Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am having trouble setting up a gateway machine. I am using redhat 7.1, my kernal is 2.4, and I have checked it for iptable and ip masquerading support. The following is my rc.firewall file and the errors it creates when run. I have been working on this for weeks and any help would be a great help. I realize that the problem is probably something small but I just cant find it.
My rc.firewall file:
(I have just pasted it in so it may loose its format. It is all lined up properly on my machine.)
#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.4.x kernels
# using IPTABLES
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ
#modules
# are shown below but are commented out from loading.
# Need to verify that all modules have all required dependencies
#
/sbin/depmod -a
# With the new IPTABLES code, the core MASQ functionality is now either
# modular or compiled into the kernel. This HOWTO compiles ALL IPTABLES
# options as modules.
#
# NOTE: many modules are interdependant on eachother so the order
# in which modules are loaded MATTERS
#
#Load the main body of the IPTABLES code /sbin/insmod ip_tables
#Load the packet blocking for for the IPTABLES core /sbin/insmod
ipt_REJECT
#Load the main stateful connection tracking framework. This module
#in itself does nothing without specific conntrack modules
/sbin/insmod ip_conntrack
#Loads the core NAT code which will also enable IPMASQ functionality
/sbin/insmod iptable_nat
#Loads the OUTGOING FTP NAT functionality into the core IPTABLES code
/sbin/insmod ip_nat_ftp
#Load the INCOMING FTP tracking mechanism for the connection tracking
#code
/sbin/insmod ip_conntrack_ftp
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
#
# Redhat Users: you may try changing the options in
# /etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable
#this # following option. This enables dynamic-ip address hacking in IP
#MASQ,
# making the life with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# Enable simple IP forwarding and Masquerading
#
#
# NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or
#SNAT.
#
# NOTE #2: The following is an example for an internal LAN address in
#the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet
#mask
# connecting to the Internet on external interface "eth0".
#This
# example will MASQ internal traffic out to the internet not
# example will MASQ internal traffic out to the internet not
#not
# allow non-initiated traffic into your internal network.
#
# NOTE #3: You must change "eth0" to say "ppp0" if you are a modem user.
#
# ** Please change the above network numbers, subnet mask, and
#, # *** Internet connection interface name to match your setup
#
iptables -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
The errors it creates:
[root@gw /root]# /etc/rc.d/rc.firewall
/etc/rc.d/rc.firewall: ipt_REJECT: command not found
Using /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_conntrack.o
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_conntrack.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
Using /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_get_R03645ad9
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_alter_reply_Rb6b5f29a
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ipt_unregister_table_R0e64bb82
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ipt_unregister_target_R6fc028af
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ipt_do_table_R29da7604
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_destroyed_Rdbba698e
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol invert_tuplepr_R5e68d8a9
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ipt_register_table_R396c807c
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_module_Rb0361033
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_ct_gather_frags_R1c3044ff
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_ct_selective_cleanup_R958ce709
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ipt_register_target_R2d01ae3d
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_tuple_taken_R5429e2e1
Using /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_nat_ftp.o
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_conntrack_expect_related_Ree85aab5
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_nat_expect_register_R22ca4f64
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_nat_helper_register_Rd999d6f2
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_nat_expect_unregister_R5ca5c902
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_nat_cheat_check_R1e4e73a8
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_nat_setup_info_Rd1af8d2b
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_nat_ftp.o: unresolved symbol ip_nat_helper_unregister_Rdadfe31d
Using /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o: unresolved symbol ip_conntrack_expect_related_Ree85aab5
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o: unresolved symbol ip_conntrack_helper_unregister_R6915dfa8
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o: unresolved symbol ip_conntrack_helper_register_Rb99a89c0
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.4: can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Are you trying to use ipchains and iptables. Looks like you are having conflicts between the two. You should only be using one of them.
Anyways this document describes the whole process step by step in very simple terms. It's very easy to follow and also explains things which could go wrong.
yeah thats what is happening ipchains is the standard firewalling method for Linux kernel 2.2 based system. Iptables is the standard for kernels 2.4 and up
Thanks for that how to. All I needed to do was disable ipchains. It now excepts my iptables. But I still have a problem. My iptables must not be set right because the client machine can ping outside ip addresses but it cannot connet to them with thier dns name or url. I can type http://203.44.107.70 and get a webpage but I cannot type http://www.msn.com and get a web page only ip addresss work. My rc.firewall script is above in my first message wich contains my iptable settings. If some one could have a look at it and tell me if they see an error that may be causeing this error that would be great.
DNS is the name server....the easiest way to do it is go to linuxconf if using (mandrake) or where u can configure ur ip addy. can just enable DNS. If ur on a cable connection usually it will automatically have the ip address of the cable service servers
Thanks for that. I plugged in the dns servers from my resolv.conf file on my gateway into the clients prim and sec dns settings and off she went. So it was the cables name servers thanks.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.