What's with this error?

What's with this error?

[Janina Sajka]

I'm trying to setup some firewalling rules using the endoshield script.
This is on a DEC Alpha running Debian Woody with the 2.4.20 kernel. I'm
fully updated based on apt-get.

When I run the script I get:

/lib/modules/2.4.20/kernel/net/ipv4/netfilter/ip_tables.o: insmod
ip_tables failed
iptables v1.2.6a: can't initialize iptables table `filter': iptables
who? (do you need to insmod?)

This happens whatever I do to /etc/init.d/iptables. -- halt, stop,
start, etc. Actually, "start" doesn't work, complains about an "unknown
rule set."

If I try to modprobe ip_tables, I get the same error. If I try rmmod,
I'm told it isn't loaded, and indeed, it doesn't show with lsmod.

SAny advice greatly appreciated. I'd like to shutdown all the ports that
don't need to be open. Thanks in advance.

Reply-To: 
X-Operating-System: Linux toccata.rednote.net 2.4.18-17.8.0 


-- 
	
				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina@afb.net		Phone: (202) 408-8175

Re: What's with this error?

[Adam Myrow]

Hmm, does "depmod -a" report any unrresolved symbols?  Is there an
iptables.o module in /lib/modules/2.4.20 or any directory under it?  Did
you compile support for IP packet filtering as a module or into the kernel
directly?  I've never used Linux on a DEC system, but these questions
would apply no matter what the platform.

Re: What's with this error?

[Toby Fisher]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 2 Dec 2002, Janina Sajka wrote:

> I'm trying to setup some firewalling rules using the endoshield script.
> This is on a DEC Alpha running Debian Woody with the 2.4.20 kernel. I'm
> fully updated based on apt-get.
>
> When I run the script I get:
>
> /lib/modules/2.4.20/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> ip_tables failed
> iptables v1.2.6a: can't initialize iptables table `filter': iptables
> who? (do you need to insmod?)
>
> This happens whatever I do to /etc/init.d/iptables. -- halt, stop,
> start, etc. Actually, "start" doesn't work, complains about an "unknown
> rule set."
>
> If I try to modprobe ip_tables, I get the same error. If I try rmmod,
> I'm told it isn't loaded, and indeed, it doesn't show with lsmod.
>

Sounds like you've got iptables compiled straight into the kernel, just
edit the script and comment out the lines that try to load the iptables
module.  This is done so that people can have a system using either
iptables or ipchains.  I had a similar problem, but a few comments in the
right places means that it now runs error-free.

HTH

- -- 
Toby Fisher	 Email: toby@tjfisher.co.uk
Tel.: +44(0)1480 417272	Mobile: +44(0)7974 363239
ICQ: #61744808
   Please avoid sending me Word or PowerPoint attachments.
   See http://www.fsf.org/philosophy/no-word-attachments.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQE97M44Kl9qIwuqk+IRAvsFAJ0UXng36bRZtlxWaZOCDZnoM/uwmACfWbqj
rwl+O97Ri83j8XfWzKFXVTg=
=5ubM
-----END PGP SIGNATURE-----

Re: What's with this error?

[shaun_oliver]

janina, did you indeed compile iptables support into yer kernel? if you
didn't, that might explain your problems.
hth

-- 
Shaun Oliver

A plethora of individuals with expertise in
culinary
techniques
           contaminate
the potable concoction produced by steeping certain edible
           nutriments.

email: shaun_oliver@optusnet.com.au
ICQ: 76958435
yahoo: blindman01_2000
MSN: blindman_2001@hotmail.com
IRC: irc.angeleyez.net
IRC NICK: blindman

Re: What's with this error?

