OpenWrt Forum Archive

Topic: Not able to populate the iptable rules using firewall3 start

The content of this topic has been archived on 17 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
srinivas.venumuddala
16 Jan 2018, 08:38

Hi,
        I'm new to OperWrt packages and started using the firewall-2017-11-07-c4309372.tar.xz  from sources.openwrt.org. i have cross compiled the package for mips-linux and loaded the binary on to my router, but when i started it, iptable rules were not formed with following warning..

[root@DPU504G_BCM380 config]# firewall3 start
* Populating IPv4 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Rule 'Allow-Ping'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-IGMP'
   * Forward 'lan' -> 'wan'
Warning: iptc_commit(): No chain/target/match by that name
* Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
Warning: iptc_commit(): No chain/target/match by that name
* Set tcp_ecn to off
* Set tcp_syncookies to on
   ! Unable to write value: No such file or directory
* Set tcp_window_scaling to on
can someone give me any suggestions to resolve this issue..

Post #2
Antek
16 Jan 2018, 11:22

Check your /etc/config/network and /etc/config/firewall files. Make sure the networks are defined correctly, and that the firewall configuration uses the same network names.

Post #3
srinivas.venumuddala
16 Jan 2018, 14:59

Antek,
            There are not much configuration in my files, you can see below
cat /etc/config/network

config interface loopback
        option ifname   lo
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0
config interface wan
        option ifname 'eth0'
        option type anywan
        option proto dhcp
        option macaddr '00:10:18:00:00:05'

config interface lan
        option type bridge
        option proto static
        option ipaddr 192.168.1.254
        option netmask 255.255.255.0
        option ifname 'eth1 eth2 eth3'

cat /etc/config/firewall
config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Post #4
eduperez
16 Jan 2018, 15:02

I guess that there is some dependency issue, most probably some kernel module.
Why did you download the .tar.xz file, instead of installing the .ipk package?

Post #5
srinivas.venumuddala
16 Jan 2018, 15:10

eduperez,
           My build environment doesn't have the facility to use the opkg utility,so i had to download each package and compile them individually by writing my own make files.

The discussion might have continued from here.