enabling iptables support
what options to i need to compile into the kernel to get iptables to work with guarddog on slackware 11?, the kernel im trying to compile is 2.6.20.6 ive tried a couple of times now to get it working but ive had no luck. i have netfilter compiled in with it, am i missing something else?
|
Maybe your problem isn't the kernel itself? Iptables itself is supposed to compile against the kernel you are using. Are you getting error messages, or what?
|
The iptables command is a userland command that configures the rules for the netfilter module in the kernel. There are several netfilter related modules.
Here are some Netfilter related settings in my running kernel: Code:
zcat /proc/config.gz | grep -in netfilter |
yes i do get an error when i try to apply settings in guarddog:
Quote:
|
See if the ip_tables module is actually loaded with
lsmod | grep ip_tables If not, try to load it manually with (running as root) modprobe ip_tables If you can't load it, then you didn't compile it into your kernel. (See jschiwal's post). If it is loaded and you still get the error, then you probably need to recompile iptables: http://www.cae.wisc.edu/site/public/?title=lincompile I think the info linked above will work, but you might want to do some more checking on your own. (I have compiled iptables but I no longer remember the details.) In particular, make sure you are happy with where the binary will be installed. And realize this must be compiled referencing the kernel it is to be used with. Again, I have forgotten the details. |
ok im stiil getting the same error even after compiling iptables 1.3.7, iptables is compiled into my kernel as well, lsmod | grep ip_tables ouputs:
Code:
ip_tables 9688 0 |
I dunno. It sounds to me like it should work. There's one more thing I can think of before I am out of ideas:
When you compiled iptables, did the resulting binary replace the original binary, or was it put someplace else? (When I compiled iptables, the resulting binary ended up in /usr/local/sbin. The original binary remained in /sbin.) If you now have two copies of iptables, make sure guarddog is using the one you just compiled. Beyond that, all I can do is wish you good luck. EDIT: If you have two copies, you can see which once guaarddog is using by checking the access times on the two binaries. |
Yes, I've seen this before.
Quote:
A few things to consider:
2.6.20.7 was out last I checked. I used these sources off ftp.kernel.org and ftp.netfilter.org. Note that the iptables I'm using with kernels new like ours is much more recent than 1.3.5, which was probably a production version anyway. Code:
ipset-20070414.tar.bz2 linux-2.6.20.7.tar.bz2 Becareful of some of the recent snapshots files on ftp.netfilter.org. There auto-tarballer seems to be spitting out broken tarballs that are only 40-something bytes in length. Code:
egrep -n 'PTABLE|NETFILT' /boot/config Code:
Code:
Code:
Code:
--- net/ipv4/ip_output.c.orig 2007-02-09 23:24:57.000000000 -0500 |
thanks for the help guys i now have it working, jayjwa you were right about some things have to be compiled in while others are made as modules, i also left a couple of things out of the compile the first few times, and im also using iptables 1.3.7 from packages.slackware.it.
|
All times are GMT -5. The time now is 03:06 PM. |