[Voyage-linux] iptables and voyage 0.7.5

John Schultz (spam-protected)
Tue Dec 18 19:04:54 HKT 2012 

OK,…

I went through the .config file and menuconfig settings and can not find anything specific to iptables and nat. What am I not seeing or am I missing something?

 

BTW, the kernel source I am using is 3.7.1

 

From: Voyage-linux [mailto:voyage-linux-bounces+jschultz0614=gmail.com at list.voyage.hk] On Behalf Of Markus Fischer
Sent: Tuesday, December 18, 2012 3:51 AM
Cc: 'Voyage-Linux'
Subject: Re: [Voyage-linux] iptables and voyage 0.7.5

 

Hi John,

Well, from what I see, you simply have no kernel modules for iptables with "nat".
My output of "lsmod|grep ip_" is e.g.
ip_tables               7445  2  iptable_filter,iptable_nat
x_tables                8882  4  iptable_filter,ipt_MASQUERADE,iptable_nat,ip_tables

So an option would be to recompile the kernel with iptables and Masquerade and NAT options.

Maybe someone else can fill in here for me and help with other options or another point of view to be more helpful.

Greets,
Markus 



Am 18.12.2012 11:25, schrieb John Schultz:

Dmesg output is attached.

 

Lsmod:

ip_tables               8167  1 iptable_filter

x_tables                9087  4 xt_tcpudp,xt_conntrack,iptable_filter,ip_tables

 

modprobe:

WARNING: All config files need .conf: /etc/modprobe.d/hostap-utils, it will be ignored in a future release.

FATAL: Module iptable_nat not found.

 

 

From: Voyage-linux [mailto:voyage-linux-bounces+jschultz0614=gmail.com at list.voyage.hk] On Behalf Of Markus Fischer
Sent: Tuesday, December 18, 2012 2:28 AM
Cc: 'Voyage-Linux'
Subject: Re: [Voyage-linux] iptables and voyage 0.7.5

 

Hi John,

yeah, ignore hostap-utils.
It looks like iptables is kind fo misconfigured or modules are not there.
I've never seen this trouble in my 0.7.5 installations. Right now, I just have a 0.8 installation to test on, but there everything is running, as I expect it to.
So let's see, how to figure out, what you're missing. ;)

Does "dmesg" state anything about iptables?
What is the output of "lsmod | grep ip_"?
And the output of "modprobe iptable_nat" looks like?

Greets, Markus




Am 18.12.2012 09:33, schrieb John Schultz:

The results your looking for are as follows:

WARNING: All config files need .conf: /etc/modprobe.d/hostap-utils, it will be ignored in a future release.

iptables v1.4.8: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

 

At this point, im not worried about the /etc/modprobe.d/hostap-utils warning, that’s next after the iptables issue.

 

Thanks again,

John

 

From: Markus Fischer [mailto:Markus.Fischer at brown-iposs.eu] 
Sent: Tuesday, December 18, 2012 1:23 AM
To: John Schultz
Cc: 'Voyage-Linux'
Subject: Re: [Voyage-linux] iptables and voyage 0.7.5

 

Hi John, everybody,

I will give it a try. I guess the "1.0" value might represent some indicator of a metric. Nothing to worry about in my opinion.
About iptables.
Please try the " iptables -nvL -t nat" command and post the output.
The iptables man page gives you more info about the options, but in short:
-n : numeric output, just to make sure, we'll see IPs, no host names
-v : as always - give us as many hints as possible ;)
-L : List , you already used that one
-t : table, for specific exercises, iptables uses specific tables. One default one is "nat", clearly the one you intend to investigate/troubleshoot

Good luck, I hope this helps a little.

Best regards,
Markus





Am 18.12.2012 08:49, schrieb John Schultz:

OK.....
10.1.0.1 is the gateway. The graphic was obtained by using OLSR. I believe
the arrows mean that the specific node has a route to the other node that it
is attached to, and the 1.0, I could not tell you. Ive never found
information on that part of the plugin for OLSR. And you are correct in that
I am using a /16 on this particular network.
 
I have tried modprobe iptable_nat and modprobe ip_nat_ftp. All the sites Ive
read, this was the only suggestion found and that was one site of MANY. 
 
Scripting the firewall rules is not a problem.
 
The goal is to allow traffic from the mesh network to pass through the
gateway and eventually, lock down the traffic. What I would like to do,
eventually, is attached in the diagram. We are planning on hundreads of
these nodes if not more. The three node environment is just a proof of
concept.
 
Thanks again,
John








_______________________________________________
Voyage-linux mailing list
Voyage-linux at list.voyage.hk
http://list.voyage.hk/mailman/listinfo/voyage-linux







-- 
----------------------------------------------------------
 
Markus Fischer
brown-iposs GmbH
Friedrich-Breuer-Straße 120, 53225 Bonn
 
Tel:    +49 (0) 228 299 799 80
Mobile: +49 (0) 170 310 035 5
Fax:    +49 (0) 228 299 799 84
 
mailto:markus.fischer at brown-iposs.eu
----------------------------------------------------------
 






-- 
----------------------------------------------------------
 
Markus Fischer
brown-iposs GmbH
Friedrich-Breuer-Straße 120, 53225 Bonn
 
Tel:    +49 (0) 228 299 799 80
Mobile: +49 (0) 170 310 035 5
Fax:    +49 (0) 228 299 799 84
 
mailto:markus.fischer at brown-iposs.eu
----------------------------------------------------------
PGP key available on request.
PGP Fingerprint: 96FD 4903 873B 86FF 6B03 B279 BC64 8EFE ABC4 6D88
 
Geschäftsführer: Dr. Bernd Schröder
HRB: 14385, Amtsgericht Bonn
Ust.-IDNr.: DE814670174
 
 
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
 
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.






_______________________________________________
Voyage-linux mailing list
Voyage-linux at list.voyage.hk
http://list.voyage.hk/mailman/listinfo/voyage-linux





-- 
----------------------------------------------------------
 
Markus Fischer
brown-iposs GmbH
Friedrich-Breuer-Straße 120, 53225 Bonn
 
Tel:    +49 (0) 228 299 799 80
Mobile: +49 (0) 170 310 035 5
Fax:    +49 (0) 228 299 799 84
 
mailto:markus.fischer at brown-iposs.eu
----------------------------------------------------------
PGP key available on request.
PGP Fingerprint: 96FD 4903 873B 86FF 6B03 B279 BC64 8EFE ABC4 6D88
 
Geschäftsführer: Dr. Bernd Schröder
HRB: 14385, Amtsgericht Bonn
Ust.-IDNr.: DE814670174
 
 
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
 
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.voyage.hk/pipermail/voyage-linux/attachments/20121218/4afab021/attachment.html>

More information about the Voyage-linux mailing list