View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Errors starting arno-iptables-firewall on Debian 6 32-bit
Log in to Ask a Question

Errors starting arno-iptables-firewall on Debian 6 32-bit

networking

Hello,

I'm getting the following errors when trying to install arno-iptables-firewall on my Debian 6 (the same problem is on Ubuntu 11.04). I'm executing the following command:

aptitude install arno-iptables-firewall

Then I enter some configuration values, specify ports to open, and when it asks to restart firewall, the following errors appear:

E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install.  Trying to recover:
Setting up arno-iptables-firewall (1.9.2.k-4) ...
Restarting Arno's Iptables Firewall...
/sbin/modprobe ip_tables: Module not found! Assuming compiled-in-kernel!
WARNING: (1) Module(s) "nf_conntrack|ip_conntrack" failed to load. Assuming compiled-in-kernel!
WARNING: (1) Module(s) "nf_conntrack_ftp|ip_conntrack_ftp" failed to load. Assuming compiled-in-kernel!
WARNING: (1) Module(s) "xt_conntrack|ipt_conntrack" failed to load. Assuming compiled-in-kernel!
WARNING: (1) Module(s) "xt_limit|ipt_limit" failed to load. Assuming compiled-in-kernel!
WARNING: (1) Module(s) "xt_state|ipt_state" failed to load. Assuming compiled-in-kernel!
WARNING: (1) Module(s) "xt_multiport|ipt_multiport" failed to load. Assuming compiled-in-kernel!
/sbin/modprobe iptable_filter: Module not found! Assuming compiled-in-kernel!
/sbin/modprobe iptable_mangle: Module not found! Assuming compiled-in-kernel!
/sbin/modprobe ipt_REJECT: Module not found! Assuming compiled-in-kernel!
/sbin/modprobe ipt_LOG: Module not found! Assuming compiled-in-kernel!
WARNING: (1) Module(s) "xt_TCPMSS|ipt_TCPMSS" failed to load. Assuming compiled-in-kernel!
WARNING: (1) Module(s) "xt_DSCP|ipt_DSCP|ipt_TOS" failed to load. Assuming compiled-in-kernel!
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
/sbin/iptables: (1) iptables: No chain/target/match by that name.
Jul 31 09:10:44 WARNING: Not all firewall rules are applied.
FAILED!
invoke-rc.d: initscript arno-iptables-firewall, action "restart" failed.
dpkg: error processing arno-iptables-firewall (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 arno-iptables-firewall

Could anyone help me please to handle this situation? I used arno-iptables-firewall on Debian 5 previously, and it was running just fine.

Thanks!

3 Replies

Nobody knows? :(

I don't believe the iptables modules are compiled in to the kernel. You'll need to obtain the kernel source for your Linode's kernel and compile the iptables modules against the headers.

You can check your kernel version by running:

uname -r

You can check http://www.linode.com/src for your kernel source. If it's not listed there, then we compiled that kernel from vanilla sources and you can snag the source from http://kernel.org/

You can also see what modules may be compiled in to the kernel:

zgrep -i "$module" /proc/config.gz

(replace $module with the module name)

You'll want to check these modules:

@try4tune: 

WARNING: (1) Module(s) "nf_conntrack|ip_conntrack" failed to load. Assuming compiled-in-kernel! 
WARNING: (1) Module(s) "nf_conntrack_ftp|ip_conntrack_ftp" failed to load. Assuming compiled-in-kernel! 
WARNING: (1) Module(s) "xt_conntrack|ipt_conntrack" failed to load. Assuming compiled-in-kernel! 
WARNING: (1) Module(s) "xt_limit|ipt_limit" failed to load. Assuming compiled-in-kernel! 
WARNING: (1) Module(s) "xt_state|ipt_state" failed to load. Assuming compiled-in-kernel! 
WARNING: (1) Module(s) "xt_multiport|ipt_multiport" failed to load. Assuming compiled-in-kernel! 
/sbin/modprobe iptable_filter: Module not found! Assuming compiled-in-kernel! 
/sbin/modprobe iptable_mangle: Module not found! Assuming compiled-in-kernel! 
/sbin/modprobe ipt_REJECT: Module not found! Assuming compiled-in-kernel! 
/sbin/modprobe ipt_LOG: Module not found! Assuming compiled-in-kernel! 
WARNING: (1) Module(s) "xt_TCPMSS|ipt_TCPMSS" failed to load. Assuming compiled-in-kernel! 
WARNING: (1) Module(s) "xt_DSCP|ipt_DSCP|ipt_TOS" failed to load. Assuming compiled-in-kernel!

You'll then need to compile the ones not found.

-Tim

Edit: I believe arno is failing because it's assuming the modules are there when they actually aren't.

If anyone's interested, there are two problems.

First, if you're usng a Linode kernel, you need to set MANGLE_TOS=0 in firewall conf. This is source of all those "chain not found" errors.

Second, if you're using a 3.0.0-kernel, the dashboard's "create modules.dep" option will create /lib/modules/3.0-linodeXX, not 3.0.0-linodeXX, which causes modprobe & co. to go crazy. I've just symlinked the directory for now.

Then, the "module not found, assuming compiled-in" lines are warnings, and can be disabled by COMPILEDINKERNEL_MESSAGES=0 in firewall.conf.

Yes, just "investigated" it… honestly, a matter of running the script under sh -x.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct