| View previous topic :: View next topic |
| Author |
Message |
define
n00b
Joined: 09 Feb 2006
Posts: 17
|
 Posted: Sun May 28, 2006 1:59 pm Post subject: two iptables questions |
 |
|
1) what kernel module should i load so i can filter based on tcp-flags?
2) why when i try to load the module xt_string which is part of iptables i get
| Code: |
# modprobe xt_string
FATAL: Error inserting xt_string (/lib/modules/2.6.16-gentoo-r7/kernel/net/netfilter/xt_string.ko): Unknown symbol in module, or unknown parameter (see dmesg
|
and the relevent dmesg output is:
| Code: |
xt_string: Unknown symbol textsearch_destroy
xt_string: Unknown symbol textsearch_prepare
|
what did i do wrong?
N.B. i am using gentoo-sources-2.6.16-r7 on amd 64 |
|
| Back to top |
|
 |
krolden
Apprentice
Joined: 28 May 2004
Posts: 293
Location: Belgium
|
| Posted: Sun May 28, 2006 3:13 pm Post subject: |
|
|
| Why not just build it in your kernel? |
|
| Back to top |
|
|
define
n00b
Joined: 09 Feb 2006
Posts: 17
|
| Posted: Tue May 30, 2006 8:09 am Post subject: |
|
|
because i went by the iptables howto in gentoo-wiki.org.
does anyone know what is textsearch_destroy or textsearch_prepare? |
|
| Back to top |
|
|
troymc
Guru
Joined: 22 Mar 2006
Posts: 553
|
| Posted: Tue May 30, 2006 12:21 pm Post subject: Re: two iptables questions |
|
|
| define wrote: | | 1) what kernel module should i load so i can filter based on tcp-flags? |
That functionality should be in iptable_filter, which will be autoloaded when you specify a filter rule with the iptables command. If you have kernel module autoloading enabled, most of this will take care of itself.
For tcp-flags to work, you need to specify the tcp protocol, ie:
| Code: |
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK ...
|
| define wrote: |
2) why when i try to load the module xt_string which is part of iptables i get
| Code: |
# modprobe xt_string
FATAL: Error inserting xt_string (/lib/modules/2.6.16-gentoo-r7/kernel/net/netfilter/xt_string.ko): Unknown symbol in module, or unknown parameter (see dmesg
|
and the relevent dmesg output is:
| Code: |
xt_string: Unknown symbol textsearch_destroy
xt_string: Unknown symbol textsearch_prepare
|
what did i do wrong?
|
Unknown symbol errors are usually due to build issues. Are you sure those modules are built for the currently running kernel?
More specifically, I believe these symbols are from the iptable_filter module.
Have you run depmod to try rebuilding your modules dependencies list?
troymc |
|
| Back to top |
|
|
define
n00b
Joined: 09 Feb 2006
Posts: 17
|
| Posted: Tue May 30, 2006 2:17 pm Post subject: |
|
|
i tried running demod but after i did it and i tried to moprobe xt_string again i got the same error message.
the iptable_filter is loaded and still i get
| Code: |
# iptables -A INPUT -p tcp --tcp-flags RST RST -j REJECT
iptables: No chain/target/match by that name
|
for example. |
|
| Back to top |
|
|
define
n00b
Joined: 09 Feb 2006
Posts: 17
|
| Posted: Tue May 30, 2006 9:26 pm Post subject: |
|
|
| solved the problem... i enabled almost all the modules for iptables and recompiled the kernel with CONFIG_KMOD and it worked... |
|
| Back to top |
|
|
guero61
l33t
Joined: 14 Oct 2002
Posts: 811
Location: Behind you
|
| Posted: Fri Jun 02, 2006 12:04 am Post subject: |
|
|
| define wrote: | | solved the problem... i enabled almost all the modules for iptables and recompiled the kernel with CONFIG_KMOD and it worked... |
As a general rule of thumb, I always compile all of the iptables/ebtables modules - never had a problem with them not compiling, and it's ever so much more useful to be able to just add functionality w/o recompiling kernel code. They really don't take up that much space. |
|
| Back to top |
|
|
|
Networking & Security
