Iptables + extensions + Fedora 3

Iptables + extensions + Fedora 3

[diegoa]

I need to add the extenions for iptables. I am running Fedora 3. I
downloaded patch-o-matic which lets me add the extensions I need. Here's
what I have done so far.

1. Download patch-o-matic, kernel sources, etc.
2. Installed the kernel source.
3. Ran iptables runme -extra and installed the quota patch
4. Complied the kernel according to this site:
http://www.cri.ch/linux/docs/sk0010.html
5. I restarted and booted into the new kernel that appeared in the grub menu.
6. I ran the iptables command to apply the quota patch: iptables -A INPUT
-p tcp -m quota --quota 2147483648 -j ACCEPT

and I got this error: iptables v1.2.11: Couldn't load match
`quota':/lib/iptables/libipt_quota.so: cannot open shared object file: No
such file or directory

7. I ran make menuconfig and I found the kernel module marked for Module.
Which to me says that it is configured in the new kernel.

Is the module loaded? Yes, according to...
[root@localhost ~]# modprobe -l | grep quota
/lib/modules/2.6.9-prep/kernel/net/ipv4/netfilter/ipt_quota.ko

What is going on here?

Re: Iptables + extensions + Fedora 3

[Petr Pisar]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

diegoa@imagiro-1.com wrote:
> 6. I ran the iptables command to apply the quota patch: iptables -A INPUT
> -p tcp -m quota --quota 2147483648 -j ACCEPT
> 
> and I got this error: iptables v1.2.11: Couldn't load match
> `quota':/lib/iptables/libipt_quota.so: cannot open shared object file: No
> such file or directory
> 
iptables is userspace tool. It needs to know, how to comunicate with
netfilter in kernel. For this purpose there exist shared libraries in
/lib/iptables. Almost every netfilter module has its own "mirror" in
this directory. You need to recompile iptables (not kernel) using new
kernel header files. If libipt_quota is not standard part of iptables,
you will need to patch it too.

- -- Petr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEassWuR4f4nEwzHIRAjnYAJ9953b1xr0K968iROdUp1KsJg8hQQCcDpoD
w80Om/4mqfzqae1aTR5FBrs=
=V8Df
-----END PGP SIGNATURE-----

Re: Iptables + extensions + Fedora 3

[Petr Pisar]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

diegoa@imagiro-1.com wrote:
> 6. I ran the iptables command to apply the quota patch: iptables -A INPUT
> -p tcp -m quota --quota 2147483648 -j ACCEPT
> 
> and I got this error: iptables v1.2.11: Couldn't load match
> `quota':/lib/iptables/libipt_quota.so: cannot open shared object file: No
> such file or directory
> 
iptables is userspace tool. It needs to know, how to comunicate with
netfilter in kernel. For this purpose there exist shared libraries in
/lib/iptables. Almost every netfilter module has its own "mirror" in
this directory. You need to recompile iptables (not kernel) using new
kernel header files. If libipt_quota is not standard part of iptables,
you will need to patch it too.

- -- Petr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEassWuR4f4nEwzHIRAjnYAJ9953b1xr0K968iROdUp1KsJg8hQQCcDpoD
w80Om/4mqfzqae1aTR5FBrs=
=V8Df
-----END PGP SIGNATURE-----