iptables

[menciaj]

When i run iptables -L, i get the followin error:

FATAL: Error inserting ip_tables (/lib/modules/2.6.10-gentoo-r6/kernel/net/ipv4/netfilter/ip_tables.ko): Invalid module form at iptables v1.2.11: can't initialize iptables table 'filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
_________________
Jose

[Maverick2k]

you have iptables installed.

And iptables support in the kernel is compiled as a module.

You may want to try modprobe ip_tables, I hope that will do the trick
_________________
Are you tired of being a crash test dummy for Microsoft? Discover Linux.

[menciaj]

I have installed iptables, and when i do mprobe_iptables, i get the same error message


The following is my kernel configuration

Networking Options

[*] IP: PIM-SM version 2 support
│ │ [*] IP: ARP daemon support (EXPERIMENTAL)
│ │ [*] IP: TCP syncookie support (disabled per default)
│ │ <M> IP: AH transformation
│ │ <M> IP: ESP transformation
│ │ <M> IP: IPComp transformation
│ │ <M> IP: tunnel transformation
│ │ <M> IP: TCP socket monitoring interface
│ │ IP: Virtual Server Configuration --->
│ │ < > The IPv6 protocol (EXPERIMENTAL)
│ │ [*] Network packet filtering (replaces ipchains) --->


Netfiltering configuration

M> Connection tracking (required for masq/NAT) │ │
│ │ [*] Connection tracking flow accounting │ │
│ │ [*] Connection mark tracking support │ │
│ │ <M> SCTP protocol connection tracking support (EXPERIMENTAL) │ │
│ │ <M> FTP protocol support │ │
│ │ <M> IRC protocol support │ │
│ │ <M> TFTP protocol support │ │
│ │ <M> Amanda backup protocol support │ │
│ │ <M> Userspace queueing via NETLINK │ │
│ │ <M> IP tables support (required for filtering/masq/NAT) │ │
│ │ <M> limit match support │ │
│ │ <M> IP range match support │ │
│ │ <M> MAC address match support │ │
│ │ <M> Packet type match support │ │
│ │ <M> netfilter MARK match support │ │
│ │ <M> Multiple port match support │ │
│ │ <M> TOS match support │ │
│ │ <M> recent match support │ │
│ │ <M> ECN match support │ │
│ │ <M> DSCP match support
<M> AH/ESP match support │ │
│ │ <M> LENGTH match support │ │
│ │ <M> TTL match support │ │
│ │ <M> tcpmss match support │ │
│ │ <M> Helper match support │ │
│ │ <M> Connection state match support │ │
│ │ <M> Connection tracking match support │ │
│ │ <M> Owner match support │ │
│ │ <M> address type match support │ │
│ │ <M> realm match support │ │
│ │ <M> SCTP protocol match support │ │
│ │ <M> comment match support │ │
│ │ <M> Connection mark match support │ │
│ │ <M> hashlimit match support │ │
│ │ <M> Packet filtering │ │
│ │ <M> REJECT target support │ │
│ │ <M> LOG target support │ │
│ │ <M> ULOG target support │ │
│ │ <M> TCPMSS target support │ │
│ │ <M> Full NAT
<M> MASQUERADE target support │ │
│ │ <M> REDIRECT target support │ │
│ │ <M> NETMAP target support │ │
│ │ <M> SAME target support │ │
│ │ [*] NAT of local connections (READ HELP) │ │
│ │ <M> Basic SNMP-ALG support (EXPERIMENTAL) │ │
│ │ <M> Packet mangling │ │
│ │ <M> TOS target support │ │
│ │ <M> ECN target support │ │
│ │ <M> DSCP target support │ │
│ │ <M> MARK target support │ │
│ │ <M> CLASSIFY target support │ │
│ │ <M> CONNMARK target support │ │
│ │ <M> CLUSTERIP target support (EXPERIMENTAL) │ │
│ │ <M> raw table support (required for NOTRACK/TRACE) │ │
│ │ <M> NOTRACK target support │ │
│ │ <M> ARP tables support │ │
│ │ <M> ARP packet filtering │ │
│ │ <M> ARP payload mangling
_________________
Jose

[hanj]

Did you...

[menciaj]

yes, and still getting the same error message
_________________
Jose

[hanj]

Can you give us some debug information....by executing these commands.. and giving us the output. I'm sure these are all fine.. but it may be good to check our bases.

