[tproxy] Couldn't load match `socket':/usr/local/lib/iptables/libipt_socket.so

Laszlo Attila Toth panther at balabit.hu
Wed May 21 11:45:49 CEST 2008 

Hello,

Tim Feld wrote:
> Hi,
> 
> i am trying to set up tproxy to use zorp. The tproxy and iptables patches were applied cleanly. I configured the kernel to include netfilter_tproxy, netfilter_xt_target_tproxy and netfilter_xt_match_socket as modules. Compile and install ran fine. 
> But when I try the example commands from the readme I get several error messages as if tproxy is not installed at all. 
> 
> For example: iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 50080 --tproxy-mark 0x1/0x1
> returns: iptables v1.4.0: Unknown arg `--on-port'
> without the port argument: iptables v1.4.0: Unknown arg `--tproxy-mark'
> without the tproxy-mark argument: iptables v1.4.0: Couldn't load target `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared object file: No such file or directory

The iptables source code is changed since v1.4.0, for example it uses 
configure script while v1.4.0 doesn't.

The patch for iptables-v1.4.0:
http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-1.4.0-20080521-113954-1211362794.patch

> 
> command: iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> returns: iptables v1.4.0: Couldn't load match `socket':/usr/local/lib/iptables/libipt_socket.so: cannot open shared object file: No such file or directory
> 
> Why is it looking for libipt_TPROXY.so and libipt_socket.so? As far as I know in the newer releases there is just xt_TPROXY respectively xt_socket.
> 
> My setup:
> Kernel: (Ubuntu) 2.6.24-16-xen, tried 2.6.24.7 from kernel.org too in case the xen patches cause the trouble
> tproxy: tproxy-2.6.24-20080509
> iptables: 1.4.0 (from netfilter.org)
> tproxy-iptables-svn-r7519-20080509-165158-1210344718.patch 
> 
> I also tried to build tproxy into the kernel instead of using modules. Building fails in that case with the following message:
> 
> net/built-in.o: In function `socket_mt':
> /usr/src/linux-2.6.24.7/net/netfilter/xt_socket.c:60: undefined reference to `nf_conntrack_untracked'
> make[2]: *** [.tmp_vmlinux1] Error 1
> make[1]: *** [sub-make] Error 2

Please answer "Netfilter connection tracking support" to "y" instead of 
"m" because otherwise it won't compile the needed source files.


-- 
Panther

More information about the tproxy mailing list