LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   iptables 1.3.7 tgz package (http://www.linuxquestions.org/questions/slackware-14/iptables-1-3-7-tgz-package-529129/)

linuxhippy 02-14-2007 06:55 PM

iptables 1.3.7 tgz package
 
I've been compiling the iptables 1.3.7 bz2 package that came out in December since I cannot find a tgz package for Slackware 11. Kernel 2.6.20 is giving me trouble with iptables (I've compiled the kernel several times with a new .config setup and it flops on the iptables build). Is there a tgz file somewhere for iptables-1.3.7?

simcox1 02-16-2007 01:10 PM

You could have a look at the source directory on a slackware mirror, to see how the slackware iptables package was built. ie with which options etc. It'll be in the SlackBuild script. You might even be able to build a new slackware package from it.

jeenam 02-16-2007 01:49 PM

iptables 1.3.7 for kernel 2.6.20
 
If you need an iptables 1.3.7 tgz you can download the version I compiled for kernel 2.6.20.

http://www.prosoundsystem.com/slackw...3.7-i686-1.tgz

linuxhippy 02-16-2007 01:54 PM

Quote:

Originally Posted by jeenam
If you need an iptables 1.3.7 tgz you can download the version I compiled for kernel 2.6.20.

http://www.prosoundsystem.com/slackw...3.7-i686-1.tgz

Thanks for the package (I just downloaded it)...how did you get it to work with kernel 2.6.20?

jeenam 02-16-2007 11:10 PM

...
 
I didn't =). The package was compiled against a 2.6.19.x kernel after realizing 1.3.5 didn't work with the new kernels. There shouldn't be any problems with running it with 2.6.20. Perhaps someone else can comment on this.

gilead 02-17-2007 12:33 PM

I'm using the iptables-1.3.5-i486-2 package on my Slackware 11 boxes - the kernels are all either 2.6.19.2 or 2.6.20. It sounds more like the .config options for OPs kernel are the problem.
Quote:

Originally Posted by linuxhippy
I've compiled the kernel several times with a new .config setup and it flops on the iptables build

Could you post the error/s that you get during compilation please?

linuxhippy 02-17-2007 12:37 PM

Well, when I try to compile the iptables package from source I get building dependencies then nothing to do. When my pc reboots and loads up my iptables rules I get an error in line 11 of the rules file that worked fine in kernel 2.6.19.2

Oh, and when I try to list the iptables rules I find out that no rules were read.

gilead 02-17-2007 12:59 PM

What I did was to keep iptables 1.3.5 and when upgrading the kernel I ran make mrproper, copied over my old .config file, ran make oldconfig, make, make modules_install.

I take it that you're still running 1.3.5 because the new one didn't compile. Can you post your iptables rules? It should be possible to identify what it's trying to load and determine what's missing in your new kernel. Alternatively, what are the dependency errors you get with iptables 1.3.7?

jeenam 02-18-2007 12:12 AM

iptables 1.3.5 errors
 
Attempting to load iptables rulesets w/ kernel 2.6.19+ results in errors such as "Unknown error 4294967295" in stdout. After trying to load a rule and receiving one of these errors, filtering no longer works and networking is effectively shut down.

This bug was fixed in 1.3.6. The changelog can be viewed here.

It's not a case of improper kernel config, 1.3.5 just flat out doesn't work with 2.6.19+.

gilead 02-18-2007 12:18 AM

Quote:

Originally Posted by jeenam
It's not a case of improper kernel config, 1.3.5 just flat out doesn't work with 2.6.19+.

There's more to it than that - I don't like saying "it works on my setup", but it does - and on multiple boxes.

At this point I'd like to know what errors linuxhippy is getting and what are the missing dependencies. If there are particular targets that cause the errors, do they need to be used?

linuxhippy 02-25-2007 07:14 PM

Quote:

Originally Posted by gilead
There's more to it than that - I don't like saying "it works on my setup", but it does - and on multiple boxes.

At this point I'd like to know what errors linuxhippy is getting and what are the missing dependencies. If there are particular targets that cause the errors, do they need to be used?

Here's the exact error I get when I try to build iptables-1.3.7 now with kernel 2.6.20.1. I type this:

make /usr/src/linux-2.6.20.1

It says building dependencies and then after a couple minutes:

nothing to be done

Then I type:

make install /usr/src/linux-2.6.20.1

I see the screen fill up while it does compiling and then I get this:

make: Nothing to be done for `/usr/src/linux-2.6.20.1'

On reboot into the new kernel, all looks ok except that I get this statement:

iptables-restore: line 11 failed

When I do iptables --list my rules are not there. What do I need to do?

gnashley 02-26-2007 08:24 AM

You need to to just type 'make' without the kernel directory. If that needs to be specified then just create the link /usr/src/linux to whichever kernel source tree you want. It also helps make things easier and more accurate sometimes if you are also running the kernel version you want to build for. I had no trouble compiling iptables-1.3.7-20070225 with kernel 2.6.20.1.

jeenam 02-26-2007 06:42 PM

Quote:

Originally Posted by linuxhippy
Here's the exact error I get when I try to build iptables-1.3.7 now with kernel 2.6.20.1. I type this:

make /usr/src/linux-2.6.20.1

It says building dependencies and then after a couple minutes:

nothing to be done

Then I type:

make install /usr/src/linux-2.6.20.1

I see the screen fill up while it does compiling and then I get this:

make: Nothing to be done for `/usr/src/linux-2.6.20.1'

On reboot into the new kernel, all looks ok except that I get this statement:

iptables-restore: line 11 failed

When I do iptables --list my rules are not there. What do I need to do?

How are you loading your ruleset? Do you load via an rc.firewall script in /etc/rc.d? If you have a script that runs each time the system boots try adding each rule line by line until the system returns an error for the invalid rule, then post here.

linuxhippy 02-27-2007 05:41 PM

Quote:

Originally Posted by gnashley
You need to to just type 'make' without the kernel directory. If that needs to be specified then just create the link /usr/src/linux to whichever kernel source tree you want. It also helps make things easier and more accurate sometimes if you are also running the kernel version you want to build for. I had no trouble compiling iptables-1.3.7-20070225 with kernel 2.6.20.1.

Didn't work. I didn't get the message that nothing was done when it built dependencies, though. When I rebooted I still got the message about iptables-restore not being loaded.

Should I first uninstall iptables 1.3.7 from my old kernel?

rworkman 02-28-2007 10:41 AM

Quote:

Originally Posted by linuxhippy
Didn't work. I didn't get the message that nothing was done when it built dependencies, though. When I rebooted I still got the message about iptables-restore not being loaded.

Should I first uninstall iptables 1.3.7 from my old kernel?

It's clear from your previous posts that you should use the iptables package that's included with Slackware. The kernel support for packet filtering is netfilter, and it's part of the actual kernel. The iptables package is only the userspace portions, and it's built separately from the kernel. Until/unless you understand this distinction and how it affects what you're trying to do, you should stick to the distribution-provided packages.


All times are GMT -5. The time now is 02:02 AM.