# iptables

## hulmeman

Ive set up a machine to use as a router.

I set up iptables according to this thread:

https://forums.gentoo.org/viewtopic.php?t=4881&start=0&postdays=0&postorder=asc&highlight=

It works fine, but I still get this error:

baz2 root # echo 1 > /proc/sys/net/ipv4/ip_forward

baz2 root # iptables -F

iptables v1.2.6a: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

baz2 root # lsmod

Module                  Size  Used by    Not tainted

ipt_MASQUERADE          1216   0  (unused)

iptable_nat            13460   0  [ipt_MASQUERADE]

ip_conntrack           13740   1  [ipt_MASQUERADE iptable_nat]

ip_tables              10624   4  [ipt_MASQUERADE iptable_nat]

n_hdlc                  6112   1

ppp_synctty             5120   1

ppp_generic            16012   3  [ppp_synctty]

slhc                    4688   0  [ppp_generic]

sound                  54540   0  (unused)

es1371                 26944   1

ac97_codec              9984   0  [es1371]

usb-ohci               17856   0  (unused)

ne2k-pci                5056   1

sr_mod                 11864   0  (autoclean)

ide-scsi                7680   0

baz2 root # iptables -t nat -F

baz2 root # iptables -P INPUT ACCEPT

iptables v1.2.6a: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

baz2 root # iptables -P OUTPUT ACCEPT

iptables v1.2.6a: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

baz2 root # iptables -P FORWARD ACCEPT

iptables v1.2.6a: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

baz2 root # iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Im just worried somethings not secure

Baz

[/code]

----------

## klieber

can you please post the output of the following:

```
cat /usr/src/linux/.config |grep FILTER
```

It sounds like you have a kernel option missing.

--kurt

----------

## hulmeman

Ah1

I assumed NETFILTER was enough!

baz2 root # cat /usr/src/linux/.config |grep FILTER

CONFIG_NETFILTER=y

# CONFIG_NETFILTER_DEBUG is not set

# CONFIG_FILTER is not set

# CONFIG_IP_NF_FILTER is not set

# CONFIG_PPP_FILTER is not set

Thanks

Baz

----------

## klieber

 *hulmeman wrote:*   

> # CONFIG_IP_NF_FILTER is not set

 

At the very least, you need to have this option enabled.  CONFIG_IP_NF_FILTER allows your kernel to filter traffic.  For a decent discussion about these options, try reading this

--kurt

----------

## hulmeman

Thanks

A 'light' read needed

Baz

----------

