SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So, I'm trying to use iptables on my Slackware 10.2 with
a 2.6.15-rc5 kernel with practically all the iptables modules
built as modules.
Why do I get this output?
code:
Code:
root@alakazam:~# iptables -m connbytes -h
iptables v1.3.3: Couldn't load match
`connbytes':/usr/lib/iptables/libipt_connbytes.so:
cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
root@alakazam:~#
Well, I know why I get that output. Why is there no
/usr/lib/iptables/libipt_connbytes.so?
Is iptables package in need of update to work with 2.6.X kernels'
available modules?
I have iptables-1.3.3-i486-1, which is latest from
<http://slackware.it/en/pb/search.php?v=current&t=2&q=libipt_*>.
- download the latest kernel source code (2.6.15.1 at the time of this post)...
- double-check that all the netfilter options are properly set and stuff...
- recompile kernel...
- recompile iptables using the latest source code (1.3.4 at the time of this post)...
but having said that, i'm using iptables 1.3.4 and kernel 2.4.33-pre1 and i get the same result as you do, so i doubt it's a 2.6 issue:
Code:
bash-3.00# iptables -m connbytes
iptables v1.3.4: Couldn't load match `connbytes':/usr/lib/iptables/libipt_connbytes.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
bash-3.00# find / -name libipt_connbytes.so
bash-3.00# uname -r
2.4.33-pre1
as you can see, there's no file named libipt_connbytes.so on my box... so i'd assume it's due to an option that was missed during the kernel configuration before the build, but i'm not sure what the connbytes module does, though... could it be that the module's name is misspelled or something like that?? or perhaps it's a module that has been removed from netfilter?? when was the last time you got it to actually work??
I think the libipt_* files are built from the iptables
source not kernel source. I can modprobe ipt_connbytes
kernel module, it is the library that is missing.
I guess what I'd like to see is the latest iptables package
from slackware include support for *all* the iptables kernel
modules available in the recent vanilla kernels.
I could compile iptables libraries myself, sure, but doesn't
this seem like an oversight wrt the iptables package?
How would one go about making this kind of request? An e-mail
to PJV, himself? Does he read ths forum? Slackware.com still
lists this as "our favorite Slackware questions forum".
I think the libipt_* files are built from the iptables
source not kernel source. I can modprobe ipt_connbytes
kernel module, it is the library that is missing.
hmmm, i see... well, i can't modprobe ipt_connbytes on my 2.4 box, so i guess it's different on 2.6... i don't have any experience with 2.6, though...
Quote:
I guess what I'd like to see is the latest iptables package
from slackware include support for *all* the iptables kernel
modules available in the recent vanilla kernels.
but wouldn't that affect 2.4 compatibility?? i mean, keeping in mind that while slackware has both 2.4 and 2.6 it needs to keep a delicate balance and stuff... of course when slackware goes completely 2.6 then things will be different...
Quote:
I could compile iptables libraries myself, sure, but doesn't
this seem like an oversight wrt the iptables package?
i'm not sure it's an oversight... but if you know what you need to do in order to get these features when compiling iptables then it's just a matter of editing the build script for iptables on slackware 10.2... you could then post your changes to this thread so that it could help other people who have the same issue as you... i tried looking to see which options one would enable at compile time for iptables but couldn't really find anything relevant... perhaps it's just a matter of rebuilding iptables while running the 2.6 kernel??
Quote:
How would one go about making this kind of request? An e-mail
to PJV, himself? Does he read ths forum? Slackware.com still
lists this as "our favorite Slackware questions forum".
yes, this kinda thing is usually dealt with by sending him an email, but only after having tested and considered everything about the issue very thoroughly, of course...
how'd it go with this, bbeers?? did you get it working?? i'm starting to think that if you already have the connbytes functionality in your kernel/modules then it's just a matter of recompiling iptables while running that kernel, cuz i couldn't find anything in the iptables installation that would enable such a thing, but i'm not sure of course... have you tried it?? make sure you try compiling iptables 1.3.4 cuz in the changelog they do mention an issue with connbytes and linux 2.6 which was fixed:
Quote:
Fix compilation of connbytes match with 2.6.14 kernel
how'd it go with this, bbeers?? did you get it working?? i'm starting to think that if you already have the connbytes functionality in your kernel/modules then it's just a matter of recompiling iptables while running that kernel, cuz i couldn't find anything in the iptables installation that would enable such a thing, but i'm not sure of course... have you tried it?? make sure you try compiling iptables 1.3.4 cuz in the changelog they do mention an issue with connbytes and linux 2.6 which was fixed: http://www.netfilter.org/projects/ip...bles-1.3.4.txt
I haven't had the time to chase it down any further yet -- been
very busy at work.
I did notice that iptables project has a lot of non-vanilla stuff
-- which I guess will not be in a slackware iptables package
since the kernel is built vanilla.
I just looked at the kernel itptables modules available in the
'testing/packages/linux-2.6.14.6/kernel-modules-2.6.14.6-i486-1'
and connbytes is not there. So I guess I added it when I compiled
my own kernel 2.6.15-rc5. But, still, I think more iptables
modules could be built with vanilla 2.6.X kernel, and so iptables
needs to be built with all corresponding libs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.