[Gllug] ipchains and iptables again

Sean Burlington sean at uncertainty.org.uk
Mon Jul 8 19:56:00 UTC 2002 

Adrian McMenamin wrote:
> I fixed up ipchains on one machine at one end of the network (the ppp 
> connection to the internet), so thanks, for all those that offered advice 
> before.
> 
> But I still have a problem at the other end - a wireless node.
> 
> This was setup, at configuration time, to only allow ssh and http packets to 
> pass and - as I have now discovered - all that was through ipchains.
> 
> (This is a custom built 2.4.18 kernel over an RH 7.3 distro)
> 
> But when I run ipchains -L on the box I get this:
> 
> 
> 
> [root at electra root]# ipchains -L
> ipchains: Incompatible with this kernel
> 
> 
> 
> Yet when I run iptables (which is compiled into the kernel) - I get this:
> 
> [root at electra root]# /sbin/service iptables start
> Flushing all current rules and user defined chains: modprobe: Can't locate 
> module ip_tables
> iptables v1.2.5: can't initialize iptables table `filter': iptables who? (do 
> you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
>                                                            [FAILED]
> Clearing all current rules and user defined chains: modprobe: Can't locate 
> module ip_tables
> iptables v1.2.5: can't initialize iptables table `filter': iptables who? (do 
> you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
>                                                            [FAILED]
> Applying iptables firewall rules:                          [  OK  ]
>                                                            [  OK  ]
> 
> 
> Is this because RH expects a modularised iptables and not a built in version? 
> (I can't get the kernel to compile packet filtering as a module).
> 

I really don't understand why RedHat do this
they seem to wrap everything in impenetrable shell scripts (well this 
one isn't too bad but why bother)

the service script just runs /etc/init.d/iptables - so read this script 
for more info

but first run `iptables -L`

if iptables has been built properly it should output

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

if no rules are set...

also worth running is lsmod - just to verify which modules are loaded


what is in your /etc/sysconfig/iptables ?

it may be this that is causing problems

-- 

Sean





-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list