Kernel Iptables problem

duhasst0 · 01-18-2007, 09:28 PM

Well really I may just need some advice and I think its been posted before but as far as I can tell I did just about everything that was in those posts to fix the problem already but still no dice. Anyway here is my error message from iptabls -L

Code:

FATAL: Module ip_tables not found.
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

also here is uname -a

Code:

Linux prototypex 2.6.18-gentoo-r6 #5 SMP Thu Jan 18 17:27:08 EST 2007 i686 AMD Athlon(tm) XP 3000+ AuthenticAMD GNU/Linux

If you think you may need any other info to help you out with helping me out let me know I will be checking back periodically. Also I know kodon has helped me out in the past so if you know him and can get ahold of him or if you are reading this dude HELP!!!! lol

John

gilead · 01-19-2007, 02:12 PM

It looks like you have some of your netfilter stuff compiled as modules and need to do a modprobe modulename before it will work. Have a look in your kernel source's .config file to see which components you've compiled as modules. You should also be able to look in /lib/modules/`uname -r`/kernel/net/netfilter to the modules.

duhasst0 · 01-19-2007, 03:37 PM

Alright will try. I am also seeing if updating the kernel will help at all as well so I now have 3 different kernels on the computer compiled. Just gotta get all the stuff I need to compile to get everything to work. Thanks for the help I sure will keep posting here till we can get this all fingered out. I have been coming to this forum for a few years and have learned a great deal and I know that sometimes when it comes to Linux its best to have a group thought process for the most part. So I will let you know what the stats are.

John

duhasst0 · 01-19-2007, 03:52 PM

Well this is really weird I loaded up putty cause I don't sit next to this computer at all any more for the most part, but netfilter isn't in the /lib/modules/2.6/kernel/net at all. I know that when I did make menuconfig I added netfilter not as a module but built in. A friend of mine said that building it in instead of using as a module is better so I don't understand that at all. But I also check my 2.6.19 kernel directory and it was in there. I guess I am just gonna have to get that kernel working with my system bad thing is that when I did that the services I usually have running so that I can get in remotely like ssh weren't letting me in even when I flushed my iptables rules so. This is very confusing right now. But like I said I am grinding those gears trying what makes sense and falling back on what works if it doesn't work lol. Oh well back to the drawing board.

John

gilead · 01-19-2007, 03:54 PM

If you have problems, it might be helpful to see the networking and netfilter sections of your kernel's .config file...

BTW in response to your email, I'm very impressed with Slackware 11 - I have it on several boxes at work and 2 at home. They're all stable and reliable. Here's the output of uptime on the box at home I'm using at the moment:

Code:

steve@fender:~$ uptime
 07:52:37 up 103 days, 11:37,  7 users,  load average: 0.31, 0.28, 0.25

manwichmakesameal · 01-20-2007, 06:30 PM

When configuring your kernel, did you

Code:

Networking --> Networking Options --> Network Packet Filtering --> Core Netfilter Configuration --> [X] not[*] Netfilter Xtables support

There are some other options under those menus, but I'll let you pick those out.

duhasst0 · 01-24-2007, 09:31 PM

well here it is my netfilter part of the .config file

Code:

#
# Core Netfilter Configuration
#
# CONFIG_NETFILTER_NETLINK is not set
CONFIG_NETFILTER_XTABLES=y
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
# CONFIG_NETFILTER_XT_MATCH_CONNTRACK is not set
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set

#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=y
# CONFIG_IP_NF_IRC is not set
# CONFIG_IP_NF_NETBIOS_NS is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_SIP is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_IPRANGE is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_RECENT is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_DSCP is not set
# CONFIG_IP_NF_MATCH_AH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
# CONFIG_IP_NF_FILTER is not set
CONFIG_IP_NF_TARGET_LOG=y
# CONFIG_IP_NF_TARGET_ULOG is not set
# CONFIG_IP_NF_TARGET_TCPMSS is not set
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
# CONFIG_IP_NF_TARGET_REDIRECT is not set
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_FTP=y
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set

Also I am working on a different server and need some advice for it. It will need to be able to server webpages for a web store. I am pretty unsure of what kinda of services I need and what software packs I should download and install. Also your opinion on what distro and kernel would be greatly appreciated. Well I hope I get some results some time soon. lol

Thanks guys
John

gilead · 01-24-2007, 10:51 PM

I'd suggest setting CONFIG_IP_NF_FILTER and CONFIG_NETFILTER_NETLINK to 'y'. CONFIG_IP_NF_FILTER provides packet filtering and defines a table `filter', which your error message says you don't have. CONFIG_NETFILTER_NETLINK will include support for the new netfilter netlink interface which I think is necessary.

duhasst0 · 01-31-2007, 10:46 PM

had a friend go into the box and take a look at my kernel here is the .config netfilter part. the error changed abit just now fatal error just this.

Code:

iptables v1.3.5: can't initialize iptables table `filter': Table does not exist                                              (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

i dont know what the hell is going wrong some one just smack me in the face i am such a stupid newb.

Code:

#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=y
# CONFIG_NETFILTER_NETLINK_QUEUE is not set
# CONFIG_NETFILTER_NETLINK_LOG is not set
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
CONFIG_NETFILTER_XT_MATCH_DCCP=y
CONFIG_NETFILTER_XT_MATCH_DSCP=y
CONFIG_NETFILTER_XT_MATCH_ESP=y
CONFIG_NETFILTER_XT_MATCH_HELPER=y
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_POLICY=y
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
CONFIG_NETFILTER_XT_MATCH_QUOTA=y
CONFIG_NETFILTER_XT_MATCH_REALM=y
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
CONFIG_NETFILTER_XT_MATCH_STATE=y
CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
CONFIG_NETFILTER_XT_MATCH_STRING=y
CONFIG_NETFILTER_XT_MATCH_TCPMSS=y

#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_EVENTS=y
# CONFIG_IP_NF_CONNTRACK_NETLINK is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=y
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_SIP is not set
# CONFIG_IP_NF_QUEUE is not set
# CONFIG_IP_NF_IPTABLES is not set
# CONFIG_IP_NF_ARPTABLES is not set

gilead · 01-31-2007, 10:52 PM

It looks like you still don't have CONFIG_IP_NF_FILTER set - can you check that?

duhasst0 · 01-31-2007, 11:11 PM

That is interesting... i never saw an option like that in the make menuconfig at all... but that should get everything to work then?? well its worth a try

duhasst0 · 02-01-2007, 12:13 AM

alright well got it up iptables is working. now its time to get a script for it working right and i will be completely in business. any popular tutorial you use or can recommend me to?

gilead · 02-01-2007, 02:34 AM

I used the info at http://www.netfilter.org/documentation/index.html when I first set mine up. I've also seen people recommend http://freshmeat.net/projects/iptables-firewall/