I have just found out that iptables isn't working at a (very) remote location. I can access the router but iptables can't work and NAT isn't working and I have a lot of people unable to do anything because of this.

Can someone assist please? What am I missing? This is on rb133 release from http://wifi.ozo.com/airo/openwrt/firmwa … 120/10522/

BusyBox v1.8.2 (2008-02-22 17:22:05 EET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
|       |.-----.-----.-----.|  |  |  |.----.|  |_
|   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
|_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
KAMIKAZE (bleeding edge, r10522) -------------------
  * 10 oz Vodka       Shake well with ice and strain
  * 10 oz Triple sec  mixture into 10 shot glasses.
  * 10 oz lime juice  Salute!
---------------------------------------------------
root@OpenWrt:/#
root@OpenWrt:/# iptables -L
iptables v1.3.8: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
root@OpenWrt:/# uname -a
Linux OpenWrt 2.6.24.2 #7 Mon Feb 25 10:01:39 EET 2008 mips unknown
root@OpenWrt:/# ipkg list_installed
base-files-adm5120 - 12-r10522 -
busybox - 1.8.2-1 -
dropbear - 0.50-3 -
hotplug2 - 0.9+r102-2 -
iptables - 1.3.8-2 -
iptables-mod-filter - 1.3.8-2 -
kernel - 2.6.24.2-adm5120-1 -
kmod-ipt-filter - 2.6.24.2-adm5120-1 -
kmod-sched - 2.6.24.2-adm5120-1 -
libgcc - 4.2.3-12 -
libuci - 0.3.0-1 -
mtd - 6 -
uci - 0.3.0-1 -
uclibc - 0.9.29-12 -
udevtrigger - 106-1 -
Done.
root@OpenWrt:/#
root@OpenWrt:/# lsmod
Module                  Size  Used by    Not tainted
root@OpenWrt:/#

(Last edited by posix on 27 Feb 2008, 20:13)

for performance reasons the iptables and netfilter code are compiled as modules.  there is a bug though that not all the necessary modules are included on the ipk packages.  I have opened a ticket about this here.  Until this issue is fixed you may get the additional modules here.  you need to load them on a proper order creating a relative file under the /etc/modules.d/ directory.

Be advised though that on an adm5120 platform with less than 32Mb of RAM ip_contrack does not operate  that well especially under heavy load, p2p traffic, torrents etc.

(Last edited by acoul on 27 Feb 2008, 21:56)

can you assist me here, what specific order does it all need to be in? can you do ls /etc/mobules.d on your router please and post output?

you should be able to find it your self.  I've done it in the past, so it works, but I don't have access to that router at this time, sorry.

If this is not what you want, you can always use a snapshot from the x-wrt folks

Just try to insmod one of the modules manually.  If it complains about missing symbols or something then you know something else needs to be inserted before it.  Based on the symbols it's looking for you might be able to tell which other module to insmod first.  Otherwise guess.  Eventually you will find a module that gets inserted without errors.  When that one is in, try the rest one by one until one of them goes in without errors.  Repeat until all the modules you need are inserted

Otherwise if you have a Linux PC with the same modules installed, you should be able to run "modinfo modulename" to get the dependencies for that module.

e.g.:

$ modinfo nf_conntrack_ftp
filename:       /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_ftp.ko
alias:          ip_conntrack_ftp
description:    ftp connection tracking helper
author:         Rusty Russell <rusty@rustcorp.com.au>
license:        GPL
srcversion:     6F2E67AE9E9ACDF34A6D82C
depends:        nf_conntrack
vermagic:       2.6.22-14-generic SMP mod_unload 586
parm:           ports:array of ushort
parm:           loose:bool

So from this you can see that the nf_conntrack_ftp module depends on the nf_conntrack module.

thanks acoul that helped! if you hadn't posted those modules I would've ended up with a dud router as those modules are available nowhere else! thanks again!

glad you did the trick.  can you please post the modules that need to be loaded for future readers that may have a similar problem.  please note that this is not a solution but a dirty hack.  The relative ticket needs to be resolved at some point, and I'll try to contribute at this direction as much as I can.

I'm still having a problem with 'mangle' so if you have a solution to that as well that would be great, but I only seem to need that for qos-scripts.

here is my /etc/modules.d:
root@OpenWrt:~# ls /etc/modules.d
20-iptables       40-ipt-extra      40-ipt-ipopt
30-tun            40-ipt-filter     40-ipt-nat
40-ipt-conntrack  40-ipt-imq        50-madwifi

and 20-iptables contains:
root@OpenWrt:~# cat /etc/modules.d/20-iptables
x_tables
ip_tables
iptable_filter
nf_nat
iptable_nat
nfnetlink

And that's it! Now iptables work (well, partially anyway, at least NAT and simple rules work)

(Last edited by posix on 28 Feb 2008, 19:17)

glad to hear the news.  If you can locate the missing modules, I 'll be happy to include them in a tar file.

do you have the iptable_mangle as well?