| 1 |
On Sat, 24 Sep 2005 21:25:07 +0000 |
| 2 |
Michael Kjorling <michael@××××××××.com> wrote: |
| 3 |
|
| 4 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 5 |
> Hash: SHA1 |
| 6 |
> |
| 7 |
> My system is AMD64, Linux 2.6.12-gentoo-r10 (from gentoo-sources), |
| 8 |
> iptables 1.3.2 and generally up-to-date. I can't seem to get iptables |
| 9 |
> to work. Netfilter support is compiled into the kernel (compiling it |
| 10 |
> as a module and loading that gave the same result), as evidenced by: |
| 11 |
> |
| 12 |
> $ zgrep -i iptables /proc/config.gz |
| 13 |
> CONFIG_IP_NF_IPTABLES=y |
| 14 |
> $ |
| 15 |
> |
| 16 |
> but iptables refuses to run: |
| 17 |
> |
| 18 |
> # iptables -L -n |
| 19 |
> FATAL: Module ip_tables not found. |
| 20 |
> iptables v1.3.2: can't initialize iptables table `filter': Table does |
| 21 |
> not exist (do you need to insmod?) Perhaps iptables or your kernel |
| 22 |
> needs to be upgraded. # |
| 23 |
> |
| 24 |
> `iptables -X filter' gives me the same error message. |
| 25 |
> |
| 26 |
> Any suggestions as for how to get packet filtering working (including |
| 27 |
> kernel configuration options to try) would be greatly appreciated. |
| 28 |
> |
| 29 |
> - -- |
| 30 |
> Michael Kjörling, michael@××××××××.com - http://michael.kjorling.com/ |
| 31 |
> * ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments * |
| 32 |
> * ..... No bird soars too high if he soars with his own wings ..... * |
| 33 |
> -----BEGIN PGP SIGNATURE----- |
| 34 |
> Version: GnuPG v1.4.1 (GNU/Linux) |
| 35 |
> |
| 36 |
> iD8DBQFDNcQzdY+HSb3praYRAmkVAJ4+l7uFwHsfQc5McejmrljuSLoWlwCgnjQP |
| 37 |
> eXGRvHKghiIcqXZephmOvn0= |
| 38 |
> =4Iep |
| 39 |
> -----END PGP SIGNATURE----- |
| 40 |
Hi, |
| 41 |
Not very much info i'm afraid, but a working solution. |
| 42 |
Choose to use shorewall and in their site-docs (pdf including) there is |
| 43 |
a graphical example of kernel config to use with shorewall. |
| 44 |
As their's intentions are for shorewall to be mostly used for quite |
| 45 |
everything with iptables, it has IIRC quite all options turned ON under |
| 46 |
iptables. Use this for some 2,5 years (with very small changes). |
| 47 |
Think you can also check the iptables site/docs (Google too). |
| 48 |
There was some site (easyiptables/easyfirewall) with a web-page menu |
| 49 |
driven config, don't know about kernel-config (check this ML archives). |
| 50 |
HTH. Rumen |
Archives