LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-01-2006, 09:30 AM   #1
linuxhippy
Senior Member
 
Registered: Sep 2004
Location: Philadelphia, PA
Distribution: Xubuntu, Mythbuntu, Lubuntu, Picuntu
Posts: 1,187

Rep: Reputation: 47
kernel upgrade and no iptables module found on 2.6.17.3


I upgraded my kernel to 2.6.17.3 from 2.6.13 and get a couple boot errors. The first is for my wireless card which needs linuxant's driverloader to work...I have to first uninstall the 2.6.13 driver and then recompile a new wireless driver for my new kernel. I can do this, but don't want to uninstall my NIC driver untill I'm certain that my new kernel works. The second error I don't understand:

FATAL: Module ip_tables not found.
iptables-restore v1.3.5: iptables-restore: unable to initializetable 'filter'

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

I don't see an option for iptables in the .config file for 2.6.17.3-does 2.6.17.3 still use a firewall?
 
Old 07-01-2006, 03:17 PM   #2
Lenard
Senior Member
 
Registered: Dec 2005
Location: Indiana
Distribution: RHEL/CentOS/SL 5 i386 and x86_64 pata for IDE in use
Posts: 4,790

Rep: Reputation: 56
The layout of the kernel changed a bit ago (when 2.6.15 came out if I remember correctly), this mean you need to manually add your netfilters back.

Some other layout changes were made when the 2.6.17 kernel was released also, I would suggest that you take the time and configure the new kernel again making sure you do not miss anything as far as as your hardware is concerned.
 
Old 07-01-2006, 08:55 PM   #3
linuxhippy
Senior Member
 
Registered: Sep 2004
Location: Philadelphia, PA
Distribution: Xubuntu, Mythbuntu, Lubuntu, Picuntu
Posts: 1,187

Original Poster
Rep: Reputation: 47
so are ip-tables deprecated (love that word) since kernel 2.6.15? It sounds like all the filtering is done with the kernel itself now-what's that called and where could I read about that?
 
Old 07-01-2006, 09:17 PM   #4
katayamma
Member
 
Registered: Jan 2006
Posts: 37

Rep: Reputation: 15
After you built & installed the kernel, did you do a 'make modules_install' to actually put the modules in /lib/modules/?
 
Old 07-02-2006, 07:45 AM   #5
linuxhippy
Senior Member
 
Registered: Sep 2004
Location: Philadelphia, PA
Distribution: Xubuntu, Mythbuntu, Lubuntu, Picuntu
Posts: 1,187

Original Poster
Rep: Reputation: 47
yes I did overnight (it took no more than 10 hours on a 200 MHz box). Here's what I did with the 2.6.17.3 kernel after untarring and moving to /usr/src and making a symlink to /usr/src/linux:

make mrproper
copy old .config from 2.6.13 kernel directory to 2.6.17.3 directory
make menuconfig
make clean
make bzImage modules && make modules_install
go to bed

a /lib/modules/2.6.17.3 directory was built. I also had to use initrd to get it to boot and added needed entry to /etc/lilo and then did lilo.
 
Old 07-02-2006, 07:20 PM   #6
Lenard
Senior Member
 
Registered: Dec 2005
Location: Indiana
Distribution: RHEL/CentOS/SL 5 i386 and x86_64 pata for IDE in use
Posts: 4,790

Rep: Reputation: 56
No ip-tables are not deprecated, the kernel layout has changed. The .config file from 2.6.13 does not configure the netfilter and other parts of 2.6.17.X. when using make menuconfig you must set these by hand yourself.

Let's make it simple no netfilters means ip-tables does not work, here check you current .config file for 2.6.17.X with is;

Code:
#
# Core Netfilter Configuration
#
# CONFIG_NETFILTER_NETLINK is not set
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m

#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_CT_ACCT=y
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
CONFIG_IP_NF_CT_PROTO_SCTP=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_H323 is not set
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
# CONFIG_IP_NF_MATCH_DSCP is not set
# CONFIG_IP_NF_MATCH_AH is not set
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
# CONFIG_IP_NF_TARGET_TCPMSS is not set
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
Should get you started in the right direction.
 
