| View previous topic :: View next topic |
| Author |
Message |
kalldrexx
n00b
Joined: 20 Apr 2002
Posts: 23
|
 Posted: Thu Apr 25, 2002 9:53 am Post subject: Firewall woes..... |
 |
|
Trying to manipluate IPtables and IPchains seems broken... Why do I say this? I'm following howto examples. I emerged ipchains after I couldn't get iptables working. Why not?
| My lovely console wrote: |
bash-2.05a# iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP
modprobe: Can't locate module ip_tables
iptables v1.2.6a: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
|
hmm right... tha'ts odd figuring i got that code from a howto that's supposed to teach me how to use iptables. So i emerge ipchains and ipchains-firewall. I try some examples then:
| my lovely console wrote: |
bash-2.05a# ipchains -A input -s 127.0.0.1 -p icmp -j DENY
ipchains: Protocol not available
bash-2.05a# ipchains -L
ipchains: Incompatible with this kernel
bash-2.05a# ipchains -L input
ipchains: Incompatible with this kernel
bash-2.05a# ipchains -F forward
ipchains: Protocol not available
bash-2.05a# ipchains -A output -d 199.95.207.0/24 -j REJECT
ipchains: Protocol not available
|
uhhhhhhhhhh. Well i'm assuming that's not supposed to happen. I got those STRAIGHT out of hte firewall howto....
AS you cna see i'm having trouble wiht my firewall.. I htink i finally got ssh working however i aslo can't ifgure out how to make sshd start happen at boot...
--KallDrexx[/quote] |
|
| Back to top |
|
 |
phaze3k
n00b
Joined: 24 Apr 2002
Posts: 36
|
| Posted: Thu Apr 25, 2002 10:29 am Post subject: |
|
|
I'm assuming you've got a 2.4 kernel installed, so you don't want ipchains - unmerge it now.
Did you compile iptables support directly into the kernel? It doesn't look like it..
If you compiled it as a module try doing (as root) and then adding the rules.
If that still doesn't work, you'll need to go to /usr/src/linux, make menuconfig, select iptables as a module (and any other related iptables modules you want, eg NAT), then do a
| Code: | | make modules; make modules_install |
Once the module is installed do
(you only need to do this once), modprobe iptables and add your rules.. |
|
| Back to top |
|
|
Target
Apprentice
Joined: 25 Apr 2002
Posts: 200
|
| Posted: Thu Apr 25, 2002 11:20 am Post subject: |
|
|
Compiling the kernel with netfilter might help with getting iptables to work.
In menuconfig, don't forget to go down to the netfilter sub-menu that will appear a little bit down the list after you enable netfilter itself, and enable all the fun stuff you need. |
|
| Back to top |
|
|
KallDrexx
n00b
Joined: 20 Apr 2002
Posts: 23
|
| Posted: Thu Apr 25, 2002 12:26 pm Post subject: hmm |
|
|
ok (at school) I remotley unmerged ipchains (I thought that was the newst... *shrug*). Yes i have 2.4.19.
The thing is i DON"T see an iptables option in menuconfig. All I see is "Network packet filtering (replaces ipchains)" which i didn't select. Any more specific options to get iptables working would be greatly appreciated... btw modprobe iptables didn't work.
--KallDrexx |
|
| Back to top |
|
|
dr_strange
Guru
Joined: 16 Apr 2002
Posts: 480
Location: Cambridge, UK
|
| Posted: Thu Apr 25, 2002 12:32 pm Post subject: |
|
|
| ah, but you _should_ select it, and then a whole bunch of additional options appear |
|
| Back to top |
|
|
Target
Apprentice
Joined: 25 Apr 2002
Posts: 200
|
| Posted: Thu Apr 25, 2002 3:45 pm Post subject: |
|
|
Yes, that is netfilter/iptables.
It gives you a new submenu when you select it, but it's further down so you need to go hunt for it. |
|
| Back to top |
|
|
KallDrexx
n00b
Joined: 20 Apr 2002
Posts: 23
|
| Posted: Thu Apr 25, 2002 4:47 pm Post subject: um...riiiight |
|
|
ok I selected it before (when i posted the first message) issued the reboot command and well, Gentoo doesn't seem to want to do the final step to shut down or reboot (gives some return error, i'll get it and post it later) so i can't ssh into it now...
basically when I selected netfilter, only 1 more option came up, the netfilter debug... 
so.....
--KallDrexx
EDIT: Also, I compiled it into the kernel.... Should I do it as a module instead? |
|
| Back to top |
|
|
Target
Apprentice
Joined: 25 Apr 2002
Posts: 200
|
| Posted: Thu Apr 25, 2002 5:01 pm Post subject: |
|
|
| An extra netfilter submenu comes up, but for some reason it comes up way down the page. You have to go down there and go into it. |
|
| Back to top |
|
|
klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
| Posted: Sun Apr 28, 2002 9:18 pm Post subject: Re: um...riiiight |
|
|
| KallDrexx wrote: | | EDIT: Also, I compiled it into the kernel.... Should I do it as a module instead? |
Shouldn't matter, but I've always compiled my firewall stuff into the kernel.
--kurt
_________________
The problem with political jokes is that they get elected |
|
| Back to top |
|
|
|
Networking & Security
