| 1 |
I wound up solving this myself by painstakingly looking at a kernel of |
| 2 |
a working machine and getting all of the network-related options to |
| 3 |
match. |
| 4 |
|
| 5 |
Here is the gist of the changes I had to make to the kernel to get |
| 6 |
this to work: https://gist.github.com/afalko/034966bf72f5da8070d5829c8aac40e4 |
| 7 |
|
| 8 |
I followed it up by rebuilding the kernel like so: |
| 9 |
MAKEOPTS="-j4" make && make modules && make modules_install && make |
| 10 |
install && make mo |
| 11 |
dules_prepare && emerge @module-rebuild |
| 12 |
|
| 13 |
Hopefully this might help another poor soul who might get stuck on this. |
| 14 |
|
| 15 |
-Andrey |
| 16 |
On Fri, Nov 16, 2018 at 1:34 AM Andrey F. <ma3oxuct@×××××.com> wrote: |
| 17 |
> |
| 18 |
> Hi everyone, |
| 19 |
> |
| 20 |
> I have a newly provisioned machine and for the life of me, I can't get |
| 21 |
> iptables working. Here is the error: |
| 22 |
> |
| 23 |
> # iptables -L |
| 24 |
> iptables v1.6.1: can't initialize iptables table `filter': Table does |
| 25 |
> not exist (do you need to i |
| 26 |
> nsmod?) |
| 27 |
> Perhaps iptables or your kernel needs to be upgraded. |
| 28 |
> |
| 29 |
> # lsmod |
| 30 |
> Module Size Used by |
| 31 |
> ip_tables 24576 0 |
| 32 |
> |
| 33 |
> I see the same error after manually modprobing iptable_filter: |
| 34 |
> |
| 35 |
> # modprobe iptable_filter |
| 36 |
> # lsmod |
| 37 |
> Module Size Used by |
| 38 |
> iptable_filter 16384 0 |
| 39 |
> ip_tables 24576 1 iptable_filter |
| 40 |
> |
| 41 |
> I've also tried building it into the kernel, with no luck. On the |
| 42 |
> userspace-side I've went as far is doing a full "emerge -e iptables". |
| 43 |
> I tried upgrading to iptables-1.8 too. I also tried upgrading kernel |
| 44 |
> headers to match the version of the kernel I'm currnetly running. |
| 45 |
> Nothing I do can get it to work. |
| 46 |
> |
| 47 |
> # uname -r |
| 48 |
> 4.18.18 |
| 49 |
> |
| 50 |
> Thanks in advance for any suggestions! |
| 51 |
> -Andrey |
| 52 |
> |
| 53 |
> P.S. Below are my related kernel settings. I tried to make them all |
| 54 |
> built-in, but that didn't work. |
| 55 |
> |
| 56 |
> # zcat /proc/config.gz | grep NETF | grep -v XT |
| 57 |
> CONFIG_NETFILTER=y |
| 58 |
> CONFIG_NETFILTER_ADVANCED=y |
| 59 |
> CONFIG_BRIDGE_NETFILTER=y |
| 60 |
> CONFIG_NETFILTER_INGRESS=y |
| 61 |
> CONFIG_NETFILTER_NETLINK=y |
| 62 |
> CONFIG_NETFILTER_FAMILY_BRIDGE=y |
| 63 |
> CONFIG_NETFILTER_FAMILY_ARP=y |
| 64 |
> CONFIG_NETFILTER_NETLINK_ACCT=y |
| 65 |
> CONFIG_NETFILTER_NETLINK_QUEUE=y |
| 66 |
> CONFIG_NETFILTER_NETLINK_LOG=y |
| 67 |
> CONFIG_NETFILTER_CONNCOUNT=y |
| 68 |
> CONFIG_NETFILTER_NETLINK_GLUE_CT=y |
| 69 |
> CONFIG_NETFILTER_SYNPROXY=y |
| 70 |
> |
| 71 |
> # zcat /proc/config.gz | grep IPTA |
| 72 |
> CONFIG_IP_NF_IPTABLES=m |
| 73 |
> CONFIG_IP6_NF_IPTABLES=y |
| 74 |
> |
| 75 |
> # zcat /proc/config.gz | grep IP_NF |
| 76 |
> CONFIG_IP_NF_IPTABLES=m |
| 77 |
> CONFIG_IP_NF_MATCH_AH=m |
| 78 |
> CONFIG_IP_NF_MATCH_ECN=m |
| 79 |
> CONFIG_IP_NF_MATCH_RPFILTER=m |
| 80 |
> CONFIG_IP_NF_MATCH_TTL=m |
| 81 |
> CONFIG_IP_NF_FILTER=m |
| 82 |
> CONFIG_IP_NF_TARGET_REJECT=m |
| 83 |
> CONFIG_IP_NF_TARGET_SYNPROXY=m |
| 84 |
> CONFIG_IP_NF_NAT=m |
| 85 |
> CONFIG_IP_NF_TARGET_MASQUERADE=m |
| 86 |
> CONFIG_IP_NF_TARGET_NETMAP=m |
| 87 |
> CONFIG_IP_NF_TARGET_REDIRECT=m |
| 88 |
> CONFIG_IP_NF_MANGLE=m |
| 89 |
> CONFIG_IP_NF_TARGET_CLUSTERIP=m |
| 90 |
> CONFIG_IP_NF_TARGET_ECN=m |
| 91 |
> CONFIG_IP_NF_TARGET_TTL=m |
| 92 |
> # CONFIG_IP_NF_RAW is not set |
| 93 |
> CONFIG_IP_NF_SECURITY=m |
| 94 |
> CONFIG_IP_NF_ARPTABLES=y |
| 95 |
> CONFIG_IP_NF_ARPFILTER=y |
| 96 |
> CONFIG_IP_NF_ARP_MANGLE=y |
Archives