rule (if that actually is line number 338), sorry.

geovg · 12-07-2010, 01:05 PM

am guessing that ipt_owner is xt_owner in new kernel versions and xt_ replaces ipt_.....
is that rite? please help!