[Firehol-support] Errors when running firehol
Phil Whineray
phil at sanewall.org
Sat Jan 24 01:04:42 CET 2015
On Fri, Jan 23, 2015 at 03:26:16PM -0800, Jason Miller wrote:
> Hi Phil,
> On 22:58 Fri 23 Jan , Phil Whineray wrote:
> > Hi Jason
> >
> > On Fri, Jan 23, 2015 at 02:09:44PM -0800, Jason Miller wrote:
> > > I got a lot of errors the first time I tried running firehol 2.0:
> > >
> > >
> > > iptables: No chain/target/match by that name.
> >
> > Almost certainly your system does not have various iptables modules
> > available to load.
> This is what I thought initially too...
> >
> > What kind of system / distribution are you running? Are you using a
> > distribution kernel or is it one you've built yourself?
> I'm on gentoo, I built my kernel itself; I've got nearly every CONFIG_NF
> option turned on though; do I need a newer kernel? I'm on 3.12.13:
No, that should be more than adequate. I have machines running 3.3
through 3.16 without a similar problem. I haven't been rolling my own
kernels, though.
> CONFIG_NF_CONNTRACK=y
...
> CONFIG_NF_CONNTRACK_FTP=y
...
> CONFIG_NF_NAT_FTP=m
It will likely turn out to be the same problem for all the errors,
so lets concentrate on ftp as that comes first.
Does the output of dmesg shed any light?
Is the NAT module getting loaded? Are you using NAT? The FTP conntrack helper
appears to be built in, perhaps try building it as a module?
Finally, I found this: https://dev.openwrt.org/ticket/13183
is automatic helper assignment somehow disabled in your kernel? I don't
know what the implications of that would be.
Regards
Phil
More information about the Firehol-support
mailing list