1 (edited by nicolay 2011-01-01 09:52:32)

Topic: iptables versions in Backfire

I'd like to use the xt_TEE module and have #opkg install 'kmod-ipt-tee_2.6.32.10+1.22-1_ar71xx.ipk '.
There is a file called /etc/modules.d/46-ipt-tee. But I lsmod and see no xt_TEE in the mod list. I'm sure the file /lib/modules/2.6.32.10/xt_TEE.ko exists.
But when I #insmod xt_TEE, I got error:

insmod: can't insert 'xt_TEE': unknown symbol in module, or unknown parameter

so I think maybe it's my iptables version 1.4.6 conflicts whith that kmod-ipt-tee (1.22). And I notice that there are iptables-mod-xxx-1.22 and iptables-mod-xxxx-1.4.6 packages in the backfire packages for download.

But I don't find iptables_1.2.2.pkg, only iptables_1.4.6. How can I do to get the xt_TEE loaded?

Re: iptables versions in Backfire

After a futher study, I found version 1.22 is of the xtables-addons. It doesn't  have anything to do with the iptables-1.46. They are two different packages.

But again, I've got iptables-mod-tee-1.22 and kmod-ipt-tee-1.22 both installed, I still can't get the tee extension function working. Same error.

Re: iptables versions in Backfire

Try installing kmod-ipt-compat-xtables_2.6.32.25+1.29-1_..  or equivalent in addition to all the other packages. I think that should do the trick

Re: iptables versions in Backfire

Thanks for the advice, does it mean I have to upgrade all backfire to 10.03 RC4 for matching the kernel version 2.6.32.25? Or just install all the (and the others) equiivalent packages, while keeping 10.0.3 original kernel version?

If it's the former, actually I did try upgrading several days ago, and bricked my WZR-HP-G300NH after reboot, totally cann't connect by all means.  Never mind, I bought another one , will try again in these days and report.

Re: iptables versions in Backfire

No - you just need to get the modules with same kernel versions as rest of your system.  In other words, you would need
kmod-ipt-compat-xtables-2.6.32.10

Re: iptables versions in Backfire

After insalled the followring pkgs in Backfire 10.0.3:

kmod-ipt-compat-xtables - 2.6.32.10+1.22-1
libxtables - 1.4.6-2
iptables-mod-tee - 1.22-1
kmod-ipt-tee - 2.6.32.10+1.22-1
iptables-mod-filter - 1.4.6-2
kmod-ipt-filter - 2.6.32.10-1
l7-protocols

I tried to issue iptables command:

iptables -A PREROUTING -t mangle -m layer7 --l7proto http -j ROUTE --gw 192.168.1.250 --tee

I got error:

iptables v1.4.6: unknown option `--gw'
Try `iptables -h' or 'iptables --help' for more information.

I'm sure it's the same problem as my first post. The xt_TEE module was not load. Cause I tried insmod xt_TEE, still same error:

insmod: can't insert 'xt_TEE': unknown symbol in module, or unknown parameter

Maybe this xt_TEE extension mod needs other kernel-mod in dependency which is not solved by now???

Re: iptables versions in Backfire

I haven't used TEE before - but have used other xtables-addons modules   - what you have installed does seem enough.
I now that earlier releases of some xtables modules required the ipv6 packages - that was fixed.

See if logread  gives you any more information of what happened when the modules were loaded.

You might try installing the latest (trunk) version and see if you have the same issues

http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/

Re: iptables versions in Backfire

It is just a matter of syntax change in the code, try:

iptables -A PREROUTING -t mangle -m layer7 --l7proto http -j TEE --gateway 192.168.1.250

Re: iptables versions in Backfire

run dmesg and see which symbols are unknown.this will help ur identify the dependant modules to be loaded.