Results 1 to 25 of 33
Thread: IP Tables module not working?
-
04-17-2005, 10:55 PM #1Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
IP Tables module not working?
I just installed APF Firewall on my Linux system, but when I try and run it it tells me that it couldn't load because it couldn't load the IP Tables module or something. I used a tutorial on how to secure a cPanel Linux server on this forum.
-
04-17-2005, 11:01 PM #2Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
in the apf configuration there is an option to use an monolithic kernel. enable it
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
04-18-2005, 01:24 AM #3Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
Ok, thanks. I'll try that.
-
04-18-2005, 01:28 AM #4Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
Just tried it, and it seemed to start fine but then it said:
Opening /proc/modules: No such file or directory
Is this serious or is APF still running fine?
-
04-18-2005, 01:02 PM #5Web Hosting Master
- Join Date
- Nov 2004
- Location
- India
- Posts
- 1,104
Are you using a compiled kernel? if yes try recompile your kernel by enabling all the ipTables modules..
AssistanZ - Beyond Boundaries...
Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development
-
04-18-2005, 01:49 PM #6Web Hosting Master
- Join Date
- Apr 2004
- Location
- SF Bay Area
- Posts
- 879
Originally posted by klarth
Just tried it, and it seemed to start fine but then it said:
Opening /proc/modules: No such file or directory
Is this serious or is APF still running fine?
I'd verify you have module support enabled in your kernel:
# cat /proc/modules
If you can't cat this (ie., it does not exist) then you do not have module support compiled in your kernel. You will have to recompile your kernel and add modules support.
If you do have modules support enabled, make sure you get the latest version of modutils from ftp.us.kernel.org or whatever distribution you are using.
-
04-18-2005, 02:12 PM #7Retired Moderator
- Join Date
- Jan 2003
- Posts
- 9,049
1. is this a ded server or VPS?
2. If it is a VPS, what's the system? UML or Virtuozzo
More questions to help troubleshoot once you answer the questions. I can't see how anyone in this thread are prescribing solutions without understanding his setup.••• Like us on Facebook to qualify for discounts! •••
••• http://www.sprintserve.net •••
••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••
-
04-18-2005, 02:50 PM #8Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
It's a VPS running Fedora Core 2 and it's using Virtuozzo. I'm at school at the moment so I can't test out everyone's solutions at the moment, but I'll try them out. Thanks.
-
04-18-2005, 02:56 PM #9Retired Moderator
- Join Date
- Jan 2003
- Posts
- 9,049
If you are using Virtuozzo, you need to ask your provider which IPtables modules are enabled. By default very few modules are enabled. It is also possible that they have configured the firewall from their end. So you may not even need to run a firewall. It's best to check with your provider.
••• Like us on Facebook to qualify for discounts! •••
••• http://www.sprintserve.net •••
••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••
-
04-18-2005, 09:24 PM #10Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
Well, I asked them a few questions but I only found out that my kernal is 2.4.x and that there is no firewall. I asked them about compiling the kernal and enabling modules but they said it couldn't be done. Then I told them that you guys on WHT recommended it and they said it would be forwared to the admin or something. I don't think they'll actually do that, so I think I'll have to try and do it (I'm a Linux newbie ).
-
04-18-2005, 10:11 PM #11Newbie
- Join Date
- Apr 2005
- Posts
- 15
if you're using apf then it does an lsmod to determine what modules are loaded and then does some processing from there.
i haven't used virtuozzo, but have used uml based vps' - a bare apf install spewed lots of errors about iptables missing but hacking a few lines around the module detection part did the trick...
i'll try and dig out what i changed to get it working - i suppose a quick check is to run iptables -L and see whether it gives you an error..Domain Reseller Accounts
-
04-18-2005, 10:34 PM #12Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
I ran the command and no errors came up so it must be APF.
-
04-18-2005, 10:48 PM #13Newbie
- Join Date
- Apr 2005
- Posts
- 15
ok - what version of apf are you using?
Domain Reseller Accounts
-
04-18-2005, 10:51 PM #14Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
Uh...the most current one. I think it's 0.9.5 or something
-
04-18-2005, 10:52 PM #15Newbie
- Join Date
- Apr 2005
- Posts
- 15
in the internals directory, make a backup of functions.apf, then edit the file -
around line 89/90 then comment out the line
IPC_VAL=`$LSM | grep ipchains`
so it would become
#IPC_VAL=`$LSM | grep ipchains`
then add in the line
IPC_VAL=""
this did the trick for me...Domain Reseller Accounts
-
04-18-2005, 11:18 PM #16Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
Hm...not sure if it worked or not. I start APF, I see a blank line, and then it goes back to the command prompt but there are no errors.
-
04-18-2005, 11:22 PM #17Newbie
- Join Date
- Apr 2005
- Posts
- 15
try an iptables -L and see if there are any rules in there. it's also worth noting that if you have DEVM=1 then the rules will disappear after a few minutes..
Domain Reseller Accounts
-
04-18-2005, 11:25 PM #18Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
I have it set to 0 I think. I know that they said it's not recommended, but should I keep it at 1?
-
04-18-2005, 11:28 PM #19Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
I set it to 1 now, and when I started it APF told me that the firewall would flush every 5 minutes but that's it. Is it working now?
-
04-18-2005, 11:28 PM #20Newbie
- Join Date
- Apr 2005
- Posts
- 15
it's best to keep it at 1 until you've finished messing - otherwise you can loclk yourself out - worth remembering to always keep at least one ssh window open when messing with firewalls!
if this modification hasn't resulted in anything being added to your iptables, and if the earlier suggestion of setting monokern to 1 doesn't work then the next thing to do is to check what the name of your interface is - i think conf.apf says eth0 or similar, where yours may be venet0 - check the output of ifconfig..Domain Reseller Accounts
-
04-18-2005, 11:29 PM #21Newbie
- Join Date
- Apr 2005
- Posts
- 15
if it's not showing any errors that's semi-good
run
iptables -L
after starting apf - do you see any rules listed?
if not take a look at your network interfaces as per my last post..Domain Reseller Accounts
-
04-18-2005, 11:36 PM #22Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
It's set to eth0. The weird thing is, APF worked fine on an RH9 box I had. Not sure why it's giving so many problems now...
-
04-18-2005, 11:40 PM #23Newbie
- Join Date
- Apr 2005
- Posts
- 15
was your rh9 box a standalone machine?
you're in vps land now!
ok - it's set to eth0, but what is your device called when you run
ifconfig
?Domain Reseller Accounts
-
04-18-2005, 11:41 PM #24Over there
- Join Date
- Oct 2004
- Location
- LA, CA
- Posts
- 1,069
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Is what I get after running APF and then typing in the command.
-
04-18-2005, 11:43 PM #25Newbie
- Join Date
- Apr 2005
- Posts
- 15
ok - what about ifconfig?
Domain Reseller Accounts