Can't get iptables to work. [Archive]

Click to See Complete Forum and Search --> : Can't get iptables to work.

MBuechle

06-20-2002, 07:01 PM

Hi,
I'm trying to set up my old laptop as a firewall/masq box for my DSL link. It's running RH 7.1, kernal 2.4.9-21. I've re-compiled to enable netfiltering per the IP Masquerade HOWTO but somethings still not right. If I try to run the rc.firewall-2.4 script, I get messages that several required modules don't exist. I found them in the /lib/modules/linux-2.4.9-21 directory tree and tried to modprobe them but got the same response. I'm looking at the file on a directory listing but am told by modprobe that it doesn't exist! If I try to run the ipchains script that redhat installed in /etc/rc.d/init.d, I get a message that iptables could not find the table and do I need a Kernel or iptables upgrade? I tried to apply the iptables 1.2.6a patch to my kernel but it failed. Any ideas? I did not make clean before I built, could that cause this? My current version of iptables is 1.2.1a as supplied with my RH dist. The original kernel with that dist was 2.4.2.
This machine is a 486-50 so every kernel/module build is an 8hr. project. Also, everything is done from the command line, too slow for X, besides, this is a dedicated firewall box, I don't want anything unnecessary running. Any input would be greatly appreciated! I hate it when things don't work the way the book says they're suppose to!

Mark

Lorithar

06-20-2002, 11:23 PM

I would suspect that your problem is coming from ipchains.

The two firewalling processes are mutually exclusive. If ipchains support is present, either as a module or built into the kernel, iptables *will not work*

lsmod shows you loaded modules.

check for /proc/net/ip_fwchains

if its there, you have ipchains somewhere on the system.

afsinbey

06-21-2002, 03:01 AM

Hi MBuechle ;
this is my RedHat 7.1 Linux Box and I didn't need to compile kernel to use iptables :
[root@backup root]# uname -a
Linux backup 2.4.7-2 #1 Tue Aug 14 05:16:54 EDT 2001 i686 unknown

and when I list the some modules ,

[root@backup root]# lsmod |grep ip
ipt_LOG 3760 0 (autoclean)
iptable_filter 2144 0 (autoclean) (unused)
ip_tables 11232 2 [ipt_LOG iptable_filter]
ipx 16160 0 (autoclean)

there isn't iptable_nat , as you know we can install this module by typing :
/sbin/modprobe iptable_nat
and again I list modules
[root@backup root]# lsmod|grep nat
iptable_nat 17040 0 (unused)
ip_conntrack 16016 1 [iptable_nat]
ip_tables 11232 5 [iptable_nat ipt_LOG iptable_filter]

I think that you must first remove / uninstall the ipchains , you can use chkconfig utility , please type man chkconfig.
shortly this is utility for install / deinstall starting scripts.
try this for remove ipchains :
chkconfig --level 0123456 ipchains off
and stop the ipchains service with this command :
service ipchains stop
and now , you must install and load the iptables , please try these :
chkconfig --level 235 iptables on
service iptables start

and later if there isn't iptables module , as I said above you can install it with this command :
/sbin/modprobe iptable_nat

And last you can find detailed info about iptables from this link :

iptables document (http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html#AEN2300)

this is realy good tutorial..

afsinbey , afsinbey@afsinbey.com