Couldn't load match `socket':/usr/local/lib/iptables/libipt_socket.so
Hi, i am trying to set up tproxy to use zorp. The tproxy and iptables patches were applied cleanly. I configured the kernel to include netfilter_tproxy, netfilter_xt_target_tproxy and netfilter_xt_match_socket as modules. Compile and install ran fine. But when I try the example commands from the readme I get several error messages as if tproxy is not installed at all. For example: iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 50080 --tproxy-mark 0x1/0x1 returns: iptables v1.4.0: Unknown arg `--on-port' without the port argument: iptables v1.4.0: Unknown arg `--tproxy-mark' without the tproxy-mark argument: iptables v1.4.0: Couldn't load target `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared object file: No such file or directory command: iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT returns: iptables v1.4.0: Couldn't load match `socket':/usr/local/lib/iptables/libipt_socket.so: cannot open shared object file: No such file or directory Why is it looking for libipt_TPROXY.so and libipt_socket.so? As far as I know in the newer releases there is just xt_TPROXY respectively xt_socket. My setup: Kernel: (Ubuntu) 2.6.24-16-xen, tried 2.6.24.7 from kernel.org too in case the xen patches cause the trouble tproxy: tproxy-2.6.24-20080509 iptables: 1.4.0 (from netfilter.org) tproxy-iptables-svn-r7519-20080509-165158-1210344718.patch I also tried to build tproxy into the kernel instead of using modules. Building fails in that case with the following message: net/built-in.o: In function `socket_mt': /usr/src/linux-2.6.24.7/net/netfilter/xt_socket.c:60: undefined reference to `nf_conntrack_untracked' make[2]: *** [.tmp_vmlinux1] Error 1 make[1]: *** [sub-make] Error 2 I have attached the network part of both kernel configs. I guess I must be missing something. Any help is greatly appreciated! Tim -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
Hello, Tim Feld wrote:
Hi,
i am trying to set up tproxy to use zorp. The tproxy and iptables patches were applied cleanly. I configured the kernel to include netfilter_tproxy, netfilter_xt_target_tproxy and netfilter_xt_match_socket as modules. Compile and install ran fine. But when I try the example commands from the readme I get several error messages as if tproxy is not installed at all.
For example: iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 50080 --tproxy-mark 0x1/0x1 returns: iptables v1.4.0: Unknown arg `--on-port' without the port argument: iptables v1.4.0: Unknown arg `--tproxy-mark' without the tproxy-mark argument: iptables v1.4.0: Couldn't load target `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared object file: No such file or directory
The iptables source code is changed since v1.4.0, for example it uses configure script while v1.4.0 doesn't. The patch for iptables-v1.4.0: http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-1.4.0-20080521...
command: iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT returns: iptables v1.4.0: Couldn't load match `socket':/usr/local/lib/iptables/libipt_socket.so: cannot open shared object file: No such file or directory
Why is it looking for libipt_TPROXY.so and libipt_socket.so? As far as I know in the newer releases there is just xt_TPROXY respectively xt_socket.
My setup: Kernel: (Ubuntu) 2.6.24-16-xen, tried 2.6.24.7 from kernel.org too in case the xen patches cause the trouble tproxy: tproxy-2.6.24-20080509 iptables: 1.4.0 (from netfilter.org) tproxy-iptables-svn-r7519-20080509-165158-1210344718.patch
I also tried to build tproxy into the kernel instead of using modules. Building fails in that case with the following message:
net/built-in.o: In function `socket_mt': /usr/src/linux-2.6.24.7/net/netfilter/xt_socket.c:60: undefined reference to `nf_conntrack_untracked' make[2]: *** [.tmp_vmlinux1] Error 1 make[1]: *** [sub-make] Error 2
Please answer "Netfilter connection tracking support" to "y" instead of "m" because otherwise it won't compile the needed source files. -- Panther
The iptables source code is changed since v1.4.0, for example it uses configure script while v1.4.0 doesn't.
The patch for iptables-v1.4.0: http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-1.4.0-20080521...
Excellent! Thank you very much. With the new patch it seems to work.
Please answer "Netfilter connection tracking support" to "y" instead of "m" because otherwise it won't compile the needed source files.
I figured that out a few minutes after posting the message. Obvious mistake. Thanks a lot for your quick reply. Tim -- 249 Spiele für nur 1 Preis. Die GMX Spieleflatrate schon ab 9,90 Euro. Neu: Asterix bei den Olympischen Spielen: http://flat.games.gmx.de
participants (2)
-
Laszlo Attila Toth
-
Tim Feld