Re: [GLUG-chat] Patching iptables 1.2.11 and kernel 2.6.10

[Kenneth Kalmer <kenneth.kalmer@gmail.com>]

On Fri, 4 Mar 2005 08:11:12 +0200, Hendrik Visage
<hvisage@envisage.co.za> wrote:
> On Fri, Mar 04, 2005 at 01:56:09AM +0200, Kenneth Kalmer wrote:
> > Guys
> >
> > I've spend hours trying to figure this, and plenty of Google searches.
> > If anyone can help it would be greatly appreciated.
> >
> > I'm trying to get IPP2P and the layer7-filter to work with iptables
> > 1.2.11 and kernel 2.6.10 on Fedora Core 3. The kernel patches cleanly,
> > compiles just fine and reboots perfectly. The problem is that I can't
> > get iptables to compile.
> >
> > I get the same error message every time I run make:
> >
> > #error including kernel header in userspace; use the glibc headers instead!
> 
> Hmmm.... never seen this on the Lunar and gentoo systems I've tried/used it on...
> 
> > Problem is that for every rule I try I get the same response from iptables:
> >
> > # iptables -A FORWARD -o eth0 -m ipp2p --ipp2p -j DROP
> > iptables: No chain/target/match by that name
> >
> > When I run:
> >
> > # iptables -m ipp2p --help
> >
> > I do get help, leading me to believe that the iptables binary is
> > screwed in some way. Looking in /lib/iptables I can see
> > libipt_ipp2p.so and libipt_layer7.so. The modules exists and both can
> > be loaded.
> 
> You are sure those are modules for the filter tables?

yip, according to the IPP2P examples at
http://rnvs.informatik.uni-leipzig.de/ipp2p/docu_en.html you can use
it in FORWARD, MANGLE, PREROUTING, POSTROUTING in both FILTER and
MANGLE.

according to the l7 examples at
http://l7-filter.sourceforge.net/L7-Netfilter-example-nonbridge you
can use in in MANGLE, but elsewhere I've seen it used in FILTER as
well

> You are are using the newly compiled iptables binary (typically in
> /usr/local/bin AFAIR) and not the Fedore one?
> The other modules in /lib/iptables have the same date and timestamps
> as the libipt_ipp2p.so and libipt_layer7.so binaries?
> The iptables binary aren't looking in /usr/local/lib/iptables/ ??

Yip, I did a quick rpm -qV iptables which confirmed that the binaries
changed. I also simlinked /usr/local/lib/iptables to /lib/iptables to
make sure. As I said, the iptables binary clearly knows about the new
modules, pitty they don't work.

> 
> Hendrik
> >
> > How would I get iptables to compile with my modules without changing
> > (and breaking) the kernel source? I know nothing about C, or C++ so I
> > can't dive in and fix things up myself.
> >
> > Any help would be appreciated.
> >
> > --
> >
> > Kenneth Kalmer
> > kenneth.kalmer@gmail.com
> > http://opensourcery.blogspot.com
> > ---
> > To unsubscribe: send the line "unsubscribe glug-chat" in the
> > subject of a mail to "glug-chat-request@linux.org.za".
> > Problems? Email "glug-chat-admins@linux.org.za". Archives are at
> > http://www.linux.org.za/Lists-Archives/
> >
> >
> 


-- 

Kenneth Kalmer
kenneth.kalmer@gmail.com
http://opensourcery.blogspot.com