| View previous topic :: View next topic |
| Author |
Message |
uberlinuxguy
n00b
Joined: 20 Nov 2002
Posts: 6
|
 Posted: Mon Feb 10, 2003 3:20 am Post subject: iptables, compiled into the kernel, fun for all :-( |
 |
|
I am presently trying to build a gentoo firewall. I am building a monolithic kernel, so NO MODULES. I've looked around and see mentions of the same problem I am having but no definite solution. So here's the problem, maybe somebody can help.
System Info:
Gentoo x86 1.4_rc2
Kernel: linux-2.4.19-xfs-r2, latest xfs-sources from emerge
option "Network packet filtering (replaces ipchains)" is turned on, compiled in not as module, and stuff under "IP: Netfilter Configuration --->" is set up how I want it. So I emerge in iptables on the running system. I see the iptables in the kerenel initialize cuz in dmesg I see "ip_tables: (C) 2000-2002 Netfilter core team" Now here's the fun part, so it initializes in the kernel but still I get
iptables v1.2.7a: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
when I run /sbin/iptables -L. So my question is, what am I missing? What tiny little detail is eluding me? Do I have to compile it as a module? I would like to avoid that if at all possible.....
Jason
_________________
Jason Williams |
|
| Back to top |
|
 |
rtn
Guru
Joined: 15 Nov 2002
Posts: 427
|
| Posted: Mon Feb 10, 2003 4:29 am Post subject: |
|
|
Under Netfilter Configuration ---> turn on Packet Filtering. It doesn't need to
be a module.
--rtn |
|
| Back to top |
|
|
ivorydawn
n00b
Joined: 05 Feb 2003
Posts: 3
Location: Felixstowe, South East UK
|
|
| Back to top |
|
|
imadork
n00b
Joined: 17 Apr 2002
Posts: 7
Location: Rochester, NY
|
| Posted: Sat Feb 15, 2003 11:11 pm Post subject: |
|
|
For what it's worth, I managed to compile a kernel with no modules for a firewall, and it works fine.
I used the Gentoo sources, 2.4.19-r7 . |
|
| Back to top |
|
|
grege
n00b
Joined: 19 Feb 2003
Posts: 3
|
| Posted: Wed Feb 19, 2003 1:23 pm Post subject: |
|
|
| If it is of any use, I have it all loaded as modules and get the same error when I try to run Firestarter, sounds like a dependency problem |
|
| Back to top |
|
|
neilhwatson
l33t
Joined: 06 Feb 2003
Posts: 719
Location: Canada
|
| Posted: Wed Feb 19, 2003 4:44 pm Post subject: |
|
|
I've always found kernel modules to be a pain. Especially kernels provided by distributions. I had the same problem you are having. My solution was to download my own kernel source (from a kernel.org mirror) and download iptables. Run the iptables patch-o-matic, build a new kernel (iptables as modules), reboot to new kernel and install iptables. My firewall works fine now.
_________________
The true guru is a teacher.
Neil Watson |
|
| Back to top |
|
|
shadov
n00b
Joined: 24 Feb 2003
Posts: 9
Location: Finland
|
| Posted: Tue Feb 25, 2003 4:31 pm Post subject: |
|
|
I'm n00b with iptables.
What's patch-o-matic ?
I haven't got iptables working with 2.4.19-gentoo so I'm going to try with 2.4.20-vanilla tomorrow. Is there a list somewhere that tels what modules I need? I have found out that there are kinda lots of modules in iptables. |
|
| Back to top |
|
|
neilhwatson
l33t
Joined: 06 Feb 2003
Posts: 719
Location: Canada
|
| Posted: Tue Feb 25, 2003 4:56 pm Post subject: |
|
|
When you download iptables you should also download the iptables patch-o-matic. This is a script that you run that patches your kernel sources. The iptables install documentation will explain all.
_________________
The true guru is a teacher.
Neil Watson |
|
| Back to top |
|
|
digitalnick
Apprentice
Joined: 30 Jun 2002
Posts: 243
Location: Lawrence KS USA
|
| Posted: Fri Mar 07, 2003 4:42 am Post subject: |
|
|
| im havin similar problems with the gentoo .20-r1 sources tried first as modules but when i follow the masq howto and try the firewall script i get erros that it cant insmod the modules somethign about unresolved dependancies ... goin to try now as monolithic kernel. if still fails then will try patchomatic on the vanilla sources. ill postthe results |
|
| Back to top |
|
|
digitalnick
Apprentice
Joined: 30 Jun 2002
Posts: 243
Location: Lawrence KS USA
|
| Posted: Fri Mar 07, 2003 5:13 am Post subject: |
|
|
well i just got done recompiling the gentoo-sources 2.4.20-r1 monothilically (for iptables any way) rant the masq script from the howto and all the iptables stuff worked fine. in face i ran adsl-start moved a copule cables around changed the inside ip of the server and im routing through it right now  so all i have to do now is start locking down the firewall and figure out hwo to only allow connections from the inside from a list of approved mac addresses and a list of ip addresses (dont like my neighbors stealing my wireless access) if any one has any tips on that let me know
happy firewalling |
|
| Back to top |
|
|
Buzzz
n00b
Joined: 17 Apr 2002
Posts: 63
Location: Enschede, The Netherlands
|
| Posted: Fri Mar 07, 2003 8:56 am Post subject: |
|
|
| digitalnick wrote: | so all i have to do now is start locking down the firewall and figure out hwo to only allow connections from the inside from a list of approved mac addresses and a list of ip addresses (dont like my neighbors stealing my wireless access) if any one has any tips on that let me know
|
I would say, use a dhcp server that gives ip addresses based on mac addresses and only allow those ip addresses to initiate outgoing trafic.
_________________
There are no stupid questions, but there are a lot of inquisitive idiots |
|
| Back to top |
|
|
neilhwatson
l33t
Joined: 06 Feb 2003
Posts: 719
Location: Canada
|
| Posted: Fri Mar 07, 2003 2:25 pm Post subject: |
|
|
Also, I could not find anywhere in Gentoo's module start scripts the command depmod -a. This command tells kerneld to calculate the module dependancies so that if you load a module using modprobe, kerneld loads any dependant modules automatically. You may want to add that command.
_________________
The true guru is a teacher.
Neil Watson |
|
| Back to top |
|
|
rtn
Guru
Joined: 15 Nov 2002
Posts: 427
|
| Posted: Fri Mar 07, 2003 9:43 pm Post subject: |
|
|
| neilhwatson wrote: | | Also, I could not find anywhere in Gentoo's module start scripts the command depmod -a. This command tells kerneld to calculate the module dependancies so that if you load a module using modprobe, kerneld loads any dependant modules automatically. You may want to add that command. |
`depmod -a` is called from /sbin/modules-update, which is called from
/etc/init.d/modules.
--rtn |
|
| Back to top |
|
|
digitalnick
Apprentice
Joined: 30 Jun 2002
Posts: 243
Location: Lawrence KS USA
|
| Posted: Sat Mar 08, 2003 12:27 am Post subject: |
|
|
| Buzzz wrote: |
I would say, use a dhcp server that gives ip addresses based on mac addresses and only allow those ip addresses to initiate outgoing trafic. |
yeah i was going to do that too but i also want to make sure no one sets a static ip while the dhcpd one is offline and cant get access like that. basically i want them to have to spoof the mac and set the appropriate ip for that mac to have access. as i doubt any of my neighbors could figure that out. |
|
| Back to top |
|
|
|
Networking & Security
