Page 1 of 2 12 LastLast
Results 1 to 25 of 33
  1. #1
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069

    IP Tables module not working?

    I just installed APF Firewall on my Linux system, but when I try and run it it tells me that it couldn't load because it couldn't load the IP Tables module or something. I used a tutorial on how to secure a cPanel Linux server on this forum.

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    in the apf configuration there is an option to use an monolithic kernel. enable it
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    Ok, thanks. I'll try that.

  4. #4
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    Just tried it, and it seemed to start fine but then it said:

    Opening /proc/modules: No such file or directory

    Is this serious or is APF still running fine?

  5. #5
    Join Date
    Nov 2004
    Location
    India
    Posts
    1,104
    Are you using a compiled kernel? if yes try recompile your kernel by enabling all the ipTables modules..
    AssistanZ - Beyond Boundaries...
    Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
    Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development

  6. #6
    Join Date
    Apr 2004
    Location
    SF Bay Area
    Posts
    879
    Originally posted by klarth
    Just tried it, and it seemed to start fine but then it said:

    Opening /proc/modules: No such file or directory

    Is this serious or is APF still running fine?
    Seems like either module support either is not enabled in your kernel or your kernel has been upgraded from 2.4.x to 2.6.x without a concomitant upgrade to your module utilities.

    I'd verify you have module support enabled in your kernel:

    # cat /proc/modules

    If you can't cat this (ie., it does not exist) then you do not have module support compiled in your kernel. You will have to recompile your kernel and add modules support.

    If you do have modules support enabled, make sure you get the latest version of modutils from ftp.us.kernel.org or whatever distribution you are using.

  7. #7
    1. is this a ded server or VPS?
    2. If it is a VPS, what's the system? UML or Virtuozzo

    More questions to help troubleshoot once you answer the questions. I can't see how anyone in this thread are prescribing solutions without understanding his setup.
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

  8. #8
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    It's a VPS running Fedora Core 2 and it's using Virtuozzo. I'm at school at the moment so I can't test out everyone's solutions at the moment, but I'll try them out. Thanks.

  9. #9
    If you are using Virtuozzo, you need to ask your provider which IPtables modules are enabled. By default very few modules are enabled. It is also possible that they have configured the firewall from their end. So you may not even need to run a firewall. It's best to check with your provider.
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

  10. #10
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    Well, I asked them a few questions but I only found out that my kernal is 2.4.x and that there is no firewall. I asked them about compiling the kernal and enabling modules but they said it couldn't be done. Then I told them that you guys on WHT recommended it and they said it would be forwared to the admin or something. I don't think they'll actually do that, so I think I'll have to try and do it (I'm a Linux newbie ).

  11. #11
    if you're using apf then it does an lsmod to determine what modules are loaded and then does some processing from there.

    i haven't used virtuozzo, but have used uml based vps' - a bare apf install spewed lots of errors about iptables missing but hacking a few lines around the module detection part did the trick...

    i'll try and dig out what i changed to get it working - i suppose a quick check is to run iptables -L and see whether it gives you an error..
    Domain Reseller Accounts

  12. #12
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    I ran the command and no errors came up so it must be APF.

  13. #13
    ok - what version of apf are you using?
    Domain Reseller Accounts

  14. #14
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    Uh...the most current one. I think it's 0.9.5 or something

  15. #15
    in the internals directory, make a backup of functions.apf, then edit the file -

    around line 89/90 then comment out the line

    IPC_VAL=`$LSM | grep ipchains`

    so it would become

    #IPC_VAL=`$LSM | grep ipchains`

    then add in the line

    IPC_VAL=""

    this did the trick for me...
    Domain Reseller Accounts

  16. #16
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    Hm...not sure if it worked or not. I start APF, I see a blank line, and then it goes back to the command prompt but there are no errors.

  17. #17
    try an iptables -L and see if there are any rules in there. it's also worth noting that if you have DEVM=1 then the rules will disappear after a few minutes..
    Domain Reseller Accounts

  18. #18
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    I have it set to 0 I think. I know that they said it's not recommended, but should I keep it at 1?

  19. #19
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    I set it to 1 now, and when I started it APF told me that the firewall would flush every 5 minutes but that's it. Is it working now?

  20. #20
    it's best to keep it at 1 until you've finished messing - otherwise you can loclk yourself out - worth remembering to always keep at least one ssh window open when messing with firewalls!

    if this modification hasn't resulted in anything being added to your iptables, and if the earlier suggestion of setting monokern to 1 doesn't work then the next thing to do is to check what the name of your interface is - i think conf.apf says eth0 or similar, where yours may be venet0 - check the output of ifconfig..
    Domain Reseller Accounts

  21. #21
    if it's not showing any errors that's semi-good

    run

    iptables -L

    after starting apf - do you see any rules listed?

    if not take a look at your network interfaces as per my last post..
    Domain Reseller Accounts

  22. #22
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    It's set to eth0. The weird thing is, APF worked fine on an RH9 box I had. Not sure why it's giving so many problems now...

  23. #23
    was your rh9 box a standalone machine?

    you're in vps land now!

    ok - it's set to eth0, but what is your device called when you run

    ifconfig

    ?
    Domain Reseller Accounts

  24. #24
    Join Date
    Oct 2004
    Location
    LA, CA
    Posts
    1,069
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Is what I get after running APF and then typing in the command.

  25. #25
    ok - what about ifconfig?
    Domain Reseller Accounts

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •