[Firehol-support] Errors when running firehol

Jason Miller jason at milr.com
Sat Jan 24 02:17:18 CET 2015


On 16:26 Fri 23 Jan     , Jason Miller wrote:
> On 00:04 Sat 24 Jan     , Phil Whineray wrote:
> > On Fri, Jan 23, 2015 at 03:26:16PM -0800, Jason Miller wrote:
> > > Hi Phil,
> > > On 22:58 Fri 23 Jan     , Phil Whineray wrote:
> > > > Hi Jason
> > > > 
> > > > On Fri, Jan 23, 2015 at 02:09:44PM -0800, Jason Miller wrote:
> > > > > I got a lot of errors the first time I tried running firehol 2.0:
> > > > > 
> > > > > 
> > > > > iptables: No chain/target/match by that name.
> > > > 
> > > > Almost certainly your system does not have various iptables modules
> > > > available to load.
> > > This is what I thought initially too...
> > > > 
> > > > What kind of system / distribution are you running? Are you using a
> > > > distribution kernel or is it one you've built yourself?
> > > I'm on gentoo, I built my kernel itself; I've got nearly every CONFIG_NF
> > > option turned on though; do I need a newer kernel?  I'm on 3.12.13:
> > 
> > No, that should be more than adequate. I have machines running 3.3
> > through 3.16 without a similar problem. I haven't been rolling my own
> > kernels, though.
> > 
> > > CONFIG_NF_CONNTRACK=y
> > ...
> > > CONFIG_NF_CONNTRACK_FTP=y
> > ...
> > > CONFIG_NF_NAT_FTP=m
> > 
> > It will likely turn out to be the same problem for all the errors,
> > so lets concentrate on ftp as that comes first.
> > 
> > Does the output of dmesg shed any light?
> Nope, just the warning about automatic helper assignment being
> deprecated
> > 
> > Is the NAT module getting loaded? Are you using NAT? The FTP conntrack helper
> > appears to be built in, perhaps try building it as a module?
> Yes to NAT being loaded and being used.  I'll retry FTP as a module, but
> it takes about 30-40 minutes to build a kernel (It's ia 1.2GHz Via box),
> so this will take a while to check.
I finished trying this, and there was no change.
> > 
> > Finally, I found this: https://dev.openwrt.org/ticket/13183
> > is automatic helper assignment somehow disabled in your kernel? I don't
> > know what the implications of that would be.
> Nope, I checked, and it's definitely enabled.
> > 
> > Regards
> > Phil
> > 
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
> 


More information about the Firehol-support mailing list