iptables, netfilter module is missing :(
Forum » Forum / My Book World Edition (white light) » iptables, netfilter module is missing :(
Started by: david_tre07david_tre07
On: 1245709809|%e %b %Y, %H:%M %Z|agohover
Number of posts: 13
rss icon RSS: New posts
Summary:
How to create crosscompiling platform for building kernel modules ?
Unfold all | Fold all | +More options
fold
iptables, netfilter module is missing :(
david_tre07david_tre07 1245709809|%e %b %Y, %H:%M %Z|agohover

Hi all,

sorry for my English, I'm French.
I have read in this forum that some persons are able to compil kernel module. As I want to use iptables I need to compile the filter module.
Can someone give me (us) a step by step tutorial so I can compil kernel modules.

My MBWE is the white light with firmware : 01.00.16 (MioNet 2.3.9.13)
cat /proc/version
Linux version 2.6.24.4 (brian@dualla) (gcc version 4.2.4) #1 Tue Feb 10 11:00:22 GMT 2009

ls -l /lib/libc-*
-rwxr-xr-x 1 root root 1067488 Mar 17 07:15 /lib/libc-2.3.4.so

Thanks for your help
Regards.

reply | options
unfold iptables, netfilter module is missing :( by david_tre07david_tre07, 1245709809|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
tomas123tomas123 1245775560|%e %b %Y, %H:%M %Z|agohover

Do you have tried this package?
http://ipkg.nslu2-linux.org/feeds/optware/cs05q1armel/cross/unstable/iptables_1.2.11-2_arm.ipk

reply | options
unfold Re: iptables, netfilter module is missing :( by tomas123tomas123, 1245775560|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
david_tre07david_tre07 1245792625|%e %b %Y, %H:%M %Z|agohover

Yes I did.
If you try to start iptables (iptables -L for example) you got:
"iptables v1.2.11: can't initialize iptables table ‘filter’: iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded."

And if I check inside /lib/modules/2.6.24.4/kernel/net there is no netfilter modules

I think also it is good to know how to compil new kernel modules or packages ;)

reply | options
unfold Re: iptables, netfilter module is missing :( by david_tre07david_tre07, 1245792625|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
david_tre07david_tre07 1246491551|%e %b %Y, %H:%M %Z|agohover

No idea ?
I am the only one that want to secure the disk ?
:(

reply | options
unfold Re: iptables, netfilter module is missing :( by david_tre07david_tre07, 1246491551|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
boondoklifeboondoklife 1246496462|%e %b %Y, %H:%M %Z|agohover

I did think about this module, but for another reason, too and no i dont seem to find it anywhere. You could possibly roll your own kernel and what not but when you think about it, It is really not necessary as it will be behind your router anyways in most cases. On top of this you know what will be run on it and know that no malicious code will be run on it with out your ok. Port wise the only things open will be what you set to open. I think samba is all by default but after the hack there is ssh atleast.

check out netstat -an and you can take a look if you are extra paranoid.

while ( love & passion ) {
for( fight = 0 ; rights < freedom ; rights++ )
fight = standup( rights );
free( babylon ); }

options
unfold Re: iptables, netfilter module is missing :( by boondoklifeboondoklife, 1246496462|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
fraterfrater 1246513614|%e %b %Y, %H:%M %Z|agohover

I am the only one that want to secure the disk ?

Yes, I guess so….
If you're unsure about your firewall between the Internet and your LAN you could add some security there.
Not at all necessary….
Just a very very very small percentage of the security-breaches have something to do with 'real hacking'.

last edited on 1246513997|%e %b %Y, %H:%M %Z|agohover by frater + show more
options
unfold Re: iptables, netfilter module is missing :( by fraterfrater, 1246513614|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
david_tre07david_tre07 1246660981|%e %b %Y, %H:%M %Z|agohover

:(
iptables, I am lovin it.. (McDonald's advertising ;) )
Yes I know that I am paranoid but I think it is very important. I don't want to expose my personal photos.

My router beetween Internet and my LAN is provided by my service provider and there is no way to filter the source IP.
You can just forward an outside port to a inside port.

But behind this question there is a more general one.
How to compil a new kernel module for the white ring disk?

