Linode.com Forum

sednet · Joined: 17 Mar 2004 Posts: 106 Location: Europe

I also have brakeage of iptables. Kernel support seems to be missing.

linode:/etc/mail# iptables -L -n -v
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

sednet · Joined: 17 Mar 2004 Posts: 106 Location: Europe

Whoops. That was meant to be a reply. Not a new thread.

caker · Joined: 15 Apr 2003 Posts: 2392 Location: Galloway, NJ

New threads are actually what I prefer.

Go ahead and reboot your Linode. 2.6.16-domU-linode1 build #2 has all the filtering rules enabled. Let me know if that fixes it.

-Chris

sednet · Joined: 17 Mar 2004 Posts: 106 Location: Europe

caker wrote: New threads are actually what I prefer.

Go ahead and reboot your Linode. 2.6.16-domU-linode1 build #2 has all the filtering rules enabled. Let me know if that fixes it.

-Chris

Iptables works, but now I'm missing some block devices:

linode:~# mount /var
mount: /dev/hda4 is not a valid block device

This is odd because some of them work. Does the new kernel have ext2 and ext3 support?

caker · Joined: 15 Apr 2003 Posts: 2392 Location: Galloway, NJ

See

http://www.linode.com/forums/viewtopic.php?t=2180

Keep rebooting until everything shows up in /proc/partitions.

-Chris

sednet · Joined: 17 Mar 2004 Posts: 106 Location: Europe

sednet wrote: caker wrote: New threads are actually what I prefer.

Go ahead and reboot your Linode. 2.6.16-domU-linode1 build #2 has all the filtering rules enabled. Let me know if that fixes it.

-Chris

Iptables works, but now I'm missing some block devices:

linode:~# mount /var
mount: /dev/hda4 is not a valid block device

This is odd because some of them work. Does the new kernel have ext2 and ext3 support?

From a systrace:
open("/dev/hda4", O_RDONLY|O_LARGEFILE) = -1 ENXIO (No such device or address)

caker · Joined: 15 Apr 2003 Posts: 2392 Location: Galloway, NJ

Read the gotchas post :)

-Chris

sednet · Joined: 17 Mar 2004 Posts: 106 Location: Europe

Iptables seems to be working perfectly now.

The debian iptables job isn't applying my iptables setup but that doesn't look like xens fault.

I've bound everything that should not go over the internet to 127.0.0.1 anyway.

This has been much more fun than going to work. Grr.. SOx audits.

sednet · Joined: 17 Mar 2004 Posts: 106 Location: Europe

sednet wrote: Iptables seems to be working perfectly now.
.

I think I was wrong there, I don't think all of iptables is in the kernel.

I know the following line worked, I pulled it off the linode and off my backup:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables: No chain/target/match by that name

The simple stuff certainly works:

linode:/var/lib/iptables# iptables -L -n -v
Chain INPUT (policy ACCEPT 1790 packets, 147K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0

Anyway I really need to go to work now. Thanks for xen Chris! It does seem to be quite a lot faster.

caker · Joined: 15 Apr 2003 Posts: 2392 Location: Galloway, NJ

sednet wrote: iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables: No chain/target/match by that name
Yup. Missed a few options...

Code: # uname -a
Linux li3-242 2.6.16-domU-linode1 #3 SMP Tue Mar 28 03:10:40 EST 2006 i686 GNU/Linux
li3-242:~# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
li3-242:~#

-Chris