Old 07-02-2006, 07:33 PM   #7
linuxhippy
Senior Member
 
Registered: Sep 2004
Location: Philadelphia, PA
Distribution: Xubuntu, Mythbuntu, Lubuntu, Picuntu
Posts: 1,187

Original Poster
Rep: Reputation: 47
This is confusing. I run a server 24/7 and want a good firewall with kernel 2.6.17.3. I was using iptables with some simple rules I found here and understood that a bit. Now the firewall is in the kernel? I need 2 ports to be open for my network to work and I like having ssh and ftp capability. How do I specify that I need certain ports open?

I need to read-what's this new filtering scheme called or do you have a good link?
 
Old 07-02-2006, 08:59 PM   #8
Lenard
Senior Member
 
Registered: Dec 2005
Location: Indiana
Distribution: RHEL/CentOS/SL 5 i386 and x86_64 pata for IDE in use
Posts: 4,790

Rep: Reputation: 56
Your reading much more into this then what is needed............

The layout has changed nothing else, this means netfilters are in your older 2.6.13 kernel .config file and are still in the newer then 2.6.15 kernels.

Please see; http://www.linuxquestions.org/questi...d.php?t=428770
 
Old 07-03-2006, 12:20 AM   #9
zetabill
Member
 
Registered: Oct 2005
Location: Rhode Island, USA
Distribution: Slackware, Xubuntu
Posts: 348

Rep: Reputation: 30
Lightbulb

I just compiled a 2.6.17.3 kernel last night and am happy to report that it was a flawless compile. I can attest that the layout has changed, but I was able to compile the iptables modules just fine. Everything works just the way it used to. From what I understand, iptables has been "in" the kernel for quite some time, they're just usually modules. I successfully compiled these last night, I'll let you know how I did it.

I don't edit the config file manually anymore, but I use menuconfig exclusively. I would suggest running menuconfig before editing the .config file. For the sake of being thorough, I briefly went over Lenard's post and found it to be what you're looking for.
Quote:
Originally Posted by Lenard
The .config file from 2.6.13 does not configure the netfilter and other parts of 2.6.17.X. when using make menuconfig you must set these by hand yourself.
He doesn't mean that the firewall settings are configured in the kernel, he means that the old kernel config files are not backward compatible, and will not enable iptables unless you know what the config is supposed to look like. Use make oldconfig and then make menuconfig to make sure the old settings actually moved over. (which is why I don't even bother anymore... make menuconfig exclusively for me...) Then check the .config file as Lenard posted.

When you use {menu,g,x}config for the 2.6.17.3 kernel, the options for iptables from the main menu are:
Code:
Networking-->
Networking Options-->
Enable: Network packet filtering (replaces ip_chains)-->
IP: Netfilter Configuration-->
Enable: IP Tables support... and enable whatever you want
I usually enable everything with M because I'm not a network security guru... and I just don't want to take the chance in not compiling something and have the firewall need it later.

Once the kernel modules are up and running you use iptables just like you always used to... nothing new.

Good luck... I hope I was able to help.
 
Old 07-03-2006, 02:12 PM   #10
linuxhippy
Senior Member
 
Registered: Sep 2004
Location: Philadelphia, PA
Distribution: Xubuntu, Mythbuntu, Lubuntu, Picuntu
Posts: 1,187

Original Poster
Rep: Reputation: 47
I see...my iptables configuration is still good, I just need to enable all the filtering capabilities in the kernel. That's also an informative post.

Thanks for all the help!
 
Old 07-19-2006, 03:23 AM   #11
Yalla-One
Member
 
Registered: Oct 2004
Location: Norway
Distribution: Slackware, CentOS
Posts: 635

Rep: Reputation: 35
What's the best way to tell which MATCH rules/modules should be included and which to be left out ?

Or can I just compile all of them as modules, as the kernel will only load those it needs anyway, and thus I have absolutely no performance penalty? Is this a correct assumption?

Any guides available outlining this to give a better understanding?

-Y1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Message with kernel No module aic7xxx found for kernel 2.4.28 abefroman Red Hat 1 01-31-2005 06:41 AM
No module for mptbase found for kernel 2.6.0 Steve1445 Red Hat 1 11-02-2004 11:17 AM
No module mptbase found for kernel abefroman Mandriva 1 11-02-2004 11:12 AM
No module raid1 found for kernel 2.6.4? retep Linux - Software 1 03-27-2004 04:13 PM
No module aic7xxx found for kernel 2.4.22? mudbone357 Red Hat 2 10-07-2003 12:50 PM


All times are GMT -5. The time now is 04:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration