Solved

How can I upgrade my iptable version from 1.3.5 to iptable 1.4.1 ?

Posted on 2008-06-15
11
1,087 Views
Last Modified: 2012-06-22
Hi Experts ,
When i try to use my iptable script command with timestart I receive
 "iptables v1.3.5: Couldn't load match `--timestart':/lib/iptables/libipt_--timestart.so: cannot open shared object file: No such file or directory" error.
My iptable script command :
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.17 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
My Iptable ver : v.1.3.5
My Os : Centos 5.1
I think I should update something about my iptable and kernel.Anyone advise me how I can do both of upgrade step bey step I am quite new in linux.
0
Comment
Question by:mehmetinoglu
  • 5
  • 4
  • 2
11 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21787900
Hm...is this related to the question I helped you with ? Actually you do not need an upgrade of Iptables you need to recompile your kernel with support for that module...If I am right about my first assumption tell me and I will give you another solution.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21788130
You can get iptables 1.4.1 from ftp://ftp.netfilter.org/pub/iptables. The iptables home page is http://www.netfilter.org/
It was only released a few days ago. You should probably fetch and run patch-o-matic to make sure your kernel has everything that's needed by it.
0
 

Author Comment

by:mehmetinoglu
ID: 21792961
Hi shakoush2001,
I have installed fedora 9 yesterday with kernel 2.6.25-14.fc9.i686.It's iptable's ver is iptables v1.4.0. and also same error is still existing.I think you are right.So how can I recompile my kernel with support for iptables timing module.
I tried to install support for timing in iptable but  when I try to use command  "./runme extra"  in patch-o-matic I received
Hey! KERNEL_DIR is not set.
Where is your kernel? [/usr/src/linux]
error.If this situation related to our trouble can you assist me for this.
Thanks in advance your help.
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21793101
You could simply create two scripts

enable.sh

and

disable.sh

those two scripts will be run by cron at two specific times and enable + disable access  at those times

The two sh files will include iptables rules to enable or disable IPs on dansguardian
if you like that approach I can help you out.
0
 

Author Comment

by:mehmetinoglu
ID: 21794234
Thx for your advice but I can solve my trouble on temporary base with your solution.I also want to use Iptable enhanced functions especially timing.So I have to solve  "./runme extra"  in patch-o-matic problem.I am still waiting every ones suggestion on installing patch-o-matic installation ending with error "Hey! KERNEL_DIR is not set."
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21798024
Is Linux source installed on your system?
patch-o-matic will be looking in the directory /lib/modules/$(uname -r) for 2 symbolic links: "source" and "build". Check whether you have these links and verify they point to existing directories.
0
 

Author Comment

by:mehmetinoglu
ID: 21913616
CC [M]  net/ipv4/netfilter/ipt_time.o
net/ipv4/netfilter/ipt_time.c:159: warning: initialization from incompatible pointer type
net/ipv4/netfilter/ipt_time.c:163: warning: initialization from incompatible pointer type

When I recompile my kernel.I receive above mentioned error.I have tested it on fedora 9,fedora8 both result with same error on kernel recompile process.
My iptable ver :iptables-1.3.8.tar
Kernel : linux-2.6.23.9
patchomatic ver : patch-o-matic-ng-20071208
netfilter layer: netfilter-layer7-v2.16.1
Thanks in advance.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21915252
They're only warnings, it may be all right to ignore them. I can't check straight away - my (older) source is different. Will aim to check at the weekend if no-one else comes up with a definitive answer meantime
0
 

Author Comment

by:mehmetinoglu
ID: 21922805
Thanks duncan.if you give your source version running I can also test them until weekend.
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 21939800
Rather mixed results. iptables1.4.1.1 (the latest) is in a new format (for iptables) with regular configure It seems patch-o-matic has not caught up with this format, because on running it, I get:

Your iptables version  is unknown for patch-o-matic at ./runme line 333

It's a little hard to see, but there are actually 2 spaces between "version" and "is". That means the scripts weren't able to determine the iptables version.

When I run patch-o-matic against iptables-1.4.0, it tells me that my 2.6.25.4 kernel is up to date - no patches required.

BUT

there is no ipt_time.c patch.

Either tonight or tomorrow night, I will probe a little further. After thet, I have to go into hospital for an operation so will be off the air for a few weeks.

BTW I think you should use "timestart" instead of "--timestart": the .so fie will be called libipt_timestart.so - again not there in iptables 1.4
0
 
LVL 34

Accepted Solution

by:
Duncan Roe earned 500 total points
ID: 21939994
The 1.4.0 time module seems to be what you want. It does have a --timestart option. The latest kernel would appear to contain the code (that's what patch-o-matic said, anyway, in my previous post).
I've attached the 1.4.0 man file for your perusal. Save it to a file (called, say, myfile) then do "man ./myfile".

iptables.8.txt
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now