LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Problems building iptables (https://www.linuxquestions.org/questions/linux-networking-3/problems-building-iptables-482437/)

mjones490 09-11-2006 10:28 AM
Problems building iptables
 
I have a Slackware 10.2 install, and my kernel is version 2.6.17, built from source.

I've been playing around some with iptables, but I'm missing some extensions. So I loaded in the Slackware source for iptables and attempted to build it, telling it where my kernel source is as per INSTALL instructions.

The compile breaks when it encounters ipt_string.c. Seems there it's trying to use struct ipt_string_info, but that's nowhere to be found. I've monkeyed around with it a little bit by trying to write my own header file to define that struct going by how the .c file is using it, but I've not had much luck with that.

IMHO, I should not have to write this header myself (not that I could get that to work anyway. . . :)). Has anyone else run across this? And if so, how did you get around it?

Thanks,
Mark

mjones490 09-11-2006 01:40 PM
I think my problem is that I have to install and run Patch-O-Mattic and re-compile my kernel.

I will try that tonight.

Thanks,
Mark

mjones490 09-13-2006 09:42 AM
Alright, I've download the latest iptables (3.3.5) and patch-o-mattic, applied the patch, re-compiled the kernel, compiled and installed iptables.

Now I'm having a problem that started out similar to this thread, where htb was having a problem with string matching and specifying the --algo parameter. So I handled that by specifying --algo bm. Now it gives me this error:

Code:
iptables: Unknown error 4294967295
I know this is not a whole lot of information to go by, but does anyone have any ideas as to what to do next?

Thanks,
Mark

ITintuition 09-13-2006 12:37 PM
No Clue, what else have you tried?

mjones490 09-14-2006 10:44 AM
Just an update IF anybody's following:

Did a little research and there saw some suggestions about using the raw table for string matching. Tried that, and got an error about the raw table not existing and to try insmoding the module.

So I looked at the kernel configuration, and decided to check ALL the iptables options to build into the kernel (not as modules. (I know, probably not a great idea. I'll go back and check just what I need later on). This old machine does not have a lot of processor power or memory, so it took several hours to compile the new kernel. I had to go to bed while it was still working.

Tonight, I'll install the new kernel and try again.

Thanks,
Mark

mjones490 09-15-2006 09:09 AM
FYI, I installed my new kernel and retried the string match. Still got an error about the raw table not existing. So I tried putting it on the standard filter, specified --algo bm, gave it a nice hot cup of tea, and it worked!! I was able to stop a web page on my local server from coming up when the words "go away" were anywhere on the page, while other pages showed up fine. When I removed the filter, the "go away" page worked again!

W00t!!1!

My next personal task is to fix ipt_string.c to default to the bm algorithm, so that it does not have to be specified, as apparently was the case in earlier versions of iptables.

Thanks,
Mark


All times are GMT -5. The time now is 04:19 PM.