iptables 1.0.0 error continues

Michael Tokarev mjt@tls.msk.ru
Thu, 06 Apr 2000 19:34:05 +0400 

William Stearns wrote:
> 
> Good day, Sami,
>         Try the following:
> cd /usr/src/linux-2.3.99-pre3
> make modules
> make modules_install
> cd /
> depmod -a
> modprobe ip_tables
>         Cheers,
>         - Bill

Oh, do _NOT_ do this!  You choosed to not to build ip tables as a module
(as you say in .config: CONFIG_IP_NF_CONNTRACK=y, not =m).  And with this,
all ip tables files are compiled into the kernel. HEre is why you can't load
them by insmod from /usr/src/linux-2.3.99-pre3/... -- module should have some
format that is different from plain object file.
All your software already in the kernel (that's not good, but not relevant)...
So make modules and make modules_install will do _nothing_ for ip tables.

> 
> On Fri, 7 Apr 2000 Sami.A.Maenpaa@tietoenator.com wrote:
> 
> > Hello there !
> >
> > Yesterday I write :
> >
> > >I have compiled new kernel (2.3.99-pre3) to my Red Hat linux. I have
> > choosed the
> > >config_netfilter options as Y (yes) befefore compiling.
> >
> > >I have installed the iptables v1.0.0 and now I got this message :
> >
> > >iptables v1.0.0: can't initialize iptables table `filter': iptables who?
> > (do yo)
> > >Perhaps iptables or your kernel needs to be upgraded.
> >
> > I got some answers and I here is what I have tryed to to:
> >
> > 1. relink the kernel with following options in the /usr/src/linux/.config
> > file
> >
> > #   IP: Netfilter Configuration
> > #
> > CONFIG_IP_NF_CONNTRACK=y
> > CONFIG_IP_NF_FTP=y
> > CONFIG_IP_NF_QUEUE=y
> > CONFIG_IP_NF_IPTABLES=y
> > CONFIG_IP_NF_MATCH_LIMIT=y
> > CONFIG_IP_NF_MATCH_MAC=y
> > CONFIG_IP_NF_MATCH_MARK=y
> > CONFIG_IP_NF_MATCH_MULTIPORT=y
> > CONFIG_IP_NF_MATCH_TOS=y
> > CONFIG_IP_NF_MATCH_STATE=y
> > CONFIG_IP_NF_MATCH_UNCLEAN=y
> > CONFIG_IP_NF_MATCH_OWNER=y
> > CONFIG_IP_NF_FILTER=y
> > CONFIG_IP_NF_TARGET_REJECT=y
> > CONFIG_IP_NF_TARGET_MIRROR=y
> > CONFIG_IP_NF_NAT=y
> > CONFIG_IP_NF_TARGET_MASQUERADE=y
> > CONFIG_IP_NF_TARGET_REDIRECT=y
> > CONFIG_IP_NF_MANGLE=y
> > CONFIG_IP_NF_TARGET_TOS=y
> > CONFIG_IP_NF_TARGET_REDIRECT=y
> > CONFIG_IP_NF_MANGLE=y
> > CONFIG_IP_NF_TARGET_TOS=y
> > CONFIG_IP_NF_TARGET_MARK=y
> > CONFIG_IP_NF_TARGET_LOG=y
> > # CONFIG_IPV6 is not set
> > # CONFIG_KHTTPD is not set
> > # CONFIG_ATM is not set
> >
> > This does not help
> >
> > 2. I tried the insmod (or modprobe) iptable_filter.
> >     [root@linuxgw /lib]# find / -name ip_table*
> >     /usr/src/linux-2.3.99-pre3/include/linux/netfilter_ipv4/ip_tables.h
> >     /usr/src/linux-2.3.99-pre3/net/ipv4/netfilter/ip_tables.c
> >     /usr/src/linux-2.3.99-pre3/net/ipv4/netfilter/ip_tables.o
> >    [root@linuxgw /lib]# cd //usr/src/linux-2.3.99-pre3/net/ipv4/netfilter
> >    [root@linuxgw netfilter]# insmod ip_tables
> >
> >    This gives the following ERROR message :
> >    ./ip_tables.o: couldn't find the kernel version the module was compiled
> > for
> >
> >  3. I tried the insmod (or modprobe) ip_tables.o
> >
> >    This gives the following ERROR message :
> >    ./ip_tables.o: couldn't find the kernel version the module was compiled
> > for
> 
> ---------------------------------------------------------------------------
>         My desk has a security flaw.  If I bang my forehead at it for
> two days continuously I can make a hole in it.
>         Wuss, bang harder.
>         -- Slashdot debate on a Unix security issue
> --------------------------------------------------------------------------
> William Stearns (wstearns@pobox.com).  Mason, Buildkernel, named2hosts,
> and ipfwadm2ipchains are at:                http://www.pobox.com/~wstearns
> LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com
> --------------------------------------------------------------------------