iptables won't autoload needed modules on demand

toombs · 07-22-2007, 02:51 PM

When running an iptables command, as root, that requires a kernel module that isn't loaded, rather than loading it, iptables just complains it isn't loaded and doesn't even try to load it. All the required modules were compiled and can be modprobed; iptables just refuses to do so. Here's a sample output:

Code:

# iptables -P INPUT DROP
iptables v1.3.5: can't initialize iptables table `filter': Table does not exist
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
#

If I load all of the required modules manually, it will work fine, but for some reason, iptables doesn't want to load them.

I'm running Gentoo linux so here are the relevant packages I have installed:
net-firewall/iptables-1.3.5-r4
sys-kernel/gentoo-sources-2.6.20-r8

I don't know if it's relevant, but I'm using native amd64 architecture. If anybody else has seen this happen before, and has a solution, could you please reply because I have never seen anything like this before and I have no idea what the hell's going on.

sparc86 · 07-22-2007, 04:31 PM

Please, use the command lsmod and copy us the results, you should have the following loaded:

ip_tables
ip_conntrack
iptable_filter
ipt_state

If you don't, then try:

modprobe ip_tables
modprobe ip_conntrack
modprobe iptable_filter
modprobe ipt_state

If you still get error messages, such "FATAL: Module bleh not found.", then you don't have the needed modules. This means you will have to update your kernel with these new modules.

An excellent guide for that can be found at http://www.linuxquestions.org/questi...threadid=49035

I hope I could be helpful. Please let us know if it worked for you and what was exactly the problem.

win32sux · 07-23-2007, 02:28 AM

Have you tried upgrading (or at least recompiling) iptables?

toombs · 08-05-2007, 05:01 PM

Sparc86, I don't think that's the issue here. All those modules you just mentioned should never need to be manually loaded. iptables should always automatically load all of the modules it needs, including the modules that you mentioned. I'll try loading those 4 modules but I seriously doubt those four modules will allow the other modules that iptables needs to be automatically loaded.

Win32sux, I'm not sure recompiling iptables will help, but I will try it and see if it makes a difference.

Thanks for your suggestions. I'll let you know how it goes.

sparc86 · 08-05-2007, 11:26 PM

When do you try to load the following modules, do you receive any error message or not?

Quote:

modprobe ip_tables
modprobe ip_conntrack
modprobe iptable_filter
modprobe ipt_state

If not, then I was probably wrong (about the modules). But I still think you should check your kernel config. There might be something missing in the netfilter configs.