WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Modprobe: module ip_tables not found in modules.dep  (Read 13207 times)

Offline tinyBob

  • Newbie
  • *
  • Posts: 5
Modprobe: module ip_tables not found in modules.dep
« on: March 07, 2012, 02:58:45 AM »
Trying to install new firewall into TC 4.3 (same happens in TC 4.2).
Install fw and run :
sudo iptables-save > /root/ipt.save
sudo cat /root/ipt.save | iptables-restore

error message:
modprobe: module ip_tables not found in modules.dep
iptables-restore v 1.4.10: iptables-restore: unable to initialize table 'nat'.
Error occured at line 2

Line 2 in ipt.save is :
*nat

Google shows people getting same message in various Linux distros, but responses haven't helped me.
Tried same fw in Ubuntu kernel 2.6.32-24, get same error w/o modprobe:..ip_tables not found in modules.dep.
Comment out all NAT lines in ipt.save, get same message re table 'filter'.
Can't read lsmod in editor.
Do I need to recompile kernel, or just add to modules.dep ( maybe ip_tables)?
Thanks for any ideas, I enjoy TC and am learning as I go.
Bob

Offline Guy

  • Hero Member
  • *****
  • Posts: 1089
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #1 on: March 07, 2012, 05:16:51 AM »
Tinycore is different from other Linux distros.

http://wiki.tinycorelinux.net/wiki:firewall

If you want to use the basic firewall, do as explained in the above link. This is ideal for most single computers connected to the internet.

If you want to change something in the firewall setup, you can edit a file (I cant remember which one) and make a new extension. If you really want to change something, let us know, and someone should be able to tell you which file, and how to make a new extension.
Many people see what is. Some people see what can be, and make a difference.

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #2 on: March 07, 2012, 08:19:51 AM »
sudo cat /root/ipt.save | iptables-restore

Your command above was run as the user, you need root privileges to load modules.
The only barriers that can stop you are the ones you create yourself.

Offline tinyBob

  • Newbie
  • *
  • Posts: 5
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #3 on: March 07, 2012, 04:34:29 PM »
Thanks for the replies.
Guy, you're right the included firewall works great. I'm just trying to learn from the examples in Michael Rash's "Linux Firewalls".

Curaga, thanks for pointing me in the right direction:
"sudo cat /root/ipt.save | iptables-restore

Your command above was run as the user, you need root privileges to load modules."
 
My understanding from TC faq, "Administrator / SuperUser / Root:" was that the best way to obtain root priviledges is to use sudo.
If that is incorrect, I'm happy to try another way.
I've looked thru the Sudoers Manual, but haven't understood it yet.

Adding an additional sudo before 'iptables-restore' avoids the error messages about modprobe and initializing table 'nat'. Unfortunately, the ipt.save file does not get transferred to the file, iptables-restore.
ls -l shows iptables-restore with lrwxrwxrwx permissions.
But, sudo chmod ugoa+rwx iptables-restore (just to make sure) generates "iptables-restore; Read only file system"

Bob



Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11619
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #4 on: March 07, 2012, 04:46:59 PM »
Hi tinyBob
Quote
ls -l shows iptables-restore with lrwxrwxrwx permissions.
And you should also see that it's a link to  /tmp/tcloop/iptables/usr/local/sbin/iptables-restore  which is a read only
file system because it's inside the extension.

Offline tinyBob

  • Newbie
  • *
  • Posts: 5
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #5 on: March 07, 2012, 05:52:47 PM »
Hi Rich,
You're absolutely right, I see the link.
Does that mean  I can't use iptables-restore to save a firewall different from that included with TC?
My firewall seems to work as long as I load the,script at each boot.
Is it practical to unlink iptables-restore, or add, for example, an iptables-restore2 file?

Excuse the uninformed questions.

Bob




Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11619
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #6 on: March 07, 2012, 08:29:10 PM »
Hi tinyBob
I guess the simplest way to accomplish what you are trying to do is:
Quote
sudo rm /usr/local/sbin/iptables-restore
sudo cp /tmp/tcloop/iptables/usr/local/sbin/iptables-restore /usr/local/sbin/iptables-restore
Update the  iptables-restore  file as required.
Add    usr/local/sbin/iptables-restore   to your   /opt/.filetool.lst   file.

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #7 on: March 08, 2012, 09:46:34 AM »
Quote
Adding an additional sudo before 'iptables-restore' avoids the error messages about modprobe and initializing table 'nat'. Unfortunately, the ipt.save file does not get transferred to the file, iptables-restore.

Yes, that is what I meant. cat had root permissions, iptables-restore did not.

iptables-restore is not supposed to be modified. Is there a language barrier here maybe?
The only barriers that can stop you are the ones you create yourself.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11619
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #8 on: March 08, 2012, 09:55:44 AM »
Hi curaga
Quote
iptables-restore is not supposed to be modified. Is there a language barrier here maybe?
Since I've never dealt with iptables, probably a knowledge barrier on my part. He wanted to know how
to change it, so I told him.

Offline tinyBob

  • Newbie
  • *
  • Posts: 5
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #9 on: March 09, 2012, 03:15:32 AM »
Thanks for all the help, guys.
I guess I'll stick with the tc firewall, if its not broke, don't fix it.


If anybody has the patience-

Does the link Rich mentioned between iptables-restore and /tmp/tcloop/iptables/...  mean that iptables-save is creating a file made from basic-firewall and that file is going to iptables-restore?
If so where is that file?
It looks like bootlocal.sh runs basic-firewall at boot.
What prompts tc to run iptables-save and iptables-restore?

Thanks again,
Bob

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #10 on: March 09, 2012, 03:45:01 AM »
Quote
Does the link Rich mentioned between iptables-restore and /tmp/tcloop/iptables/...  mean that iptables-save is creating a file made from basic-firewall and that file is going to iptables-restore?
If so where is that file?

You created it with the redirection, "> /root/ipt.save", from whatever rules were in effect at the time.

Quote
It looks like bootlocal.sh runs basic-firewall at boot.
What prompts tc to run iptables-save and iptables-restore?

basic-firewall does not use the -save and -restore commands, it directly sets up the rules.
The only barriers that can stop you are the ones you create yourself.

Offline tinyBob

  • Newbie
  • *
  • Posts: 5
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #11 on: March 09, 2012, 04:44:22 PM »
Thanks to the replies on this forum, it's not hard to use iptables-restore to save rules to the kernel.

If I understand correctly, using iptables-restore saves boot time (at least for a complicated firewall).

Is it possible to make these kernel rules persistant ?

Bob

Offline Guy

  • Hero Member
  • *****
  • Posts: 1089
Re: Modprobe: module ip_tables not found in modules.dep
« Reply #12 on: March 09, 2012, 05:46:02 PM »
Tinycore works differently from other Linux distros.

To change the firewall settings, make a new extension to replace iptables.tcz.

An example of making a new extension for printer setup is explained here. Use the same approach to make a new extension for iptables. Skip the parts about setting up the printer.

http://wiki.tinycorelinux.net/wiki:printer_setup_using_cups

The file to modify, with different iptables rules is /tmp/tcloop/iptables/usr/local/sbin/basic-firewall.

Your new extension should contain everything in the existing iptables.tcz, with the basic-firewall file modified.

After making your own extension, keep a copy somewhere else. If you update extensions, you could lose it.
« Last Edit: March 09, 2012, 05:54:29 PM by Guy »
Many people see what is. Some people see what can be, and make a difference.