Solved

How can I upgrade my iptable version from 1.3.5 to iptable 1.4.1 ?

Posted on 2008-06-15
11
1,149 Views
Last Modified: 2012-06-22
Hi Experts ,
When i try to use my iptable script command with timestart I receive
 "iptables v1.3.5: Couldn't load match `--timestart':/lib/iptables/libipt_--timestart.so: cannot open shared object file: No such file or directory" error.
My iptable script command :
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.17 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
My Iptable ver : v.1.3.5
My Os : Centos 5.1
I think I should update something about my iptable and kernel.Anyone advise me how I can do both of upgrade step bey step I am quite new in linux.
0
Comment
Question by:mehmetinoglu
  • 5
  • 4
  • 2
11 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21787900
Hm...is this related to the question I helped you with ? Actually you do not need an upgrade of Iptables you need to recompile your kernel with support for that module...If I am right about my first assumption tell me and I will give you another solution.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21788130
You can get iptables 1.4.1 from ftp://ftp.netfilter.org/pub/iptables. The iptables home page is http://www.netfilter.org/
It was only released a few days ago. You should probably fetch and run patch-o-matic to make sure your kernel has everything that's needed by it.
0
 

Author Comment

by:mehmetinoglu
ID: 21792961
Hi shakoush2001,
I have installed fedora 9 yesterday with kernel 2.6.25-14.fc9.i686.It's iptable's ver is iptables v1.4.0. and also same error is still existing.I think you are right.So how can I recompile my kernel with support for iptables timing module.
I tried to install support for timing in iptable but  when I try to use command  "./runme extra"  in patch-o-matic I received
Hey! KERNEL_DIR is not set.
Where is your kernel? [/usr/src/linux]
error.If this situation related to our trouble can you assist me for this.
Thanks in advance your help.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21793101
You could simply create two scripts

enable.sh

and

disable.sh

those two scripts will be run by cron at two specific times and enable + disable access  at those times

The two sh files will include iptables rules to enable or disable IPs on dansguardian
if you like that approach I can help you out.
0
 

Author Comment

by:mehmetinoglu
ID: 21794234
Thx for your advice but I can solve my trouble on temporary base with your solution.I also want to use Iptable enhanced functions especially timing.So I have to solve  "./runme extra"  in patch-o-matic problem.I am still waiting every ones suggestion on installing patch-o-matic installation ending with error "Hey! KERNEL_DIR is not set."
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21798024
Is Linux source installed on your system?
patch-o-matic will be looking in the directory /lib/modules/$(uname -r) for 2 symbolic links: "source" and "build". Check whether you have these links and verify they point to existing directories.
0
 

Author Comment

by:mehmetinoglu
ID: 21913616
CC [M]  net/ipv4/netfilter/ipt_time.o
net/ipv4/netfilter/ipt_time.c:159: warning: initialization from incompatible pointer type
net/ipv4/netfilter/ipt_time.c:163: warning: initialization from incompatible pointer type

When I recompile my kernel.I receive above mentioned error.I have tested it on fedora 9,fedora8 both result with same error on kernel recompile process.
My iptable ver :iptables-1.3.8.tar
Kernel : linux-2.6.23.9
patchomatic ver : patch-o-matic-ng-20071208
netfilter layer: netfilter-layer7-v2.16.1
Thanks in advance.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21915252
They're only warnings, it may be all right to ignore them. I can't check straight away - my (older) source is different. Will aim to check at the weekend if no-one else comes up with a definitive answer meantime
0
 

Author Comment

by:mehmetinoglu
ID: 21922805
Thanks duncan.if you give your source version running I can also test them until weekend.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21939800
Rather mixed results. iptables1.4.1.1 (the latest) is in a new format (for iptables) with regular configure It seems patch-o-matic has not caught up with this format, because on running it, I get:

Your iptables version  is unknown for patch-o-matic at ./runme line 333

It's a little hard to see, but there are actually 2 spaces between "version" and "is". That means the scripts weren't able to determine the iptables version.

When I run patch-o-matic against iptables-1.4.0, it tells me that my 2.6.25.4 kernel is up to date - no patches required.

BUT

there is no ipt_time.c patch.

Either tonight or tomorrow night, I will probe a little further. After thet, I have to go into hospital for an operation so will be off the air for a few weeks.

BTW I think you should use "timestart" instead of "--timestart": the .so fie will be called libipt_timestart.so - again not there in iptables 1.4
0
 
LVL 34

Accepted Solution

by:
Duncan Roe earned 500 total points
ID: 21939994
The 1.4.0 time module seems to be what you want. It does have a --timestart option. The latest kernel would appear to contain the code (that's what patch-o-matic said, anyway, in my previous post).
I've attached the 1.4.0 man file for your perusal. Save it to a file (called, say, myfile) then do "man ./myfile".

iptables.8.txt
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question