Re: netfilter/Knetfilter

To: debian users <debian-user@lists.debian.org>
Subject: Re: netfilter/Knetfilter
From: somian@adelphia.net (Soren Andersen)
Date: Tue, 22 Apr 2003 12:39:33 -0400
Message-id: <[🔎] 20030422163933.GA18448@ny-kenton2a-710.buf.adelphia.net>
Mail-followup-to: somian@adelphia.net, debian users <debian-user@lists.debian.org>
In-reply-to: <[🔎] 7B0C4866F39B1C4A9EB86A743B279D4E033DE9@peo7.amd.army.mil>
References: <[🔎] 7B0C4866F39B1C4A9EB86A743B279D4E033DE9@peo7.amd.army.mil>

On Tue, Apr 22, 2003 at 08:29:57AM -0500, Irish, Jon D wrote:
> I recently upgraded my kernel to 2.4.20. During the selection process, I picked the following from the network options:
> *	Packet Socket
> *	Socket filtering
> *	IP Multicast Support
> *	Network Packet Filtering
 
> Every time I try to run knetfilter, I get this error: "You have not
> supported netfilter in your kernel.Please recompile your kernel and
> netfilter tools." What options am I missing from my kernel? I thought
> that Network Packet Filtering was all that was required.
 
IMHO you can get more reliable diagnosis or ready answers here by
posting an actual excerpt of your .config from that kernel build, if
possible, either as an attachment or inline in the message. However
judging from what you wrote, i think you missed the iptables section
entirely. I post below a representative section of a .config file for a
kernel that does iptables:

 ---- cut here ----
#
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
# CONFIG_NETLINK_DEV is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_ROUTE_LARGE_TABLES is not set
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_ARPD is not set
# CONFIG_INET_ECN is not set
CONFIG_SYN_COOKIES=y

#
#   IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
# CONFIG_IPV6 is not set
# CONFIG_KHTTPD is not set
# CONFIG_ATM is not set
# CONFIG_VLAN_8021Q is not set
 ---- snip ----

You'll notice that most of the modules are built as, well, modules ;-). 
So anyway, although I am not an expert (however I play one on TV ...
LOL) I think that maybe you've missed something in the kernel
configuration step; either that, or you built ALL of Netfilter (a.k.a.
IPtables) as module and aren't loading it before trying to use it.

   HTH,
   Soren Andersen

-- 
Find my GnuPG public key on better keyservers everywhere ;-)
GnuPG public key fingerprint:  BD26 A5D8 D781 C96B 9936  310F 0573 A3D9 4E24 4EA6

Reply to:

References:
- netfilter/Knetfilter
  - From: "Irish, Jon D BAE SYSTEMS" <Jon.Irish@AMD.ARMY.MIL>

Prev by Date: Re: How to force fsck at boot time?
Next by Date: Re: netfilter/Knetfilter
Previous by thread: netfilter/Knetfilter
Next by thread: Re: netfilter/Knetfilter
Index(es):
- Date
- Thread