iptables/firewall won't load

rmel wrote:

Configuration:  Currently running V2.3R63 + Unslung 6.10-beta with external disk.

Attempted Project: http://www.nslu2-linux.org/wiki/HowTo/EnableFirewall

Note: All dependent kernel modules loaded via ipkg, also ran ipkg update and upgrade.

Problem: failure to parse iptables.sh to set firewall rules.  For some reason this did work once now can't get it to re-load after a Slug re-boot.  Output of iptables.sh below (a snip-it thereof, and note comments in square brackets are mine):

# /opt/etc/iptables.sh
Loading kernel modules ...
/lib/modules/2.4.22-xfs/net/ipv4/netfilter/ip_tables.o: ELF file /lib/modules/2.4.22-xfs/kernel/net/ipv4/netfilter/ip_tables.o not for this architecture
     [ same message for iptable_filter.o ]
     [ same message as above for ipt_LOG.o ]
     [ each of these three error lines above are associated with a insmod command ]
Flushing Tables ...
/opt/etc/iptables.sh: line 51: opt/sbin/iptables: not found
     [ more of the same complains for all $IPT command lines  ]

Other observation:  as part of the setup of EnableFirewall, after installation of kernel modules, and prior to running iptables.sh, depmod -a was run, which does not appear to have run successfully. modules.dep located in /opt/lib/modules/2.4.22-xfs was written with ZERO bytes (I don't know if there are actual symbol dependencies for iptables or not).  See output below from depmod.

# depmod -a
depmod: cannot read ELF header from //opt/lib/modules/2.4.22-xfs/modules.dep
depmod: cannot read ELF header from //opt/lib/modules/2.4.22-xfs/modules.generic_string
depmod: //opt/lib/modules/2.4.22-xfs/modules.ieee1394map is not an ELF file
depmod: //opt/lib/modules/2.4.22-xfs/modules.isapnpmap is not an ELF file
depmod: cannot read ELF header from //opt/lib/modules/2.4.22-xfs/modules.parportmap
depmod: //opt/lib/modules/2.4.22-xfs/modules.pcimap is not an ELF file
depmod: cannot read ELF header from //opt/lib/modules/2.4.22-xfs/modules.pnpbiosmap
depmod: //opt/lib/modules/2.4.22-xfs/modules.usbmap is not an ELF file

At this point I am at a loss. Mentioned earlier, the firewall appeared to have been working at least once (prior to a re-boot), although the depmod behavior was the same, and the iptable.sh output was clean.  I may have broken something here or gotten lucky initially.

Anyone have any insight on this one?

ronM

Drew Gibson wrote:

> Flushing Tables ...
> /opt/etc/iptables.sh: line 51: opt/sbin/iptables: not found
                                ^^^
Is there a / missing before opt ?

regards,

Drew


rmel wrote:
> Part of the mystery solved, I should have done this first but better late
> than never.  I seared Nabble for kernel module loading problems and found a
> case where someone had done a "modutils" install, for which there is also
> "insmod" included, the ref. suggested pointing back the the BusyBox version
> and avoid using the one installed by modutils.  I did this and now these
> kern mod's load.  The other thing I just tried
> was running iptables.sh from different directories, running iptables.sh in
> "/" versus "/root" makes all the difference in running or not!  Not I have
> typed "/opt/etc/iptables.sh" in both cases only from "/" does this work.  So
> I must have a vary basic and dumb problem here....
>
> ron
>
>
> rmel wrote:
>  
>> Configuration:  Currently running V2.3R63 + Unslung 6.10-beta with
>> external disk.
>>
>> Attempted Project: http://www.nslu2-linux.org/wiki/HowTo/EnableFirewall
>>
>> Note: All dependent kernel modules loaded via ipkg, also ran ipkg update
>> and upgrade.
>>
>> Problem: failure to parse iptables.sh to set firewall rules.  For some
>> reason this did work once now can't get it to re-load after a Slug
>> re-boot.  Output of iptables.sh below (a snip-it thereof, and note
>> comments in square brackets are mine):
>>
>> # /opt/etc/iptables.sh
>> Loading kernel modules ...
>> /lib/modules/2.4.22-xfs/net/ipv4/netfilter/ip_tables.o: ELF file
>> /lib/modules/2.4.22-xfs/kernel/net/ipv4/netfilter/ip_tables.o not for this
>> architecture
>>      [ same message for iptable_filter.o ]
>>      [ same message as above for ipt_LOG.o ]
>>      [ each of these three error lines above are associated with a insmod
>> command ]
>> Flushing Tables ...
>> /opt/etc/iptables.sh: line 51: opt/sbin/iptables: not found
>>      [ more of the same complains for all $IPT command lines  ]
>>
>> Other observation:  as part of the setup of EnableFirewall, after
>> installation of kernel modules, and prior to running iptables.sh, depmod
>> -a was run, which does not appear to have run successfully. modules.dep
>> located in /opt/lib/modules/2.4.22-xfs was written with ZERO bytes (I
>> don't know if there are actual symbol dependencies for iptables or not).
>> See output below from depmod.
>>
>> # depmod -a
>> depmod: cannot read ELF header from
>> //opt/lib/modules/2.4.22-xfs/modules.dep
>> depmod: cannot read ELF header from
>> //opt/lib/modules/2.4.22-xfs/modules.generic_string
>> depmod: //opt/lib/modules/2.4.22-xfs/modules.ieee1394map is not an ELF
>> file
>> depmod: //opt/lib/modules/2.4.22-xfs/modules.isapnpmap is not an ELF file
>> depmod: cannot read ELF header from
>> //opt/lib/modules/2.4.22-xfs/modules.parportmap
>> depmod: //opt/lib/modules/2.4.22-xfs/modules.pcimap is not an ELF file
>> depmod: cannot read ELF header from
>> //opt/lib/modules/2.4.22-xfs/modules.pnpbiosmap
>> depmod: //opt/lib/modules/2.4.22-xfs/modules.usbmap is not an ELF file
>>
>> At this point I am at a loss. Mentioned earlier, the firewall appeared to
>> have been working at least once (prior to a re-boot), although the depmod
>> behavior was the same, and the iptable.sh output was clean.  I may have
>> broken something here or gotten lucky initially.
>>
>> Anyone have any insight on this one?
>>
>> ronM
>>
>>    
>
>