Modify

Opened 7 years ago

Closed 6 years ago

Last modified 22 months ago

#5504 closed defect (fixed)

bcm-2.4 with iptables v1.4.3.2

Reported by: avico Owned by: jow
Priority: normal Milestone: Barrier Breaker 14.07
Component: kernel Version: Trunk
Keywords: Cc:

Description

hello.
got a dir-320 that runs bcm-2.4 trunk.

it seems there is an issue with iptables :

Jan 1 00:00:23 OpenWrt user.info sysinit: iptables v1.4.3.2: can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Jan 1 00:00:23 OpenWrt user.info sysinit: Perhaps iptables or your kernel needs to be upgraded.
Jan 1 00:00:23 OpenWrt user.info sysinit: iptables v1.4.3.2: can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Jan 1 00:00:23 OpenWrt user.info sysinit: Perhaps iptables or your kernel needs to be upgraded.
Jan 1 00:00:23 OpenWrt user.info sysinit: Loading synflood protection
Jan 1 00:00:24 OpenWrt user.info sysinit: Adding custom chains
Jan 1 00:00:24 OpenWrt user.info sysinit: Loading zones
Jan 1 00:00:25 OpenWrt user.info sysinit: iptables v1.4.3.2: can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Jan 1 00:00:25 OpenWrt user.info sysinit: Perhaps iptables or your kernel needs to be upgraded.
Jan 1 00:00:25 OpenWrt user.info sysinit: iptables v1.4.3.2: can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Jan 1 00:00:25 OpenWrt user.info sysinit: Perhaps iptables or your kernel needs to be upgraded.
Jan 1 00:00:25 OpenWrt user.info sysinit: Loading forwarding
Jan 1 00:00:25 OpenWrt user.info sysinit: Loading redirects
Jan 1 00:00:26 OpenWrt user.info sysinit: Loading rules
Jan 1 00:00:26 OpenWrt user.info sysinit: Loading includes
Jan 1 00:00:27 OpenWrt user.notice root: adding lan (br-lan) to firewall zone lan
Jan 1 00:00:27 OpenWrt user.info sysinit: iptables v1.4.3.2: can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Jan 1 00:00:27 OpenWrt user.info sysinit: Perhaps iptables or your kernel needs to be upgraded.
Jan 1 00:00:28 OpenWrt authpriv.info dropbear[549]: Running in background
Jan 1 00:00:28 OpenWrt user.info sysinit: sysctl: error: 'net.netfilter.nf_conntrack_checksum' is an unknown key
Jan 1 00:00:28 OpenWrt user.info sysinit: sysctl: error: 'net.ipv4.netfilter.ip_conntrack_checksum' is an unknown key

BR,
avico

Attachments (1)

628-netfilter_raw.patch (25.6 KB) - added by edgar.soldin@… 7 years ago.

Download all attachments as: .zip

Change History (16)

comment:1 Changed 7 years ago by anonymous

worth to note that i've installed all possible iptables modules,
still no progress.

comment:2 Changed 7 years ago by ivanp

same thing with 8.09 branch - latest svn version. No way to include raw table. I tried to compile it as module and directly into kernel image - same thing

comment:3 Changed 7 years ago by anonymous

somehow in include/netfilter.mk I had extra "," on line:
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_EXTRA,CONFIG_IP_NF_RAW, $(P_V4)iptable_raw),))
change it to:
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_EXTRA,CONFIG_IP_NF_RAW, $(P_V4)iptable_raw)))
and seems to be ok. Now I can load iptables raw table

comment:4 Changed 7 years ago by nico

  • Resolution set to worksforme
  • Status changed from new to closed
  • Version set to Trunk

This issue was fixed in [15854], please update your tree.

comment:5 Changed 7 years ago by Jan Klos <jan.klos@…>

The problem is still (or again?) here with brcm-2.4 and iptables 1.4.4. Probably has to do something with 5222... It would be nice to see the problem fixed by having raw/NOTRACK included in 2.4 rather than by removing them from 2.4's uci_firewall.sh. :-)

comment:6 follow-up: Changed 7 years ago by Jan Klos <jan.klos@…>

To be a little bit more precise: I still having both the "can't initialize iptables table `raw'" and the "'net.netfilter.nf_conntrack_checksum' & 'net.ipv4.netfilter.ip_conntrack_checksum' is an unknown key" messages.

comment:7 in reply to: ↑ 6 Changed 7 years ago by anonymous

Replying to Jan Klos <jan.klos@…>:

To be a little bit more precise: I still having both the "can't initialize iptables table `raw'" and the "'net.netfilter.nf_conntrack_checksum' & 'net.ipv4.netfilter.ip_conntrack_checksum' is an unknown key" messages.

same here with 17570

comment:8 Changed 7 years ago by edgar.soldin@…

In trunk 18608 kernel 2.4.37.5 the iptables raw patch seems not to be included. I fetched the latest I could find from

http://svn.netfilter.org/cgi-bin/viewcvs.cgi/netfilter-ha/trunk/patches/raw.patch?rev=1503&view=log

and modified it so it applies cleanly with trunk 18608. It compiles and the resulting kernel has the missing module and iptables does not complain anymore. The patch goes to

target/linux/generic-2.4/patches/628-netfilter_raw.patch

can anybody check if it is working properly? ..ede

Changed 7 years ago by edgar.soldin@…

comment:9 Changed 7 years ago by jow

  • Resolution worksforme deleted
  • Status changed from closed to reopened

comment:10 Changed 7 years ago by jow

  • Owner changed from developers to jow
  • Status changed from reopened to new

comment:11 Changed 7 years ago by jow

  • Status changed from new to assigned

comment:12 Changed 6 years ago by edgar.soldin@…

hi jow,

could you please also have a look at
https://dev.openwrt.org/ticket/6257
which is connected to this problem?

thx ede

comment:13 Changed 6 years ago by blerk

Got the same issue on r19704 today. The patch seems to solve it though. But I had to run make V=99 and select "m" twice during the compilation process to confirm the module.

comment:14 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from assigned to closed

Committed in r19721

comment:15 Changed 22 months ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.