iptables, ipp2p, debian, kernel 2.6.12/15 : issues

Nathanael · 03-07-2006, 05:41 AM

Hello there,

I am experiencing issues ussing ipp2p, even the simplest usage of this feature results in an errer:

Code:

(root@joshua ~)
# iptables -A FORWARD -m ipp2p --ipp2p -j DROP
iptables: No chain/target/match by that name

this also happens when using -j LOG ...

i was trying to get ipp2p to work on kernel 2.6.12 (kernel-image-2.6.12-1-686) and just apt-get'ed linux-image-2.6.15-1-686
still no luck.

/lib/iptables/libipt_ipp2p.so is present

loaded modules (relevant ones only):

Code:

Module                  Size  Used by
ipv6                  221664  14 
ipt_state               1728  2 
iptable_mangle          2560  0 
iptable_nat             7012  1 
ip_nat                 17292  1 iptable_nat
ip_conntrack           49420  3 ipt_state,iptable_nat,ip_nat
nfnetlink               5976  2 ip_nat,ip_conntrack
iptable_filter          2720  1 
ip_tables              17280  4 ipt_state,iptable_mangle,iptable_nat,iptable_filter

Available Kernel Modules in 2.6.15

Code:

/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_conntrack_amanda.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_conntrack_ftp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_conntrack_irc.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_conntrack.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_conntrack_netbios_ns.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_conntrack_netlink.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_conntrack_pptp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_conntrack_proto_sctp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_conntrack_tftp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_nat_amanda.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_nat_ftp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_nat_irc.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_nat.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_nat_pptp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_nat_snmp_basic.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_nat_tftp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_queue.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/iptable_filter.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/iptable_mangle.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/iptable_nat.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/iptable_raw.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ip_tables.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_addrtype.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_ah.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_CLASSIFY.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_CLUSTERIP.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_comment.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_connbytes.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_connmark.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_CONNMARK.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_conntrack.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_dccp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_dscp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_DSCP.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_ecn.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_ECN.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_esp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_hashlimit.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_helper.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_iprange.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_length.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_limit.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_LOG.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_mac.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_mark.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_MARK.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_MASQUERADE.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_multiport.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_NETMAP.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_NFQUEUE.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_NOTRACK.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_owner.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_physdev.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_pkttype.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_realm.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_recent.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_REDIRECT.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_REJECT.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_SAME.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_sctp.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_state.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_string.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_tcpmss.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_TCPMSS.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_tos.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_TOS.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_ttl.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_TTL.ko
/lib/modules/2.6.15-1-686/kernel/net/ipv4/netfilter/ipt_ULOG.ko

Thank you for any comments

win32sux · 03-08-2006, 03:44 AM

i don't see any module named ipp2p anywhere in your post... the error you get might very well mean exactly what it says (that there is no match by that name) if this is the case... what process did you follow when installing the ipp2p thing?? i assume it went something like:

- apply ipp2p patch to kernel source...
- configure kernel, selecting the "M" for the ipp2p...
- recompile kernel/modules...
- boot new kernel...
- recompile iptables...

is that kinda like what you did??

or are you positive that the debian kernel already comes with this thing??

Nathanael · 03-08-2006, 04:49 AM

well...

firstly, the first time i used ipp2p was on a gibraltar live cd (gibraltar.at)
then i tried using it on my old firewall, running debian testing kernel 2.6.8
i did not need any additional kernel modules/patches, everything was there after a simple apt-get install kernel-image-2.6.8-1-686 :-P
for some reason this does not seem to be the case for 2.6.12 and above! i have no idea why. so i thought perhaps somebody here might have had the same prob
if ipp2p desperatly requires a kernel modules, then i shal try to get the kernel sources, patch and recompile.

still wellcoming any comments.

thank you win32sx for your thoughts. it makes sence and i hope it will get me further in getting ipp2p to work. i shall post further results here...