WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Extension netfilter vs. iptables vs. ipv6-something?  (Read 311 times)

Offline sbrunthaler

  • Newbie
  • *
  • Posts: 7
Extension netfilter vs. iptables vs. ipv6-something?
« on: August 12, 2020, 06:28:42 AM »
Hi,

I am relatively new to TCL, so please accept my apologies if I ask stupid questions.

We use an APU device from PC engines as firewall. The installer from pcengines contains TCL 6.4 (core.gz and vmlinuz), prepared to boot from an SD card.
Worked fine for several years, so I wanted to prepare a new hardware (APU2) using this TCL installer and download the neccesary extension using tce-ab.

This works to the point where I want to install iptables: It needs netfilter-4.2.9-tinycore.tcz, but this is not in the repository. The dependency reads netfilter-KERNEL.

I found in this forum that I should use ipv6-KERNEL, but that also does not work. And the wiki is not usable at the moment, at least not for me.

What can I do?

Thanks in advance,
Stefan B.

Offline GNUser

  • Hero Member
  • *****
  • Posts: 628
Re: Extension netfilter vs. iptables vs. ipv6-something?
« Reply #1 on: August 12, 2020, 06:40:14 AM »
In some versions of TCL the extension name is ipv6-netfilter-KERNEL. Give that a try. If it's available in the repo for your TCL version, edit the iptables.tcz.dep file so that the extension name is correct.

P.S. Why not prepare the new hardware using a more current TCL version? TCL10 and TCL11 are mature and stable, have no such kinks. I don't think the developers have touched TCL6.4 in several years. TCL is a very conservative project so I doubt there would be any big surprises for you.
« Last Edit: August 12, 2020, 06:47:31 AM by GNUser »

Offline GNUser

  • Hero Member
  • *****
  • Posts: 628
Re: Extension netfilter vs. iptables vs. ipv6-something?
« Reply #2 on: August 12, 2020, 06:53:37 AM »
Aha! The problem is the kernel version number in the name of the extension.

If you try to load  netfilter-KERNEL  or  netfilter-3.16.6-tinycore  it should work. netfilter-4.2.9-tinycore does not exist in the TCL6.x repo. Check it out:
http://repo.tinycorelinux.net/6.x/x86/tcz/

P.S. How did the more recent kernel version creep into the extension name? TCL6.4 seems to use linux 3.16.6, not linux 4.2.9 (which was used in TCL7).
« Last Edit: August 12, 2020, 07:00:18 AM by GNUser »

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 8113
Re: Extension netfilter vs. iptables vs. ipv6-something?
« Reply #3 on: August 12, 2020, 07:19:49 AM »
Hi sbrunthaler
... And the wiki is not usable at the moment, at least not for me. ...
Here's an alternate link:
https://www.linuxsecrets.com/tinycorelinux-wiki/wiki:start.html

Offline sbrunthaler

  • Newbie
  • *
  • Posts: 7
Re: Extension netfilter vs. iptables vs. ipv6-something?
« Reply #4 on: August 12, 2020, 08:31:30 AM »
Thanks for the wiki link!

Well, I tried a newer version of TCL, but it did not boot correctly on my device. Before diving deeper into this, I wanted to give 6.4 another try.

Meanwhile I found the needed extension in the 6.4 repo, but it looks as if  my installation does not want to use this repo - is there any config point where the required repository version should be set? I am using tce-ab.

Thanks again,
Stefan B.

Offline GNUser

  • Hero Member
  • *****
  • Posts: 628
Re: Extension netfilter vs. iptables vs. ipv6-something?
« Reply #5 on: August 12, 2020, 08:43:33 AM »
Hi, sbrunthaler. The extension-installing scripts use the functions in /etc/init.d/tc-functions. It seems the  getMirror  function uses the  getMajorVer  function, which in turn parses the file /usr/share/doc/tc/release.txt.

It seems your /usr/share/doc/tc/release.txt file somehow does not match the TCL version that you're using. I'm not sure how that could happen, but I'd start there.

Offline hiro

  • Hero Member
  • *****
  • Posts: 1152
Re: Extension netfilter vs. iptables vs. ipv6-something?
« Reply #6 on: August 12, 2020, 09:07:29 AM »
iirc the main reason tc doesn't work out of the box on this machine is because of serial console setting being hardcoded in our rootfs

if you make your own iso you can change that.

Offline GNUser

  • Hero Member
  • *****
  • Posts: 628
Re: Extension netfilter vs. iptables vs. ipv6-something?
« Reply #7 on: August 12, 2020, 09:35:59 AM »
Also take a look in /opt/tcemirror. The URL used to download extensions is built based on contents of /opt/tcemirror, /usr/share/doc/tc/release.txt, and output of uname -m.

Offline sbrunthaler

  • Newbie
  • *
  • Posts: 7
Re: Extension netfilter vs. iptables vs. ipv6-something?
« Reply #8 on: August 12, 2020, 09:43:37 AM »
Hi, sbrunthaler. The extension-installing scripts use the functions in /etc/init.d/tc-functions. It seems the  getMirror  function uses the  getMajorVer  function, which in turn parses the file /usr/share/doc/tc/release.txt.

It seems your /usr/share/doc/tc/release.txt file somehow does not match the TCL version that you're using. I'm not sure how that could happen, but I'd start there.

Checked that, version info is set correctly and the correct URL is being used. But my description was not complete:

The problem is that the iptables.tcz.dep file says "netfiler-KERNEL.tcz" and this leads to that:

 Downloading: netfilter-4.2.9-tinycore.tcz
 Connecting to repo.tinycorelinux.net (89.22.99.37:80)
 wget: server returned error: HTTP/1.1 404 Not Found
 md5sum: netfilter-4.2.9-tinycore.tcz.md5.txt: No such file or directory

There is only a version netfilter-3.16.6-... in the repository.

Sorry that I did not describe this correctly beforehand.

Regards
Stefan B.

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 10271
Re: Extension netfilter vs. iptables vs. ipv6-something?
« Reply #9 on: August 12, 2020, 09:47:26 AM »
You're running some frankenstein setup it seems. You have a TC 7.x kernel but are otherwise using TC 6.x.

Try downloading the 4.2.9 kernel extensions from the 7.x repo manually. The other way, pointing your install to the 7.x repo, would probably break things.
The only barriers that can stop you are the ones you create yourself.

Offline sbrunthaler

  • Newbie
  • *
  • Posts: 7
Re: Extension netfilter vs. iptables vs. ipv6-something?
« Reply #10 on: August 12, 2020, 09:54:08 AM »
Slowly I begin to understand what is going on here on my box...  :o

But where the going gets rough the tough get going...

I will report what I find, thank you.

Regards
Stefan B.