[Janina Sajka]

Here's some relevant lines from my .config. I think I have what I need, unless it's "multiple tables" support, which I don't understand to be the issue:

linux#grep -i table .config
# CONFIG_IP_MULTIPLE_TABLES is not set
# CONFIG_IP_ROUTE_LARGE_TABLES is not set
CONFIG_IP_NF_IPTABLES=m
# CONFIG_IP_NF_ARPTABLES is not set

Someone on the mid-atlantic linux list suggested that I am behind on versions, that apt-get can't be relied on to be up to date. I haven't had the time
to check this out yet. Also, I don't quite understand how that matters.


shaun_oliver@optusnet.com.au writes:
> From: shaun_oliver@optusnet.com.au
> 
> janina, did you indeed compile iptables support into yer kernel? if you
> didn't, that might explain your problems.
> hth
> 
> -- 
> Shaun Oliver
> 
> A plethora of individuals with expertise in
> culinary
> techniques
>            contaminate
> the potable concoction produced by steeping certain edible
>            nutriments.
> 
> email: shaun_oliver@optusnet.com.au
> ICQ: 76958435
> yahoo: blindman01_2000
> MSN: blindman_2001@hotmail.com
> IRC: irc.angeleyez.net
> IRC NICK: blindman
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
	
				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina@afb.net		Phone: (202) 408-8175

Re: What's with this error?

[Janina Sajka]

For the record, here's the response from the mid-atlantic linux list that I need to check out:


I should preface this by saying the experience I have with either Woody
or DEC Alpha's is only slightly above none.  I've got even less for
apt-get & endoshield (I just write my scripts by hand).

However, I do know that Netfilter -- because it's part of the kernel --
can not be updated via any sort of patch or update program (e.g. RPM or,
as I understand it, apt-get.)  You have to get the source & recompile
your kernel to update Netfilter (the hooks in the kernel) & you'll also
want to update iptables (the userland command.)  Judging by your error,
which mentions iptables v1.2.6a, it looks like your Netfilter/iptables
needs updating (1.2.7a is current -- take a look at www.netfilter.org,
they've also got some great how-to's there.)

Also note that you can end up with multiple versions of iptables on the
same box -- watch where you put it, and make sure to use the right one
for the kernel you boot.  [That one cost me a little hair first time
around...]
 
Toby Fisher writes:
> From: Toby Fisher <toby@tjfisher.co.uk>
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Mon, 2 Dec 2002, Janina Sajka wrote:
> 
> > I'm trying to setup some firewalling rules using the endoshield script.
> > This is on a DEC Alpha running Debian Woody with the 2.4.20 kernel. I'm
> > fully updated based on apt-get.
> >
> > When I run the script I get:
> >
> > /lib/modules/2.4.20/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> > ip_tables failed
> > iptables v1.2.6a: can't initialize iptables table `filter': iptables
> > who? (do you need to insmod?)
> >
> > This happens whatever I do to /etc/init.d/iptables. -- halt, stop,
> > start, etc. Actually, "start" doesn't work, complains about an "unknown
> > rule set."
> >
> > If I try to modprobe ip_tables, I get the same error. If I try rmmod,
> > I'm told it isn't loaded, and indeed, it doesn't show with lsmod.
> >
> 
> Sounds like you've got iptables compiled straight into the kernel, just
> edit the script and comment out the lines that try to load the iptables
> module.  This is done so that people can have a system using either
> iptables or ipchains.  I had a similar problem, but a few comments in the
> right places means that it now runs error-free.
> 
> HTH
> 
> - -- 
> Toby Fisher	 Email: toby@tjfisher.co.uk
> Tel.: +44(0)1480 417272	Mobile: +44(0)7974 363239
> ICQ: #61744808
>    Please avoid sending me Word or PowerPoint attachments.
>    See http://www.fsf.org/philosophy/no-word-attachments.html
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
> 
> iD8DBQE97M44Kl9qIwuqk+IRAvsFAJ0UXng36bRZtlxWaZOCDZnoM/uwmACfWbqj
> rwl+O97Ri83j8XfWzKFXVTg=
> =5ubM
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
	
				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina@afb.net		Phone: (202) 408-8175

Re: What's with this error?

[Igor Gueths]

Well in the way it matters is that often enough versions of certain progs
may not be in sync with the pkg i.e., rpm/debbed version. As a result, I
build things from source to ensure that I am always getting the latest
version or in extreme cases, use Cvs. Fortunately, Debian is not so
protective of its pkg's like RH!

May you code in the power of the source,
may the kernel, libraries, and utilities be with you,
throughout all distributions until the end of the epoch.