Please no answer like "did you try the toolchain ?"
I tried it and it is a nightmare.
I think, without a clear procedure about how to do it, I cannot do it.

options
unfold Re: iptables, netfilter module is missing :( by david_tre07david_tre07, 1246660981|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
alllexxalllexx 1246680717|%e %b %Y, %H:%M %Z|agohover

Don't expect any detailed instructions from me, until I get a whitelight, but as far as I can tell the general idea is:
1. Get the GPL source code archive and extract
All you need is in kernel/kernel-source
2. Extract buildroot-20080225.tar.bz2 - you'll get kernel/kernel-source/buildroot
3. Copy buildroot patches: cp kernel/kernel-source/buildroot-patches/* kernel/kernel-source/buildroot/ -rf
and apply: cd kernel/kernel-source/buildroot; ./snapshot.patch
4. Build the toolchain:
cd kernel/kernel-source/buildroot; make defconfig; make
5. cd kernel/kernel-source; ./setup-paths.sh
this will add your new toolchain dir to PATH
6. cd kernel/kernel-0.4.6 ; make oxnas_810_eabi_dse_defconfig ; make menuconfig ; make modules

P.S. You may need leon headers. I already shared them once, search the wiki

last edited on 1246681070|%e %b %Y, %H:%M %Z|agohover by alllexx + show more
options
unfold Re: iptables, netfilter module is missing :( by alllexxalllexx, 1246680717|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
david_tre07david_tre07 1246692805|%e %b %Y, %H:%M %Z|agohover

Thanks alllexx,
It is a good start but my major problem is gcc. My version of gcc is not the same off the compiled kernel inside the HDD…
My version in fedora is 4.4.0 and the MBWE is 4.2.4

Do you know how to solve such problem ?
Do I need to recompil gcc :( ?
There is gcc options so he tag module as compiled with 4.2.4 ?

options
unfold Re: iptables, netfilter module is missing :( by david_tre07david_tre07, 1246692805|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
alllexxalllexx 1246732623|%e %b %Y, %H:%M %Z|agohover

You can't use Fedora's native gcc to cross-compile the kernel modules, you obviously need a cross-compiler, thus, we use buildroot to get this arm-linux-uclibcgnueabi-gcc 4.2.4 toolchain.

last edited on 1246733331|%e %b %Y, %H:%M %Z|agohover by alllexx + show more
reply | options
unfold Re: iptables, netfilter module is missing :( by alllexxalllexx, 1246732623|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
david_tre07david_tre07 1246712890|%e %b %Y, %H:%M %Z|agohover

Here a step by step how to but the make doesn't work:

tar xvfz WD-MyBookWorld-v*-GPL.tar.gz
cd WD-MyBookWorld*
cd kernel
tar xvfz kernel-source.tar.gz
cd kernel-source
tar xvfj buildroot*.tar.bz2
cp buildroot-patches/* buildroot/ -rf

cd buildroot
./snapshot.patch . .

make defconfig
make

I got this error:

make[1]: Entering directory `/home/david/WD-MyBookWorld-v1.00.16-GPL/kernel/kernel-source/buildroot/toolchain_build_arm/linux-2.6.24'
  CHK     include/linux/version.h
  HOSTCC  scripts/unifdef
scripts/unifdef.c:209: error: conflicting types for ‘getline’
/usr/include/stdio.h:653: note: previous declaration of ‘getline’ was here
make[2]: *** [scripts/unifdef] Error 1
make[1]: *** [headers_install] Error 2
make[1]: Leaving directory `/home/david/WD-MyBookWorld-v1.00.16-GPL/kernel/kernel-source/buildroot/toolchain_build_arm/linux-2.6.24'
make: *** [/home/david/WD-MyBookWorld-v1.00.16-GPL/kernel/kernel-source/buildroot/toolchain_build_arm/linux/.configured] Error 2

Any idea ?
last edited on 1246725543|%e %b %Y, %H:%M %Z|agohover by david_tre07 + show more
reply | options
unfold Re: iptables, netfilter module is missing :( by david_tre07david_tre07, 1246712890|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
alllexxalllexx 1246732367|%e %b %Y, %H:%M %Z|agohover

It's evident that there's something wrong with `getline` function definition in scripts/unifdef.c, so, I guess, you should change it to match the declaration in /usr/include/stdio.h

P.S. By following these instructions, you get the full whitelight rootfs built, so you may want to edit buildroot/.defconfig to disable building anything but the minimal toolchain.

last edited on 1246732762|%e %b %Y, %H:%M %Z|agohover by alllexx + show more
reply | options
unfold Re: iptables, netfilter module is missing :( by alllexxalllexx, 1246732367|%e %b %Y, %H:%M %Z|agohover
fold
Re: iptables, netfilter module is missing :(
david_tre07david_tre07 1246740002|%e %b %Y, %H:%M %Z|agohover

The bad news, by default:
- the kernel is 2.6.22.10 but the actual kernel is 2.6.24.4
- the gcc is 4.1.2 but we need 4.2.4

So I have modified the right Config.in so when I start make menuconfig, the kernel 2.6.24 is available but gcc max version is only 4.2.1.

I think that the tool chain provided by WD is not the right version.

Pffff as I say this toolchain is a nightmare :(

reply | options
unfold Re: iptables, netfilter module is missing :( by david_tre07david_tre07, 1246740002|%e %b %Y, %H:%M %Z|agohover
New post
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License