Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User

Problem with connection tracking in IPtables!!

  

 
iptables user RSS feed   Index | Next | Previous | View Threaded


vishamr at gmail

May 9, 2007, 7:54 AM

Post #1 of 5 (463 views)
Permalink
Problem with connection tracking in IPtables!!
Hi to all,

I am using Fedora Core 5 with an upgraded kernel of 2.6.20.4. I
installed iptables-1.3.7 on it. However, I am not able to use
connection tracking. I checked all the items in Networking options
related to connection tracking and iptables. However, when I boot in
my 2.6.20.4 kernel, and issue the comand "service iptables start", I
get this:

[root [at] localhos ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: raw mangle filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[FAILED]

[root [at] localhos ~]# locate ip_conntrack_netbios
/lib/modules/2.6.15-1.2054_FC5smp/kernel/net/ipv4/netfilter/ip_conntrack_netbios_ns.ko
/usr/src/linux-2.6.20.4/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
[root [at] localhos ~]#

It seems that connection tracking is not being activated. How can I
solve this problem?

Warm regards,
Visham


yasuyuki.kozakai at toshiba

May 9, 2007, 11:33 PM

Post #2 of 5 (461 views)
Permalink
Re: Problem with connection tracking in IPtables!! [In reply to]
From: "Ramsurrun Visham" <vishamr [at] gmail>
Date: Wed, 9 May 2007 18:54:27 +0400

> Hi to all,
>
> I am using Fedora Core 5 with an upgraded kernel of 2.6.20.4. I
> installed iptables-1.3.7 on it. However, I am not able to use
> connection tracking. I checked all the items in Networking options
> related to connection tracking and iptables. However, when I boot in
> my 2.6.20.4 kernel, and issue the comand "service iptables start", I
> get this:
>
> [root [at] localhos ~]# service iptables start
> Flushing firewall rules: [ OK ]
> Setting chains to policy ACCEPT: raw mangle filter [ OK ]
> Unloading iptables modules: [ OK ]
> Applying iptables firewall rules: [ OK ]
> Loading additional iptables modules: ip_conntrack_netbios_n[FAILED]
>
> [root [at] localhos ~]# locate ip_conntrack_netbios
> /lib/modules/2.6.15-1.2054_FC5smp/kernel/net/ipv4/netfilter/ip_conntrack_netbios_ns.ko
> /usr/src/linux-2.6.20.4/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
> [root [at] localhos ~]#
>
> It seems that connection tracking is not being activated. How can I
> solve this problem?

You really installed kernel modules for 2.6.20.4 by 'make modules_install' ?
And please check that NF_CONNTRACK_NETBIOS_NS or IP_NF_NETBIOS_NS is set in
your .config.

-- Yasuyuki Kozakai


nlbhat at gmail

May 10, 2007, 1:12 AM

Post #3 of 5 (456 views)
Permalink
Re: Problem with connection tracking in IPtables!! [In reply to]
Dear Visham,

I faced a problem with iptables after upgrading to a recent kernel.
However, the original Fedora install booted just fine.

I went through some online forums and found somebody suggesting that I
1. comment all my iptables rules (/etc/sysconfig/iptables);
2. uncomment/enable one rule
3. restart iptables
4. look for a failure message

One subsequent rule showed that I had a "-m state" specified, but no
kernel module compiled for it. I just ran the "make menuconfig" again;
went through all the options under Networking -> Netfilter configuration
and enabled all modules (just to be safe). Enable specific modules to
your requirement.

I am not sure if this solves your problem; it solved mine.

Nandan


vishamr at gmail

May 11, 2007, 3:43 AM

Post #4 of 5 (455 views)
Permalink
Re: Problem with connection tracking in IPtables!! [In reply to]
Hi to all,

I am unable to see the contents of the ip_conntrack file. I have built
the iptables modules in my 2.6.20.4 kernel itself. Is that what might
causing this problem? Should I select the options as modules?

Warm regards,
Visham


yasuyuki.kozakai at toshiba

May 14, 2007, 5:03 AM

Post #5 of 5 (448 views)
Permalink
Re: Problem with connection tracking in IPtables!! [In reply to]
From: "Ramsurrun Visham" <vishamr [at] gmail>
Date: Fri, 11 May 2007 14:43:19 +0400

> Hi to all,
>
> I am unable to see the contents of the ip_conntrack file. I have built
> the iptables modules in my 2.6.20.4 kernel itself. Is that what might
> causing this problem? Should I select the options as modules?

AFAIK your .config in previous mail, you are using nf_conntrack, not
ip_conntrack. nf_conntrack is new module. But it is compatible with
ip_conntrack, if you also load nf_conntrack_ipv4. Don't worry.

Regards,

-- Yasuyuki Kozakai

iptables user RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.