Iptables/netfilter modules missing from Linpus

Due to its size and Linux OS, the AAO is potentially useful as a mobile wifi router and firewall, but all my attempts at setting up packet filtering on Linpus have failed so far because the kernel lacks all modules relating to Iptables:
Loading modules: FATAL: Module ip_tables not found.
ip_tables FATAL: Module iptable_filter not found.
iptable_filter FATAL: Module iptable_mangle not found.
iptable_mangle FATAL: Module iptable_nat not found.
iptable_nat FATAL: Module ip_conntrack not found.
ip_conntrack FATAL: Module ipt_state not found.
ipt_state FATAL: Module ip_conntrack_ftp not found.
ip_conntrack_ftp FATAL: Module ip_nat_ftp not found.
ip_nat_ftp FATAL: Module ip_queue not found.

Where can these modules be found? Can they be moved from another Linux version?

 

It is my understanding that you will need to recompile the kernel with iptables options set correctly. I have just got my machine working with USB Modem support and also with my home wireless network behind a proxy. I don't want to try to mess with the kernel and have to start all over. If someone recompiles a kernel with iptables support, I would love to see it posted somewhere.

 

I'd like to second the comment from Marcus about getting netfilter/iptable support on the one.

I have tried various distro but came back to Linpus for the overall performance.

My problem lies in getting Internet connection sharing working between a 3G cellphone via USB and the ethernet port. Firestarter does the trick with other distros but no go with Linpus.

I have tried to recompile the Kernel but I'm too new to this and messed-up the machine a couple times.

Anybody can offer advice on how to achieve this?

 

I too am very interested to know how to get iptables working with Acer Aspire One Linpus Linux.

I have compiled the iptables modules but have encountered problems loading the modules into the Linpus kernel.

Here are the steps I used. Hopefully these steps might help someone figure out how to get iptables modules working with the Linpus kernel. I have been unable to get past the error in the last step.

* Install software for firewall application firestarter

Code:

sudo yum install firestarter iptables

When trying to run firestarter, a message is displayed indicating that the kernel does not support iptables.

FIREWALL IPTABLES MODULE BUILD
==============================

[EDIT: Oops, forgot to add this section on installing required packages ]
* Installing required packages for compiling kernel modules

Code:

sudo yum install make
sudo yum install gcc glibc-devel glibc-headers kernel-headers
sudo yum install autoconf imake
sudo yum install automake
sudo yum install ncurses-devel

* Download Acer Aspire One linux kernel

ftp://[email protected]/Aspire_O ... 23.9lw.zip
OR
http://ftp.twaren.net/Linux/Linpus/Aspi ... 23.9lw.zip

* Extract zip file into user writable /usr/src/2.6.23.9 directory

Code:

cd /usr/src
sudo mkdir linux-2.6.23.9
sudo chown user.user linux-2.6.23.9
unzip ~user/Downloads/linux-2.6.23.9lw.zip

* Since the kernel has lw appended to the version name I did the same
to the directory. Note, this is not required.

Code:

sudo mv linux-2.6.23.9 linux-2.6.23.9lw

* Change into the directory

Code:

cd linux-2.6.23.9lw

* If you try to run make right away, the following error is shown.

Code:

  $ make
scripts/kconfig/conf -s arch/i386/Kconfig

*** Error during writing of the kernel configuration.

make[2]: *** [silentoldconfig] Error 1
make[1]: *** [silentoldconfig] Error 2
make: *** No rule to make target `include/config/auto.conf', needed by
`include/config/kernel.release'. Stop.

* Fix something that will cause a "make mrproper" error with a message about
rm: cannot remove `include/asm': Is a directory.
The directory include/asm should have been a symbolic link.
E.g., ln -sv include/asm-i386 include/asm

Code:

rm -rf include/asm

* Prepare the kernel sources (and hence prevent above errors)

Code:

make mrproper

* Copy the original kernel config file

Code:

cp /boot/config_080627 .config

* Select the kernel configuration options for iptables
Note that due to compilation problems I disabled DSCP and ECN.
I did not enable any experimental or obsolete options.

Code:

make menuconfig

Following are the options I selected:

Code:

