LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   iptables failing (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-failing-859530/)

Pratap Ramachandra 01-30-2011 04:18 AM
iptables failing
 
Hi,
I am unable to get iptables to run on my linux box(running 2.6.16)
I get the following error :

#iptables -t nat -L

iptables v1.2.9: can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_BRIDGE_NETFILTER=y

#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_DCCP=y
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
CONFIG_NETFILTER_XT_MATCH_REALM=y
CONFIG_NETFILTER_XT_MATCH_SCTP=y
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STRING=y
CONFIG_NETFILTER_XT_MATCH_TCPMSS=y

#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_FILTER=m
...
....

Please let me know how can I overcome this issue

Thanks
Pratap

trist007 01-30-2011 07:30 AM
Here's a list of the modules that iptables needs.
Code:
# Module to track the state of connections
modprobe ip_conntrack

# Load the iptables active FTP module, requires ip_conntrack
modprobe ip_conntrack_ftp
 
# Load iptables NAT module when required
modprobe iptable_nat
 
# Module required for active an FTP server using NAT
modprobe ip_nat_ftp
You can check and see if you have those modules loaded by running lsmod. If not run, like above, modprobe iptable_nat (which is probably the only one you need). If it says it can't find the module, then you need to recompile your kernel to include either the iptables_nat module or have it built in.

Pratap Ramachandra 01-30-2011 08:05 AM
Hi,
Thanks for the information. Recompile means I have to set the
CONFIG_IP_NF_FILTER=y instead of CONFIG_IP_NF_FILTER=m is it ?

After I do this I need to rebuild my kernel .Should i also to make some re-build the iptables utility ?

Thanks
Pratap

trist007 01-30-2011 03:14 PM
First try loading up the module. If your current config has
Code:
CONFIG_IP_NF_FILTER=m
then it was compiled as a module.

Just run
Code:
modprobe iptable_nat

Pratap Ramachandra 02-10-2011 05:21 AM
Hi ,
Thanks for the help.
I have another query.
Is it necessary to build netfilter as a module always ? If we build it into the kernel , still iptables should work right ?
Please let me know

Thanks
Pratap


All times are GMT -5. The time now is 10:57 PM.