[Firehol-support] Errors when running firehol

Jason Miller jason at milr.com
Sat Jan 24 01:26:06 CET 2015


On 00:04 Sat 24 Jan     , Phil Whineray wrote:
> On Fri, Jan 23, 2015 at 03:26:16PM -0800, Jason Miller wrote:
> > Hi Phil,
> > On 22:58 Fri 23 Jan     , Phil Whineray wrote:
> > > Hi Jason
> > > 
> > > On Fri, Jan 23, 2015 at 02:09:44PM -0800, Jason Miller wrote:
> > > > I got a lot of errors the first time I tried running firehol 2.0:
> > > > 
> > > > 
> > > > iptables: No chain/target/match by that name.
> > > 
> > > Almost certainly your system does not have various iptables modules
> > > available to load.
> > This is what I thought initially too...
> > > 
> > > What kind of system / distribution are you running? Are you using a
> > > distribution kernel or is it one you've built yourself?
> > I'm on gentoo, I built my kernel itself; I've got nearly every CONFIG_NF
> > option turned on though; do I need a newer kernel?  I'm on 3.12.13:
> 
> No, that should be more than adequate. I have machines running 3.3
> through 3.16 without a similar problem. I haven't been rolling my own
> kernels, though.
> 
> > CONFIG_NF_CONNTRACK=y
> ...
> > CONFIG_NF_CONNTRACK_FTP=y
> ...
> > CONFIG_NF_NAT_FTP=m
> 
> It will likely turn out to be the same problem for all the errors,
> so lets concentrate on ftp as that comes first.
> 
> Does the output of dmesg shed any light?
Nope, just the warning about automatic helper assignment being
deprecated
> 
> Is the NAT module getting loaded? Are you using NAT? The FTP conntrack helper
> appears to be built in, perhaps try building it as a module?
Yes to NAT being loaded and being used.  I'll retry FTP as a module, but
it takes about 30-40 minutes to build a kernel (It's ia 1.2GHz Via box),
so this will take a while to check.
> 
> Finally, I found this: https://dev.openwrt.org/ticket/13183
> is automatic helper assignment somehow disabled in your kernel? I don't
> know what the implications of that would be.
Nope, I checked, and it's definitely enabled.
> 
> Regards
> Phil
> 


More information about the Firehol-support mailing list