Solved

How can I upgrade my iptable version from 1.3.5 to iptable 1.4.1 ?

Posted on 2008-06-15
11
1,116 Views
Last Modified: 2012-06-22
Hi Experts ,
When i try to use my iptable script command with timestart I receive
 "iptables v1.3.5: Couldn't load match `--timestart':/lib/iptables/libipt_--timestart.so: cannot open shared object file: No such file or directory" error.
My iptable script command :
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.17 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
My Iptable ver : v.1.3.5
My Os : Centos 5.1
I think I should update something about my iptable and kernel.Anyone advise me how I can do both of upgrade step bey step I am quite new in linux.
0
Comment
Question by:mehmetinoglu
  • 5
  • 4
  • 2
11 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21787900
Hm...is this related to the question I helped you with ? Actually you do not need an upgrade of Iptables you need to recompile your kernel with support for that module...If I am right about my first assumption tell me and I will give you another solution.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21788130
You can get iptables 1.4.1 from ftp://ftp.netfilter.org/pub/iptables. The iptables home page is http://www.netfilter.org/
It was only released a few days ago. You should probably fetch and run patch-o-matic to make sure your kernel has everything that's needed by it.
0
 

Author Comment

by:mehmetinoglu
ID: 21792961
Hi shakoush2001,
I have installed fedora 9 yesterday with kernel 2.6.25-14.fc9.i686.It's iptable's ver is iptables v1.4.0. and also same error is still existing.I think you are right.So how can I recompile my kernel with support for iptables timing module.
I tried to install support for timing in iptable but  when I try to use command  "./runme extra"  in patch-o-matic I received
Hey! KERNEL_DIR is not set.
Where is your kernel? [/usr/src/linux]
error.If this situation related to our trouble can you assist me for this.
Thanks in advance your help.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21793101
You could simply create two scripts

enable.sh

and

disable.sh

those two scripts will be run by cron at two specific times and enable + disable access  at those times

The two sh files will include iptables rules to enable or disable IPs on dansguardian
if you like that approach I can help you out.
0
 

Author Comment

by:mehmetinoglu
ID: 21794234
Thx for your advice but I can solve my trouble on temporary base with your solution.I also want to use Iptable enhanced functions especially timing.So I have to solve  "./runme extra"  in patch-o-matic problem.I am still waiting every ones suggestion on installing patch-o-matic installation ending with error "Hey! KERNEL_DIR is not set."
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21798024
Is Linux source installed on your system?
patch-o-matic will be looking in the directory /lib/modules/$(uname -r) for 2 symbolic links: "source" and "build". Check whether you have these links and verify they point to existing directories.
0
 

Author Comment

by:mehmetinoglu
ID: 21913616
CC [M]  net/ipv4/netfilter/ipt_time.o
net/ipv4/netfilter/ipt_time.c:159: warning: initialization from incompatible pointer type
net/ipv4/netfilter/ipt_time.c:163: warning: initialization from incompatible pointer type

When I recompile my kernel.I receive above mentioned error.I have tested it on fedora 9,fedora8 both result with same error on kernel recompile process.
My iptable ver :iptables-1.3.8.tar
Kernel : linux-2.6.23.9
patchomatic ver : patch-o-matic-ng-20071208
netfilter layer: netfilter-layer7-v2.16.1
Thanks in advance.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21915252
They're only warnings, it may be all right to ignore them. I can't check straight away - my (older) source is different. Will aim to check at the weekend if no-one else comes up with a definitive answer meantime
0
 

Author Comment

by:mehmetinoglu
ID: 21922805
Thanks duncan.if you give your source version running I can also test them until weekend.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21939800
Rather mixed results. iptables1.4.1.1 (the latest) is in a new format (for iptables) with regular configure It seems patch-o-matic has not caught up with this format, because on running it, I get:

Your iptables version  is unknown for patch-o-matic at ./runme line 333

It's a little hard to see, but there are actually 2 spaces between "version" and "is". That means the scripts weren't able to determine the iptables version.

When I run patch-o-matic against iptables-1.4.0, it tells me that my 2.6.25.4 kernel is up to date - no patches required.

BUT

there is no ipt_time.c patch.

Either tonight or tomorrow night, I will probe a little further. After thet, I have to go into hospital for an operation so will be off the air for a few weeks.

BTW I think you should use "timestart" instead of "--timestart": the .so fie will be called libipt_timestart.so - again not there in iptables 1.4
0
 
LVL 34

Accepted Solution

by:
Duncan Roe earned 500 total points
ID: 21939994
The 1.4.0 time module seems to be what you want. It does have a --timestart option. The latest kernel would appear to contain the code (that's what patch-o-matic said, anyway, in my previous post).
I've attached the 1.4.0 man file for your perusal. Save it to a file (called, say, myfile) then do "man ./myfile".

iptables.8.txt
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question