[menciaj]

# uname -a

Linux DellGxa 2.6.10-gentoo-r6 #1 SMP Thu Mar 10 15:06:18 Local time zone must be set--see zic i686 Pentium II (Klamath) GenuineIntel GNU/Linux

# ls -al /lib/modules/2.6.10-gentoo-r6/kernel/net/ipv4/netfilter

drwxr-xr-x 2 root root 4096 Aug 10 20:59 .
drwxr-xr-x 3 root root 4096 Aug 10 20:59 ..
-rw-r--r-- 1 root root 17596 Aug 10 20:59 arp_tables.ko
-rw-r--r-- 1 root root 3289 Aug 10 20:59 arpt_mangle.ko
-rw-r--r-- 1 root root 4127 Aug 10 20:59 arptable_filter.ko
-rw-r--r-- 1 root root 70215 Aug 10 20:59 ip_conntrack.ko
-rw-r--r-- 1 root root 5314 Aug 10 20:59 ip_conntrack_amanda.ko
-rw-r--r-- 1 root root 7887 Aug 10 20:59 ip_conntrack_ftp.ko
-rw-r--r-- 1 root root 7220 Aug 10 20:59 ip_conntrack_irc.ko
-rw-r--r-- 1 root root 10950 Aug 10 20:59 ip_conntrack_proto_sctp.ko
-rw-r--r-- 1 root root 4673 Aug 10 20:59 ip_conntrack_tftp.ko
-rw-r--r-- 1 root root 4193 Aug 10 20:59 ip_nat_amanda.ko
-rw-r--r-- 1 root root 6096 Aug 10 20:59 ip_nat_ftp.ko
-rw-r--r-- 1 root root 5275 Aug 10 20:59 ip_nat_irc.ko
-rw-r--r-- 1 root root 14210 Aug 10 20:59 ip_nat_snmp_basic.ko
-rw-r--r-- 1 root root 4861 Aug 10 20:59 ip_nat_tftp.ko
-rw-r--r-- 1 root root 11562 Aug 10 20:59 ip_queue.ko
-rw-r--r-- 1 root root 25301 Aug 10 20:59 ip_tables.ko
-rw-r--r-- 1 root root 3252 Aug 10 20:59 ipt_CLASSIFY.ko
-rw-r--r-- 1 root root 15722 Aug 10 20:59 ipt_CLUSTERIP.ko
-rw-r--r-- 1 root root 3332 Aug 10 20:59 ipt_CONNMARK.ko
-rw-r--r-- 1 root root 3474 Aug 10 20:59 ipt_DSCP.ko
-rw-r--r-- 1 root root 4334 Aug 10 20:59 ipt_ECN.ko
-rw-r--r-- 1 root root 9296 Aug 10 20:59 ipt_LOG.ko
-rw-r--r-- 1 root root 3160 Aug 10 20:59 ipt_MARK.ko
-rw-r--r-- 1 root root 5819 Aug 10 20:59 ipt_MASQUERADE.ko
-rw-r--r-- 1 root root 3357 Aug 10 20:59 ipt_NETMAP.ko
-rw-r--r-- 1 root root 3013 Aug 10 20:59 ipt_NOTRACK.ko
-rw-r--r-- 1 root root 3506 Aug 10 20:59 ipt_REDIRECT.ko
-rw-r--r-- 1 root root 7645 Aug 10 20:59 ipt_REJECT.ko
-rw-r--r-- 1 root root 3643 Aug 10 20:59 ipt_SAME.ko
-rw-r--r-- 1 root root 5235 Aug 10 20:59 ipt_TCPMSS.ko
-rw-r--r-- 1 root root 3471 Aug 10 20:59 ipt_TOS.ko
-rw-r--r-- 1 root root 8153 Aug 10 20:59 ipt_ULOG.ko
-rw-r--r-- 1 root root 3022 Aug 10 20:59 ipt_addrtype.ko
-rw-r--r-- 1 root root 2919 Aug 10 20:59 ipt_ah.ko
-rw-r--r-- 1 root root 2573 Aug 10 20:59 ipt_comment.ko
-rw-r--r-- 1 root root 2608 Aug 10 20:59 ipt_connmark.ko
-rw-r--r-- 1 root root 3367 Aug 10 20:59 ipt_conntrack.ko
-rw-r--r-- 1 root root 2596 Aug 10 20:59 ipt_dscp.ko
-rw-r--r-- 1 root root 3158 Aug 10 20:59 ipt_ecn.ko
-rw-r--r-- 1 root root 2922 Aug 10 20:59 ipt_esp.ko
-rw-r--r-- 1 root root 11529 Aug 10 20:59 ipt_hashlimit.ko
-rw-r--r-- 1 root root 3734 Aug 10 20:59 ipt_helper.ko
-rw-r--r-- 1 root root 2760 Aug 10 20:59 ipt_iprange.ko
-rw-r--r-- 1 root root 2602 Aug 10 20:59 ipt_length.ko
-rw-r--r-- 1 root root 3418 Aug 10 20:59 ipt_limit.ko
-rw-r--r-- 1 root root 2968 Aug 10 20:59 ipt_mac.ko
-rw-r--r-- 1 root root 2628 Aug 10 20:59 ipt_mark.ko
-rw-r--r-- 1 root root 2969 Aug 10 20:59 ipt_multiport.ko
-rw-r--r-- 1 root root 4855 Aug 10 20:59 ipt_owner.ko
-rw-r--r-- 1 root root 2605 Aug 10 20:59 ipt_pkttype.ko
-rw-r--r-- 1 root root 2937 Aug 10 20:59 ipt_realm.ko
-rw-r--r-- 1 root root 12850 Aug 10 20:59 ipt_recent.ko
-rw-r--r-- 1 root root 3950 Aug 10 20:59 ipt_sctp.ko
-rw-r--r-- 1 root root 2811 Aug 10 20:59 ipt_state.ko
-rw-r--r-- 1 root root 3303 Aug 10 20:59 ipt_tcpmss.ko
-rw-r--r-- 1 root root 2498 Aug 10 20:59 ipt_tos.ko
-rw-r--r-- 1 root root 2896 Aug 10 20:59 ipt_ttl.ko
-rw-r--r-- 1 root root 4896 Aug 10 20:59 iptable_filter.ko
-rw-r--r-- 1 root root 5076 Aug 10 20:59 iptable_mangle.ko
-rw-r--r-- 1 root root 37996 Aug 10 20:59 iptable_nat.ko
-rw-r--r-- 1 root root 3571 Aug 10 20:59 iptable_raw.ko

# ls -al /usr/src/linux

lrwxrwxrwx 1 root root 22 Mar 10 09:12 /usr/src/linux -> linux-2.6.10-gentoo-r6

# df -k | grep boot

-----no results here----

# ls -al /boot

total 1496
drwxr-xr-x 2 root root 4096 Mar 7 04:09 .
drwxr-xr-x 19 root root 4096 Aug 6 23:23 ..
-rw-r--r-- 1 root root 0 Feb 23 06:41 .keep
-rw-r--r-- 1 root root 22737 Sep 22 2004 config-2.4.24
-rw-r--r-- 1 root root 1493020 Sep 22 2004 kernel-2.4.24

# lsmod

Module Size Used by
snd_seq_midi 8512 -
snd_opl3_synth 16304 -
snd_seq_instr 9004 -
snd_seq_midi_emul 7340 -
snd_ainstr_fm 2220 -
snd_pcm_oss 53536 -
snd_mixer_oss 19596 -
snd_seq_oss 37504 -
snd_seq_midi_event 7468 -
snd_seq 56720 -
snd_cs4236 16004 -
snd_opl3_lib 11596 -
snd_hwdep 9248 -
snd_cs4236_lib 16812 -
snd_mpu401_uart 8300 -
snd_rawmidi 24960 -
snd_seq_device 8760 -
snd_cs4231_lib 27564 -
snd_pcm 96036 -
snd_timer 25712 -
snd 57924 -
snd_page_alloc 9808 -

# modprobe ip_tables

FATAL: Error inserting ip_tables (/lib/modules/2.6.10-gentoo-r6/kernel/net/ipv4/netfilter/ip_tables.ko): Invalid module format

# emerge -pv iptables

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild R ] net-firewall/iptables-1.2.11-r3 -extensions +ipv6 -static 0 kB

Total size of downloads: 0 kB
_________________
Jose

[hanj]

Hello

That all looks re-al good. The error on modprobe is the key...

[menciaj]

I re-compile the kernel many times. After re-compiling the kernel do i have to copy the image to /boot?

I appreciated your help for the search...
_________________
Jose

[hanj]

Yes.. everytime you re-compile the kernel.. you'll need to mount /boot and copy the image over and reboot.

Here is a thread mentioning the same error.. with 2 possible fixes:
https://forums.gentoo.org/viewtopic-t-294429-highlight-invalid+module+format.html

hanji

[menciaj]

I will copy the image to /boot and reboot. Then i will look into that url
_________________
Jose

[menciaj]

I did the following:
1. checked this website https://forums.gentoo.org/viewtopic-t-294429-highlight-invalid+module+format.html
2. emerge gcc
3. recomile the kernel, copied the new image of the kernel, and reboot the computer

When i do iptales -L, i still get the same error

FATAL: Error inserting ip_tables (/lib/modules/2.6.10-gentoo-r6/kernel/net/ipv4/netfilter/ip_tables.ko): Invalid module format
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

When i do modprobe ip_tables, error

modprobe ip_tables
FATAL: Error inserting ip_tables (/lib/modules/2.6.10-gentoo-r6/kernel/net/ipv4/netfilter/ip_tables.ko): Invalid module format

I don't know what to do next. I had done google search also, but i found nothing.
_________________
Jose