Loading ...
Sorry, an error occurred while loading the content.

Re: [nslu2-linux] iptables/firewall won't load

Expand Messages
  • rmel
    Part of the mystery solved, I should have done this first but better late than never. I seared Nabble for kernel module loading problems and found a case
    Message 1 of 4 , Sep 5, 2009
    • 0 Attachment
      Part of the mystery solved, I should have done this first but better late
      than never. I seared Nabble for kernel module loading problems and found a
      case where someone had done a "modutils" install, for which there is also
      "insmod" included, the ref. suggested pointing back the the BusyBox version
      and avoid using the one installed by modutils. I did this and now these
      kern mod's load. The other thing I just tried
      was running iptables.sh from different directories, running iptables.sh in
      "/" versus "/root" makes all the difference in running or not! Not I have
      typed "/opt/etc/iptables.sh" in both cases only from "/" does this work. So
      I must have a vary basic and dumb problem here....

      ron


      rmel wrote:
      >
      > Configuration: Currently running V2.3R63 + Unslung 6.10-beta with
      > external disk.
      >
      > Attempted Project: http://www.nslu2-linux.org/wiki/HowTo/EnableFirewall
      >
      > Note: All dependent kernel modules loaded via ipkg, also ran ipkg update
      > and upgrade.
      >
      > Problem: failure to parse iptables.sh to set firewall rules. For some
      > reason this did work once now can't get it to re-load after a Slug
      > re-boot. Output of iptables.sh below (a snip-it thereof, and note
      > comments in square brackets are mine):
      >
      > # /opt/etc/iptables.sh
      > Loading kernel modules ...
      > /lib/modules/2.4.22-xfs/net/ipv4/netfilter/ip_tables.o: ELF file
      > /lib/modules/2.4.22-xfs/kernel/net/ipv4/netfilter/ip_tables.o not for this
      > architecture
      > [ same message for iptable_filter.o ]
      > [ same message as above for ipt_LOG.o ]
      > [ each of these three error lines above are associated with a insmod
      > command ]
      > Flushing Tables ...
      > /opt/etc/iptables.sh: line 51: opt/sbin/iptables: not found
      > [ more of the same complains for all $IPT command lines ]
      >
      > Other observation: as part of the setup of EnableFirewall, after
      > installation of kernel modules, and prior to running iptables.sh, depmod
      > -a was run, which does not appear to have run successfully. modules.dep
      > located in /opt/lib/modules/2.4.22-xfs was written with ZERO bytes (I
      > don't know if there are actual symbol dependencies for iptables or not).
      > See output below from depmod.
      >
      > # depmod -a
      > depmod: cannot read ELF header from
      > //opt/lib/modules/2.4.22-xfs/modules.dep
      > depmod: cannot read ELF header from
      > //opt/lib/modules/2.4.22-xfs/modules.generic_string
      > depmod: //opt/lib/modules/2.4.22-xfs/modules.ieee1394map is not an ELF
      > file
      > depmod: //opt/lib/modules/2.4.22-xfs/modules.isapnpmap is not an ELF file
      > depmod: cannot read ELF header from
      > //opt/lib/modules/2.4.22-xfs/modules.parportmap
      > depmod: //opt/lib/modules/2.4.22-xfs/modules.pcimap is not an ELF file
      > depmod: cannot read ELF header from
      > //opt/lib/modules/2.4.22-xfs/modules.pnpbiosmap
      > depmod: //opt/lib/modules/2.4.22-xfs/modules.usbmap is not an ELF file
      >
      > At this point I am at a loss. Mentioned earlier, the firewall appeared to
      > have been working at least once (prior to a re-boot), although the depmod
      > behavior was the same, and the iptable.sh output was clean. I may have
      > broken something here or gotten lucky initially.
      >
      > Anyone have any insight on this one?
      >
      > ronM
      >

      --
      View this message in context: http://www.nabble.com/iptables-firewall-won%27t-load-tp25313135p25313462.html
      Sent from the Nslu2 - Linux mailing list archive at Nabble.com.
    • Drew Gibson
      ... ^^^ Is there a / missing before opt ? regards, Drew
      Message 2 of 4 , Sep 6, 2009
      • 0 Attachment
        > Flushing Tables ... > /opt/etc/iptables.sh: line 51: opt/sbin/iptables: not found
        ^^^ Is there a / missing before opt ? regards, Drew

        rmel wrote:
        Part of the mystery solved, I should have done this first but better late
        than never.  I seared Nabble for kernel module loading problems and found a
        case where someone had done a "modutils" install, for which there is also
        "insmod" included, the ref. suggested pointing back the the BusyBox version
        and avoid using the one installed by modutils.  I did this and now these
        kern mod's load.  The other thing I just tried
        was running iptables.sh from different directories, running iptables.sh in
        "/" versus "/root" makes all the difference in running or not!  Not I have
        typed "/opt/etc/iptables.sh" in both cases only from "/" does this work.  So
        I must have a vary basic and dumb problem here....
        
        ron
        
        
        rmel wrote:
          
        Configuration:  Currently running V2.3R63 + Unslung 6.10-beta with
        external disk.
        
        Attempted Project: http://www.nslu2-linux.org/wiki/HowTo/EnableFirewall
        
        Note: All dependent kernel modules loaded via ipkg, also ran ipkg update
        and upgrade.
        
        Problem: failure to parse iptables.sh to set firewall rules.  For some
        reason this did work once now can't get it to re-load after a Slug
        re-boot.  Output of iptables.sh below (a snip-it thereof, and note
        comments in square brackets are mine):
        
        # /opt/etc/iptables.sh
        Loading kernel modules ...
        /lib/modules/2.4.22-xfs/net/ipv4/netfilter/ip_tables.o: ELF file
        /lib/modules/2.4.22-xfs/kernel/net/ipv4/netfilter/ip_tables.o not for this
        architecture
             [ same message for iptable_filter.o ]
             [ same message as above for ipt_LOG.o ]
             [ each of these three error lines above are associated with a insmod
        command ]
        Flushing Tables ...
        /opt/etc/iptables.sh: line 51: opt/sbin/iptables: not found
             [ more of the same complains for all $IPT command lines  ]
        
        Other observation:  as part of the setup of EnableFirewall, after
        installation of kernel modules, and prior to running iptables.sh, depmod
        -a was run, which does not appear to have run successfully. modules.dep
        located in /opt/lib/modules/2.4.22-xfs was written with ZERO bytes (I
        don't know if there are actual symbol dependencies for iptables or not). 
        See output below from depmod.
        
        # depmod -a
        depmod: cannot read ELF header from
        //opt/lib/modules/2.4.22-xfs/modules.dep
        depmod: cannot read ELF header from
        //opt/lib/modules/2.4.22-xfs/modules.generic_string
        depmod: //opt/lib/modules/2.4.22-xfs/modules.ieee1394map is not an ELF
        file
        depmod: //opt/lib/modules/2.4.22-xfs/modules.isapnpmap is not an ELF file
        depmod: cannot read ELF header from
        //opt/lib/modules/2.4.22-xfs/modules.parportmap
        depmod: //opt/lib/modules/2.4.22-xfs/modules.pcimap is not an ELF file
        depmod: cannot read ELF header from
        //opt/lib/modules/2.4.22-xfs/modules.pnpbiosmap
        depmod: //opt/lib/modules/2.4.22-xfs/modules.usbmap is not an ELF file
        
        At this point I am at a loss. Mentioned earlier, the firewall appeared to
        have been working at least once (prior to a re-boot), although the depmod
        behavior was the same, and the iptable.sh output was clean.  I may have
        broken something here or gotten lucky initially.
        
        Anyone have any insight on this one?
        
        ronM
        
            
          
      • rmel
        Thank you! This caused me to crawl all over my .sh script which I must have done 20 times but continued to miss a missing / in a path description. This
        Message 3 of 4 , Sep 6, 2009
        • 0 Attachment
          Thank you! This caused me to crawl all over my .sh script
          which I must have done 20 times but continued to miss a
          missing / in a path description. This explains why the script
          worked from root "/" only and no other directory.

          Mysteries solved.

          ron


          Drew Gibson wrote:
          >
          >> Flushing Tables ...
          >> /opt/etc/iptables.sh: line 51: opt/sbin/iptables: not found
          > ^^^
          > Is there a / missing before opt ?
          >
          > regards,
          >
          > Drew
          >
          >
          > rmel wrote:
          >> Part of the mystery solved, I should have done this first but better late
          >> than never. I seared Nabble for kernel module loading problems and found
          >> a
          >> case where someone had done a "modutils" install, for which there is also
          >> "insmod" included, the ref. suggested pointing back the the BusyBox
          >> version
          >> and avoid using the one installed by modutils. I did this and now these
          >> kern mod's load. The other thing I just tried
          >> was running iptables.sh from different directories, running iptables.sh
          >> in
          >> "/" versus "/root" makes all the difference in running or not! Not I
          >> have
          >> typed "/opt/etc/iptables.sh" in both cases only from "/" does this work.
          >> So
          >> I must have a vary basic and dumb problem here....
          >>
          >> ron
          >>
          >>
          >> rmel wrote:
          >>
          >>> Configuration: Currently running V2.3R63 + Unslung 6.10-beta with
          >>> external disk.
          >>>
          >>> Attempted Project: http://www.nslu2-linux.org/wiki/HowTo/EnableFirewall
          >>>
          >>> Note: All dependent kernel modules loaded via ipkg, also ran ipkg update
          >>> and upgrade.
          >>>
          >>> Problem: failure to parse iptables.sh to set firewall rules. For some
          >>> reason this did work once now can't get it to re-load after a Slug
          >>> re-boot. Output of iptables.sh below (a snip-it thereof, and note
          >>> comments in square brackets are mine):
          >>>
          >>> # /opt/etc/iptables.sh
          >>> Loading kernel modules ...
          >>> /lib/modules/2.4.22-xfs/net/ipv4/netfilter/ip_tables.o: ELF file
          >>> /lib/modules/2.4.22-xfs/kernel/net/ipv4/netfilter/ip_tables.o not for
          >>> this
          >>> architecture
          >>> [ same message for iptable_filter.o ]
          >>> [ same message as above for ipt_LOG.o ]
          >>> [ each of these three error lines above are associated with a
          >>> insmod
          >>> command ]
          >>> Flushing Tables ...
          >>> /opt/etc/iptables.sh: line 51: opt/sbin/iptables: not found
          >>> [ more of the same complains for all $IPT command lines ]
          >>>
          >>> Other observation: as part of the setup of EnableFirewall, after
          >>> installation of kernel modules, and prior to running iptables.sh, depmod
          >>> -a was run, which does not appear to have run successfully. modules.dep
          >>> located in /opt/lib/modules/2.4.22-xfs was written with ZERO bytes (I
          >>> don't know if there are actual symbol dependencies for iptables or not).
          >>> See output below from depmod.
          >>>
          >>> # depmod -a
          >>> depmod: cannot read ELF header from
          >>> //opt/lib/modules/2.4.22-xfs/modules.dep
          >>> depmod: cannot read ELF header from
          >>> //opt/lib/modules/2.4.22-xfs/modules.generic_string
          >>> depmod: //opt/lib/modules/2.4.22-xfs/modules.ieee1394map is not an ELF
          >>> file
          >>> depmod: //opt/lib/modules/2.4.22-xfs/modules.isapnpmap is not an ELF
          >>> file
          >>> depmod: cannot read ELF header from
          >>> //opt/lib/modules/2.4.22-xfs/modules.parportmap
          >>> depmod: //opt/lib/modules/2.4.22-xfs/modules.pcimap is not an ELF file
          >>> depmod: cannot read ELF header from
          >>> //opt/lib/modules/2.4.22-xfs/modules.pnpbiosmap
          >>> depmod: //opt/lib/modules/2.4.22-xfs/modules.usbmap is not an ELF file
          >>>
          >>> At this point I am at a loss. Mentioned earlier, the firewall appeared
          >>> to
          >>> have been working at least once (prior to a re-boot), although the
          >>> depmod
          >>> behavior was the same, and the iptable.sh output was clean. I may have
          >>> broken something here or gotten lucky initially.
          >>>
          >>> Anyone have any insight on this one?
          >>>
          >>> ronM
          >>>
          >>>
          >>
          >>
          >
          >

          --
          View this message in context: http://www.nabble.com/iptables-firewall-won%27t-load-tp25313135p25319581.html
          Sent from the Nslu2 - Linux mailing list archive at Nabble.com.
        • rmel
          Configuration: Currently running V2.3R63 + Unslung 6.10-beta with external disk. Attempted Project: http://www.nslu2-linux.org/wiki/HowTo/EnableFirewall Note:
          Message 4 of 4 , Sep 10, 2009
          • 0 Attachment
            Configuration: Currently running V2.3R63 + Unslung 6.10-beta with external
            disk.

            Attempted Project: http://www.nslu2-linux.org/wiki/HowTo/EnableFirewall

            Note: All dependent kernel modules loaded via ipkg, also ran ipkg update and
            upgrade.

            Problem: failure to parse iptables.sh to set firewall rules. For some
            reason this did work once now can't get it to re-load after a Slug re-boot.
            Output of iptables.sh below (a snip-it thereof, and note comments in square
            brackets are mine):

            # /opt/etc/iptables.sh
            Loading kernel modules ...
            /lib/modules/2.4.22-xfs/net/ipv4/netfilter/ip_tables.o: ELF file
            /lib/modules/2.4.22-xfs/kernel/net/ipv4/netfilter/ip_tables.o not for this
            architecture
            [ same message for iptable_filter.o ]
            [ same message as above for ipt_LOG.o ]
            [ each of these three error lines above are associated with a insmod
            command ]
            Flushing Tables ...
            /opt/etc/iptables.sh: line 51: opt/sbin/iptables: not found
            [ more of the same complains for all $IPT command lines ]

            Other observation: as part of the setup of EnableFirewall, after
            installation of kernel modules, and prior to running iptables.sh, depmod -a
            was run, which does not appear to have run successfully. modules.dep located
            in /opt/lib/modules/2.4.22-xfs was written with ZERO bytes (I don't know if
            there are actual symbol dependencies for iptables or not). See output below
            from depmod.

            # depmod -a
            depmod: cannot read ELF header from //opt/lib/modules/2.4.22-xfs/modules.dep
            depmod: cannot read ELF header from
            //opt/lib/modules/2.4.22-xfs/modules.generic_string
            depmod: //opt/lib/modules/2.4.22-xfs/modules.ieee1394map is not an ELF file
            depmod: //opt/lib/modules/2.4.22-xfs/modules.isapnpmap is not an ELF file
            depmod: cannot read ELF header from
            //opt/lib/modules/2.4.22-xfs/modules.parportmap
            depmod: //opt/lib/modules/2.4.22-xfs/modules.pcimap is not an ELF file
            depmod: cannot read ELF header from
            //opt/lib/modules/2.4.22-xfs/modules.pnpbiosmap
            depmod: //opt/lib/modules/2.4.22-xfs/modules.usbmap is not an ELF file

            At this point I am at a loss. Mentioned earlier, the firewall appeared to
            have been working at least once (prior to a re-boot), although the depmod
            behavior was the same, and the iptable.sh output was clean. I may have
            broken something here or gotten lucky initially.

            Anyone have any insight on this one?

            ronM
            --
            View this message in context: http://www.nabble.com/iptables-firewall-won%27t-load-tp25313135p25313135.html
            Sent from the Nslu2 - Linux mailing list archive at Nabble.com.
          Your message has been successfully submitted and would be delivered to recipients shortly.