      Networking  --->
        [*] Neworking support
          Networking options  --->
            [*] Network packet filtering framework (Netfilter)  --->
              Core Netfilter Configuration  --->
                <M> Netfilter netlink interface
                  <M> Netfilter NFQUEUE over NFNETLINK interface
                  <M> Netfilter LOG over NFNETLINK interface
                <M> Netfilter connection tracking support
                [*] Connection tracking flow accounting
                [*] Connection mark tracking support
                [ ] Conection tracking events (EXPERIMENTAL)
                < > SCTP protocol connection tracking support (EXPERIMENTAL)
                < > UDP-Lite protocol connection tracking support (EXPERIMENTAL)
                < > Amanda backup protocol support
                <*> FTP protocol support
                < > H.323 protocol support (EXPERIMENTAL)
                <*> IRC protocol support
                < > NetBIOOS name service protocol support (EXPERIMENTAL)
                <M> PPtp protocol support
                < > SANE protocol support (EXPERIMENTAL)
                < > SIP protocol support (EXPERIMENTAL)
                <M> TFTP protocol support
                < > Connection tracking netlink interface (EXPERIMENTAL)
                <M> Netfilter Xtables support (required for ip_tabless)
                  <M> "CLASSIFY" target support
                  <M> "CONNMARK" target support
                  < > "DSCP" target support
                  <M> "MARK" target support
                  <M> "NFQUEUE" target Support
                  <M> "NFLOG" target support
                  <M> "TRACE" target support
                  <M> "TCPMSS" target support
                  <M> "comment" match support
                  <M> "connbytes" per-connection counter match support
                  <M> "connlimit" match support"
                  <M> "connmark" connect mark match support
                  <M> "conntrack" connectin tracking match support
                  <M> "DCCP" protocol match support
                  < > "DSCP" match support
                  <M> "ESP" match support
                  <M> "helper" match support
                  <M> "length" match support
                  <M> "limit" match support
                  <M> "mac" match support
                  <M> "mark" match support
                  <M> IPsec "policy" match support
                  <M> Multiple port match support
                  <M> "pkttype" packet type match support
                  <M> "quota" match support
                  <M> "realm" match support
                  < > "sctp" protocol match support (EXPERMENTAL)
                  <M> "state" match support
                  <M> "statistic" match support
                  <M> "string" match support
                  <M> "tcpmss" match support
                  <M> "u32" match support
                  <M> "haslimit" match support

              IP: Netfilter Configuration  --->
                <M> IPv4 connection tracking support (reqiured for NAT)
                [*]   proc/sysctl compatibilty with old connection tracking
                < > IP Userspace queueing via NETLINK (OBSOLETE)
                <M> IP tables support (required for filtering/masq/NAT)
                  <M> IP range match support
                  <M> TOS match support
                  <M> recent match support
                  < > ECN match suport
                  <M> AH match support
                  <M> TTL match support
                  <M> Owner match support
                  <M> address type match support
                  <M> Packet filtering
                    <M> REJECT target support
                  <M> LOG target support
                  <M> ULOG target support
                  <M> Full NAT
                    <M> MASQUERADE target support
                    <M> REDIRECT target support
                    <M> NETMAP target support
                    < > SAME target support (OBSOLETE)
                    < > Basic SNMP-ALG support (EXPERIMENTAL)
                  <M> Packet mangling
                    <M> TOS target support
                    < > ECN target support
                    <M> TTL target support
                    < > CLUSTERIP target support (EXPERIMENTAL)
                  < > raw table support (required for NOTRACK/TRACE)
                <M> ARP tables support
                  <M> ARP packet filtering
                  <M> ARP payload mangling

* Compile the modules (NOTE: this takes a while)

Code:

make

* Create directories for the modules

Code:

sudo mkdir /lib/modules/2.6.23.9lw/kernel/net/ipv4/netfilter
sudo mkdir /lib/modules/2.6.23.9lw/kernel/net/netfilter

* Change ownership of the new module directories

Code:

sudo chown user.user /lib/modules/2.6.23.9lw/kernel/net/ipv4/netfilter
sudo chown user.user /lib/modules/2.6.23.9lw/kernel/net/netfilter

* Copy the modules into these newly created directories

# Copies 29 .ko files

Code:

cp -p /usr/src/linux-2.6.23.9lw/net/ipv4/netfilter/*.ko \
          /lib/modules/2.6.23.9lw/kernel/net/ipv4/netfilter

# Copies 40.ko files

Code:

cp -p /usr/src/linux-2.6.23.9lw/net/netfilter/*.ko \
          /lib/modules/2.6.23.9lw/kernel/net/netfilter

* Update the module dependencies

Code:

sudo depmod

* Load the x_tables module needed for ip_tables

Code:

sudo modprobe x_tables

* Load the ip_tables module

Code:

sudo modprobe ip_tables

The following error message is displayed

Code:

FATAL:  Error inserting ip_tables (/lib/modules/2.6.23.9lw/kernel/net/ipv4/netfilter/ip_tables.ko): Unknown symbol in module, or unknonwn parameter (see dmesg)

* The dmesg command displays the following:

Code:

ip_tables: Unknown symbol nf_register_sockopt
ip_tables: Unknown symbol nf_unregister_sockopt

Does anyone know how to address these problems?

I have also tried compiling a new kernel, but for some reason it does not enable all of the hardware features such as ethernet or sound. I also discovered that the grub booter that Acer has installed does not work as per normal grub, but that's a different story....