iptables - debian 2.4 kernel broken

[sde]

Quote:

# uname -a
Linux myhost 2.4.26-bf2.4 #1 SMP Wed May 26 08:34:11 PDT 2004 i686 GNU/Linux

Quote:

# iptables -L
modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

i've ran a dist-upgrade already, but i can not get iptables to work. ideas how i can make it work? i got major problems on our game server. all these ports are somehow magically opened including an ms-sql port( wtf? )

[teknomage1]

Did you upgrade your kernel recently?
First try modprobe ip_tables.
If that fails, make sure you have the source for your kernel installed, a symlink called /usr/src/linux should point there. As root cd to that directory and run 'make menuconfig' a curses interface will open up in the terminal. Use the arrow keys and spacebar to navigate to the category Networking Options. Hit M to activate IP Advanced Router and then move to the category Netfilter configuration and select Connection Tracking and IP Tables Support. After that hit escape until it asks you if you want to save your configuration, hit yes. Then enter the command 'make dep && make modules modules_install' Then try running modprobe again.

[sde]

i did upgrade the kernel a couple months ago to 2.4.

the modprobe ip_tables failed, and i don't have /usr/src/linux

i did the upgrade through apt-get .. maybe i blew past the iptables setting when i did.

the main problem is that i have all these ports showing up as open on a port scan ( 64.27.21.2 ) and i verified that none of those services are in fact running. i don't know how they got open. this is a game server with a couple people accessing it, so it was probably someone's doing.

is there any other way to patch this up?

[teknomage1]

Well if modprobe is failing, it means your kernel is currently lacking ip tables support. I haven't used debian but I assume you can either download a kernel with iptables built in or download the kernel source and follow the steps above.

[redhead]

All the ports that are showing as opened, could be falsely reported, if inetd is running. It is a service routing incomming connections to a given software depending on the accessed port number.
As default it will monitor all well known ports such as nfs/smbfs/ping/telnet/etc. Altho there are currently no active program listening on the specified port, a portscan will reveal it as open.

How ever, given the fact, that you are gettign a report on missing the ip_tables module I would think the case is more likely to be a failing firewall.

[sde]

i hosed it.

i tried to re-compile the kernel ( tekno helped me understand a lot over aim, thanks again! ) .. but toward the end i forgot to run lilo before i restarted the server.

it boots up to just li which means the MBR is screwed up. server is co-located and i have no boot disk.

it seems like debian is real picky about being re-compiled because i've tried to do this before and got the same thing.

the ONLY thing common between both instances where i tried to re-compile the kernel is that i didn't know to run lilo the first time, .. and the last time i forgot.

an admin at the data center is going to try to recover it today, .. but i'm not holding my breath.

[redhead]

Should be fairly easy to recover, just boot with any boot disk, then chroot to the place you've mounted root under, and run lilo from there, reboot and you're back up on the new kernel.

[sde]

ok, so we got the server back up, but it is very strange.

i have /boot/vmlinuz sym linked to the new 2.4.27 kenrel. /boot/vmlinuz.old linked to the 2.4.26 kernel.

we were able to get the server back up, but it is still booting to the old kernel even though 2.4.27 is what /boot/vmlinuz is linked to.

any ideas?

[sde]

when i run uname -a , where is it pulling this information from? i re-compiled again ( successfully this time ) , but uname still shows me at the 2.4.26 kernel.

even though i enabled iptables in the config, i still get this when i try to run iptables:

Quote:

# iptables -L
modprobe: Can't locate module ip_tables
iptables v1.2.11: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

[redhead]

uname is gettign the info from /proc/version so to check it, do a 'cat /proc/version' how ever this sounds like the default boot section in your lilo config is pointing to the old vmlinuz image..
Check that the "default" setting in the /etc/lilo.conf isn't pointing at the label made for the old vmlinuz.

[sde]

late last night i figured out that it was using /vmlinuz , not /boot/vmlinuz

after re-compiling again, and running lilo, it got screwed up again. it's difficult to do this over a network, so i just backed up everything and had the data center install a new o/s.