On Wed, 4 Dec 2002, Janina Sajka wrote:

> Here's some relevant lines from my .config. I think I have what I need, unless it's "multiple tables" support, which I don't understand to be the issue:
>
> linux#grep -i table .config
> # CONFIG_IP_MULTIPLE_TABLES is not set
> # CONFIG_IP_ROUTE_LARGE_TABLES is not set
> CONFIG_IP_NF_IPTABLES=m
> # CONFIG_IP_NF_ARPTABLES is not set
>
> Someone on the mid-atlantic linux list suggested that I am behind on versions, that apt-get can't be relied on to be up to date. I haven't had the time
> to check this out yet. Also, I don't quite understand how that matters.
>
>
> shaun_oliver@optusnet.com.au writes:
> > From: shaun_oliver@optusnet.com.au
> >
> > janina, did you indeed compile iptables support into yer kernel? if you
> > didn't, that might explain your problems.
> > hth
> >
> > --
> > Shaun Oliver
> >
> > A plethora of individuals with expertise in
> > culinary
> > techniques
> >            contaminate
> > the potable concoction produced by steeping certain edible
> >            nutriments.
> >
> > email: shaun_oliver@optusnet.com.au
> > ICQ: 76958435
> > yahoo: blindman01_2000
> > MSN: blindman_2001@hotmail.com
> > IRC: irc.angeleyez.net
> > IRC NICK: blindman
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
> --
>
> 				Janina Sajka, Director
> 				Technology Research and Development
> 				Governmental Relations Group
> 				American Foundation for the Blind (AFB)
>
> Email: janina@afb.net		Phone: (202) 408-8175
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

Re: What's with this error?

[William F. Acker WB2FLW +1-303-777-8123]

On Wed, 4 Dec 2002, Igor Gueths wrote:

> Fortunately, Debian is not so
> protective of its pkg's like RH!
Care to explain the above statement?
-- 
          Bill in Denver

Re: What's with this error?

[jwantz]

Hi Igor,
Your response doesn't make sense.  The install command is specified in 
[progname].spec which is used to build the rpm.  Why would Redhat change 
the installation script?  Unless they knew that the installation script 
was attempting to install the file somewhere it shouldn't be.  Since 
Redhat has claimed to be compliant with the linux standard since 7.3, 
maybe the problem is that the installation scripts were written on 
non-compliant distros including earlier Redhat versions.

     Jim Wantz WB0TFK
On Thu, 5 Dec 2002 
igueths@attbi.com wrote:

> Well I have heard of instances where if you compile a prog from source under 
> RH, and you attempt to update the system with something like up2date, rpm will 
> complain that it can't find certain dependencies such as Libstdc++. This is 
> because rpm drops it in a nonstandard location, which is different from where 
> it would be placed after a make install for example. This is basically what I 
> meant by overprotection. However, dpkg tends to put things in places such 
> as /usr/sbin, which is a standard location for the most part. I know ssh 
> installs itself there. One remedy for this I think is for people to just edit 
> the install command in the toplevel Makefile, however I know some people might 
> be leary about doing this. 
> > On Wed, 4 Dec 2002, Igor Gueths wrote:
> > 
> > > Fortunately, Debian is not so
> > > protective of its pkg's like RH!
> > Care to explain the above statement?
> > -- 
> >           Bill in Denver
> > 
> > 
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

Re: What's with this error?

[Janina Sajka]

igueths@attbi.com writes:
> 
> Well I have heard of instances 
Objection, your honor. Hearsay is not admissable.

Sorry, you lose.

Re: What's with this error?

[igueths]

Well I have heard of instances where if you compile a prog from source under 
RH, and you attempt to update the system with something like up2date, rpm will 
complain that it can't find certain dependencies such as Libstdc++. This is 
because rpm drops it in a nonstandard location, which is different from where 
it would be placed after a make install for example. This is basically what I 
meant by overprotection. However, dpkg tends to put things in places such 
as /usr/sbin, which is a standard location for the most part. I know ssh 
installs itself there. One remedy for this I think is for people to just edit 
the install command in the toplevel Makefile, however I know some people might 
be leary about doing this. 
> On Wed, 4 Dec 2002, Igor Gueths wrote:
> 
> > Fortunately, Debian is not so
> > protective of its pkg's like RH!
> Care to explain the above statement?
> -- 
>           Bill in Denver
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup