[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: netfilter/Knetfilter



Soren,
Sorry about that, I wasn't thinking (as usual ;-). Anyway, I assuming that I am using a different kernel version then you as I do not have all of the same options as you (I'm using 2.4.20 (or they might be named differently)). Anyway, here is a snippet of my kernel config:

#
# Networking options
#
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK_DEV is not set
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_INET_ECN is not set
# CONFIG_SYN_COOKIES is not set

#
#   IP: Netfilter Configuration
#
# CONFIG_IP_NF_CONNTRACK is not set
# CONFIG_IP_NF_IPTABLES is not set
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set
# CONFIG_VLAN_8021Q is not set

#
#  
#
# CONFIG_IPX is not set
# CONFIG_ATALK is not set

I hope this helps

Jon

-----Original Message-----
From: Soren Andersen [mailto:somian@adelphia.net]
Sent: Tuesday, April 22, 2003 11:40 AM
To: debian users
Subject: Re: netfilter/Knetfilter


On Tue, Apr 22, 2003 at 08:29:57AM -0500, Irish, Jon D wrote:
> I recently upgraded my kernel to 2.4.20. During the selection process, I picked the following from the network options:
> *	Packet Socket
> *	Socket filtering
> *	IP Multicast Support
> *	Network Packet Filtering
 
> Every time I try to run knetfilter, I get this error: "You have not
> supported netfilter in your kernel.Please recompile your kernel and
> netfilter tools." What options am I missing from my kernel? I thought
> that Network Packet Filtering was all that was required.
 
IMHO you can get more reliable diagnosis or ready answers here by
posting an actual excerpt of your .config from that kernel build, if
possible, either as an attachment or inline in the message. However
judging from what you wrote, i think you missed the iptables section
entirely. I post below a representative section of a .config file for a
kernel that does iptables:

 ---- cut here ----
#
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
# CONFIG_NETLINK_DEV is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_ROUTE_LARGE_TABLES is not set
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_ARPD is not set
# CONFIG_INET_ECN is not set
CONFIG_SYN_COOKIES=y

#
#   IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
# CONFIG_IPV6 is not set
# CONFIG_KHTTPD is not set
# CONFIG_ATM is not set
# CONFIG_VLAN_8021Q is not set
 ---- snip ----

You'll notice that most of the modules are built as, well, modules ;-). 
So anyway, although I am not an expert (however I play one on TV ...
LOL) I think that maybe you've missed something in the kernel
configuration step; either that, or you built ALL of Netfilter (a.k.a.
IPtables) as module and aren't loading it before trying to use it.

   HTH,
   Soren Andersen

-- 
Find my GnuPG public key on better keyservers everywhere ;-)
GnuPG public key fingerprint:  BD26 A5D8 D781 C96B 9936  310F 0573 A3D9 4E24 4EA6


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: