[Discuss] iptables trouble

Dr. Anthony Gabrielson agabrielson1 at comcast.net
Sun Sep 29 13:16:28 EDT 2013 

On Sep 28, 2013, at 3:48 PM, Dan Ritter <dsr at randomstring.org> wrote:

> On Sat, Sep 28, 2013 at 03:38:22PM -0400, Dr. Anthony Gabrielson wrote:
>> Hello,
>> 	I'm trying to get iptables working on a Raspberry Pi running Kali and I keep getting the same error.  I've run out of ideas and I'm hoping someone can point me in the right direction so I can get this working.  It originally seemed like the Kali kernel left a few modules off so I custom baked a kernel and I went out of my way to try to include everything needed at least as a module.  I have a .config difference and it is long, so I will leave it off this email (at least for the time being).
>> 
>> This is the error I am getting:
>> root at kali:~# iptables -L
>> iptables v1.4.14: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
>> Perhaps iptables or your kernel needs to be upgraded.
>> 
>> I think I have all of the modules I need:
>> root at kali:~# lsmod
>> Module Size Used by
>> nf_nat_ftp 952 0 
>> iptable_nat 2408 0 
>> nf_conntrack_ftp 4856 1 nf_nat_ftp
>> ipt_MASQUERADE 984 0 
>> nf_nat 9818 3 nf_nat_ftp,ipt_MASQUERADE,iptable_nat
>> nf_conntrack_ipv4 8756 3 nf_nat,iptable_nat
>> nf_defrag_ipv4 636 1 nf_conntrack_ipv4
>> nf_conntrack 43092 6 nf_nat_ftp,ipt_MASQUERADE,nf_nat,nf_conntrack_ftp, iptable_nat,nf_conntrack_ipv4
>> ip_tables 8532 1 iptable_nat
>> x_tables 8776 3 ip_tables,ipt_MASQUERADE,iptable_nat
>> ipv6 212924 12 
>> leds_gpio 1648 0 
>> led_class 1788 1 leds_gpio
> 
> CONFIG_NETFILTER in the kernel build should be Y or M.
> 
> iptable_filter needs to be loaded.
> 
> -dsr-


I have CONFIG_NETFILTER enabled as a module (specific differences below), but I don't have an iptable_filter module.  These are what built:

root at kali:/lib/modules/3.6.11-cutdown/kernel/net/ipv4/netfilter# ls
arptable_filter.ko  ipt_NETMAP.ko	  nf_nat_pptp.ko
arp_tables.ko	    ipt_REDIRECT.ko	  nf_nat_proto_dccp.ko
arpt_mangle.ko	    nf_conntrack_ipv4.ko  nf_nat_proto_gre.ko
iptable_mangle.ko   nf_defrag_ipv4.ko	  nf_nat_proto_sctp.ko
iptable_nat.ko	    nf_nat_amanda.ko	  nf_nat_proto_udplite.ko
iptable_raw.ko	    nf_nat_ftp.ko	  nf_nat_sip.ko
ip_tables.ko	    nf_nat_h323.ko	  nf_nat_snmp_basic.ko
ipt_CLUSTERIP.ko    nf_nat_irc.ko	  nf_nat_tftp.ko
ipt_MASQUERADE.ko   nf_nat.ko

and

root at kali:/lib/modules/3.6.11-cutdown/kernel/net/netfilter# ls 
nf_conntrack_amanda.ko	    nf_conntrack_proto_udplite.ko
nf_conntrack_broadcast.ko   nf_conntrack_sane.ko
nf_conntrack_ftp.ko	    nf_conntrack_sip.ko
nf_conntrack_h323.ko	    nf_conntrack_snmp.ko
nf_conntrack_irc.ko	    nf_conntrack_tftp.ko
nf_conntrack.ko		    nfnetlink_acct.ko
nf_conntrack_netbios_ns.ko  nfnetlink_cttimeout.ko
nf_conntrack_netlink.ko     nfnetlink.ko
nf_conntrack_pptp.ko	    nfnetlink_log.ko
nf_conntrack_proto_dccp.ko  nfnetlink_queue.ko
nf_conntrack_proto_gre.ko   x_tables.ko
nf_conntrack_proto_sctp.ko  xt_tcpudp.ko


Here is the netfilter specific portion of the diff:
< CONFIG_NETFILTER=y
< # CONFIG_NETFILTER_DEBUG is not set
< CONFIG_NETFILTER_ADVANCED=y
< 
< #
< # Core Netfilter Configuration
< #
< CONFIG_NETFILTER_NETLINK=m
< CONFIG_NETFILTER_NETLINK_ACCT=m
< CONFIG_NETFILTER_NETLINK_QUEUE=m
< CONFIG_NETFILTER_NETLINK_LOG=m
< CONFIG_NF_CONNTRACK=m
< CONFIG_NF_CONNTRACK_MARK=y
< CONFIG_NF_CONNTRACK_PROCFS=y
< # CONFIG_NF_CONNTRACK_EVENTS is not set
< # CONFIG_NF_CONNTRACK_TIMEOUT is not set
< # CONFIG_NF_CONNTRACK_TIMESTAMP is not set
< CONFIG_NF_CT_PROTO_DCCP=m
< CONFIG_NF_CT_PROTO_GRE=m
< CONFIG_NF_CT_PROTO_SCTP=m
< CONFIG_NF_CT_PROTO_UDPLITE=m
< CONFIG_NF_CONNTRACK_AMANDA=m
< CONFIG_NF_CONNTRACK_FTP=m
< CONFIG_NF_CONNTRACK_H323=m
< CONFIG_NF_CONNTRACK_IRC=m
< CONFIG_NF_CONNTRACK_BROADCAST=m
< CONFIG_NF_CONNTRACK_NETBIOS_NS=m
< CONFIG_NF_CONNTRACK_SNMP=m
< CONFIG_NF_CONNTRACK_PPTP=m
< CONFIG_NF_CONNTRACK_SANE=m
< CONFIG_NF_CONNTRACK_SIP=m
< CONFIG_NF_CONNTRACK_TFTP=m
< CONFIG_NF_CT_NETLINK=m
< CONFIG_NF_CT_NETLINK_TIMEOUT=m
< # CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
< # CONFIG_NETFILTER_TPROXY is not set
< CONFIG_NETFILTER_XTABLES=m
<

More information about the Discuss mailing list