I am trying to set up an internet gateway, and I need iptables to do it so I can forward the internet through right. Problem is I can't get iptables to work the way I feel it should. Anytime I try to set a rule I get a "modules ip_tables not found"

Included is all the input anybody should need to help me. Thanks.

argento iptables # emerge search iptables
[ Results for search key : iptables ]
[ Applications found : 3 ]


*  net-firewall/iptables
     Latest version available: 1.2.11-r3
     Latest version installed: 1.2.11-r3
     Size of downloaded files: 153 kB
     Description: Linux kernel (2.4+) firewall, NAT and packet mangling tools
     License:     GPL-2

argento iptables # /etc/init.d/iptables status
* status:  started
argento iptables # iptables --flush
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
argento iptables #
Have you tried loading the ip_tables module? And depend on what you want to do with the firewall you will probably need some of these too:

iptable_mangle 2072 0 (unused)
iptable_filter 1644 1
ipt_unclean 6808 1
ipt_ttl 568 0 (unused)
ipt_tos 472 0 (unused)
ipt_tcpmss 728 0 (unused)
ipt_state 504 5
ipt_pkttype 472 0 (unused)
ipt_owner 1240 0 (unused)
ipt_multiport 664 0 (unused)
ipt_mark 472 0 (unused)
ipt_mac 632 0 (unused)
ipt_limit 824 0 (unused)
ipt_length 472 0 (unused)
ipt_helper 664 0 (unused)
ipt_esp 568 0 (unused)
ipt_ecn 760 0 (unused)
ipt_dscp 472 0 (unused)
ipt_conntrack 984 0 (unused)
ipt_ah 600 0 (unused)
ipt_ULOG 3464 0 (unused)
ipt_TOS 952 0 (unused)
ipt_TCPMSS 2296 0 (unused)
ipt_REJECT 3160 0 (unused)
ipt_REDIRECT 728 0 (unused)
ipt_MIRROR 1176 0 (unused)
ipt_MASQUERADE 1304 2
ipt_MARK 696 0 (unused)
ipt_LOG 3320 0 (unused)
ipt_ECN 1592 0 (unused)
ipt_DSCP 984 0 (unused)
ip_queue 5360 0 (unused)
ip_nat_snmp_basic 8176 0 (unused)
ip_nat_irc 2256 0 (unused)
ip_nat_ftp 2832 0 (unused)
iptable_nat 16174 5 [ipt_REDIRECT ipt_MASQUERADE ip_nat_snmp_basic ip_nat_irc ip_nat_ftp]
ip_conntrack_irc 3216 1
ip_conntrack_ftp 4048 1
ip_conntrack 19716 2 [ipt_state ipt_helper ipt_conntrack ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]
arptable_filter 1392 0 (unused)
arp_tables 8928 1 [arptable_filter]
Yeah, you can compile the netfilter modules with the kernel.

Also, if you want to try a good firewall program (script), check out

emerge ipkungfu

I love it.
I am not looking for a fire wall. This is what I have going on. I have three other computers that I want on an internal network, so I pluged a switch into my second NIC and I created a DHCP service for them. So they all get IPs from my gentoo box. The problem is that just giving them IPs isn't enough. I need a DNS server and I need to be able to pass the packets through. So I have the dns server, but they still can't access the internet.

I was under the impresion that this could be accomplished using iptables, if I could get iptables to work that is. I can't do a "modprobe iptables" or any variation it seems. So whats the next guess?
router - you want to set up linux as a router - i think that is your configuration ....
should be easy to find that ...

yup = maybe 30 sec search - 30 sec look and type
ipkungfoo will also act as a router, you just have to specify that in the config file. For the most part, to make a linux install a router, you just need to:

echo "1" > /proc/sys/net/ipv4/ip_forward

Check out joey's firewall script, which also contains ip forwarding or "masquarding".
I added a 1 to ip_forward already and it not doing what it should. I can get DNS information, like if I put in ping it comes back saying it is trying to ping, but it can't get a single packet through. So I am going to go screw with trying to get iptables to run and then I will try to get the right packets going through iptables, but right now i can't set any rules or make iptables do anything.

well it's just a idea, but today I had this same problem , and the reason was NAT-ing was not set up (forgot it), and make sure the firewall can see your computer .

something like this should be tried

iptables -t nat -A POSTROUTING -s -j SNAT --to-source (public ip of firewall).

and if the firewall cannot ping your computer (could also cause such a problem, as you said right before this post)

route add -net netmask gw eth0 (for example)

if I did it, and missunderstood you , then please can you post a ASCII art of the pc's and how are they connected to what, and maybe a few ip's (except the public one smile.gif )

Robert B
You are all not understanding the problem.

The problem isn't with how to configure iptables to get what I want done, its that iptables wont configure in the first place.

If I try a iptables --flush or an iptables -t ...... or anything, I get an error. Thats the problem. So what is wrong with my iptables install (I just emerged it from portage) that is causing it to completely not run or what did I miss in the config?

Its not a rule issues, it the face that iptables wont start at all.
Can you give us a list of your modules you have loaded into the kernel with lsmod ? From your original error message, you're just missing a module.

Try to do a:

find /lib/modules/`uname -r`/ | grep ip_

to see what ip modules are available, originally you said you couldn't "modprobe iptables", but i think that might be "modprobe ip_tables". Double check your kernel config and make sure you have the proper modules selected, if you're unsure, read the help option in 'make menuconfig' for the items. If i had access to my server right now, i'd give you a list on what i have loaded, but i'm in school right now.
Ok, so the find command didn't pull up anything to interesting. I had already tried to load ip_tables in adition to iptable and just about any other variation I could come up with.

Here is some more out put to look at.

argento 2.6.11-gentoo-r4 # lsmod
Module                  Size  Used by
nvidia               3914044  12
uhci_hcd               28032  0
parport_pc             29252  0
parport                30376  1 parport_pc
3c59x                  36664  0
8139too                19824  0
mii                     3728  2 3c59x,8139too
usbhid                 29984  0
nvsound              1535096  1
ehci_hcd               27320  0
ohci_hcd               18104  0
nvidia_agp              5580  1
agpgart                27432  2 nvidia,nvidia_agp
usbcore                98840  5 uhci_hcd,usbhid,ehci_hcd,ohci_hcd
argento 2.6.11-gentoo-r4 #

I posted this at the top, but here it is again

argento ~ # iptables --flush
FATAL: Module ip_tables not found.
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
argento ~ #

Anything else anybody wants to see?
That's your problem then, if the find command didn't find any of the modules that start with "ip_", then you don't have the modules needed on the system.

You need to go to your kernel config (you have a custom kernel, correct?), and go to the:

Device Drivers -> Networking Support -> Networking Options

And set "Network Packet filtering (replaces ipchains) to "Y", and then go into that section, and then "IP: Netfilter Configuration". From here, you can be safe and say "M" to all the options present to compile them all as modules. Anything that can't be set to "M", set it to "Y" (unless the help says otherwise). It might be beneficial to read the help on all these options to find out what they do.

After you do this, you can go ahead and recompile the kernel and modules.

This is all assuming you have a custom kernel, if you're using the stock kernel that came with your distro, you may have to create your custom kernel (unless your distro provides these modules in a seperate package, i don't know)

But, essentially, this is your problem, you need the ip_tables modules (among others), in order to use IPtables.

Hope this helps, any additional questions i'd be glad to answer.
