Done. 
Iptables on Openpli
Started by christophe_dury, 08 Feb 2016 08:52
53 replies to this topic
Re: Iptables on Openpli #41
-
- PLi® Core member
- 70,542 posts
+1,812
Excellent
Posted 1 March 2016 - 22:51
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: Iptables on Openpli #42
-
- Senior Member
- 68 posts
+1
Neutral
Posted 1 March 2016 - 23:00
What does this give you?
iptables -L
andlsmod|grep tables
root@vusolo2:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
root@vusolo2:~# lsmod|grep tables ip_tables 11433 1 iptable_filter x_tables 14584 2 ip_tables,iptable_filter
TechniSat Multytenne Twin: 19,2°E | 13,0°E | 23,5°E | 28,2°E -> OpenPLi4.0@vusolo2
Multifeed Offset: 19,2°E | 13,0°E | 4,8°E | 5,0°W -> OpenPLi4.0@dm800se + OpenPLi4.0@vuzero
Re: Iptables on Openpli #43
-
- PLi® Core member
- 70,542 posts
+1,812
Excellent
Posted 1 March 2016 - 23:07
So the modules are loaded correctly, and the chains are present.
I think the problem is the port filter, on your last command, that requires nf_conntrack, which isn't available and/or loaded. So you need to address that.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: Iptables on Openpli #44
-
- Senior Member
- 68 posts
+1
Neutral
Posted 1 March 2016 - 23:15
Can you show me an example?
TechniSat Multytenne Twin: 19,2°E | 13,0°E | 23,5°E | 28,2°E -> OpenPLi4.0@vusolo2
Multifeed Offset: 19,2°E | 13,0°E | 4,8°E | 5,0°W -> OpenPLi4.0@dm800se + OpenPLi4.0@vuzero
Re: Iptables on Openpli #45
-
- PLi® Core member
- 70,542 posts
+1,812
Excellent
Posted 2 March 2016 - 12:52
Of what? You're missing the nf_conntrack kernel module.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: Iptables on Openpli #46
-
- Senior Member
- 68 posts
+1
Neutral
Posted 3 March 2016 - 21:39
I found the missing nf_conntrack kernel module in the kernel config tool and activated it.
The next build is running. Hopefully it will work now. We will see it in the next hour.
I attached my new vusolo2_defconfig.
Attached Files
-
vusolo2_defconfig.txt 78.31KB
4 downloads
TechniSat Multytenne Twin: 19,2°E | 13,0°E | 23,5°E | 28,2°E -> OpenPLi4.0@vusolo2
Multifeed Offset: 19,2°E | 13,0°E | 4,8°E | 5,0°W -> OpenPLi4.0@dm800se + OpenPLi4.0@vuzero
Re: Iptables on Openpli #47
-
- Senior Member
- 68 posts
+1
Neutral
Posted 3 March 2016 - 22:24
root@vusolo2:/media/hdd/ipk/mips32el# opkg install iptables Installing iptables (1.4.21-r0) on root. Downloading file://media/hdd/ipk/mips32el/iptables_1.4.21-r0_mips32el.ipk. iptables: unsatisfied recommendation for kernel-module-nf-defrag-ipv4 iptables: unsatisfied recommendation for kernel-module-ipt-masquerade iptables: unsatisfied recommendation for kernel-module-nf-nat iptables: unsatisfied recommendation for kernel-module-nf-conntrack-ipv4 iptables: unsatisfied recommendation for kernel-module-iptable-nat Installing kernel-module-nf-conntrack (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-nf-conntrack_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-x-tables (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-x-tables_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-ip-tables (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-ip-tables_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-iptable-filter (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-iptable-filter_3.13.5-r2.4.4_vusolo2.ipk. Configuring kernel-module-nf-conntrack. Configuring kernel-module-x-tables. Configuring kernel-module-ip-tables. Configuring kernel-module-iptable-filter. Configuring iptables. root@vusolo2:/media/hdd/ipk/mips32el#
nf-conntrack is now present but die command is still not working. 
Next test will be this weekend.
TechniSat Multytenne Twin: 19,2°E | 13,0°E | 23,5°E | 28,2°E -> OpenPLi4.0@vusolo2
Multifeed Offset: 19,2°E | 13,0°E | 4,8°E | 5,0°W -> OpenPLi4.0@dm800se + OpenPLi4.0@vuzero
Re: Iptables on Openpli #48
-
- Senior Member
- 68 posts
+1
Neutral
Posted 6 March 2016 - 21:42
My new build contains all needed kernel-modules.
root@vusolo2:~# opkg install iptables Installing iptables (1.4.21-r0) on root. Downloading file://media/hdd/ipk/mips32el/iptables_1.4.21-r0_mips32el.ipk. Installing kernel-module-nf-defrag-ipv4 (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-nf-defrag-ipv4_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-nf-conntrack (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-nf-conntrack_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-ipt-masquerade (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-ipt-masquerade_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-nf-nat (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-nf-nat_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-x-tables (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-x-tables_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-nf-conntrack-ipv4 (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-nf-conntrack-ipv4_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-iptable-nat (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-iptable-nat_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-nf-nat-ipv4 (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-nf-nat-ipv4_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-ip-tables (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-ip-tables_3.13.5-r2.4.4_vusolo2.ipk. Installing kernel-module-iptable-filter (3.13.5-r2.4.4) on root. Downloading file://media/hdd/ipk/vusolo2/kernel-module-iptable-filter_3.13.5-r2.4.4_vusolo2.ipk. Configuring kernel-module-nf-conntrack. Configuring kernel-module-x-tables. Configuring kernel-module-ip-tables. Configuring kernel-module-nf-defrag-ipv4. Configuring kernel-module-nf-conntrack-ipv4. Configuring kernel-module-nf-nat. Configuring kernel-module-ipt-masquerade. Configuring kernel-module-nf-nat-ipv4. Configuring kernel-module-iptable-nat. Configuring kernel-module-iptable-filter. Configuring iptables. root@vusolo2:~#
But the following command is still not working.
root@vusolo2:~# iptables -A INPUT -i eth0 -p tcp --dport 21 -j ACCEPT iptables: No chain/target/match by that name.
TechniSat Multytenne Twin: 19,2°E | 13,0°E | 23,5°E | 28,2°E -> OpenPLi4.0@vusolo2
Multifeed Offset: 19,2°E | 13,0°E | 4,8°E | 5,0°W -> OpenPLi4.0@dm800se + OpenPLi4.0@vuzero
Re: Iptables on Openpli #49
-
- Senior Member
- 68 posts
+1
Neutral
Posted 6 March 2016 - 22:06
Here is my vusolo2_defconfig if somebody is interested. I will stop the test now.
Attached Files
-
vusolo2_defconfig.txt 78.95KB
14 downloads
TechniSat Multytenne Twin: 19,2°E | 13,0°E | 23,5°E | 28,2°E -> OpenPLi4.0@vusolo2
Multifeed Offset: 19,2°E | 13,0°E | 4,8°E | 5,0°W -> OpenPLi4.0@dm800se + OpenPLi4.0@vuzero
Re: Iptables on Openpli #50
-
- PLi® Core member
- 70,542 posts
+1,812
Excellent
Posted 7 March 2016 - 11:57
Ok. Next one I'm missing is ipt_state, which is needed to track port connections.
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: Iptables on Openpli #51
-
- Senior Member
- 68 posts
+1
Neutral
Posted 8 March 2016 - 21:41
ipt_state is not available in the defconfig.
TechniSat Multytenne Twin: 19,2°E | 13,0°E | 23,5°E | 28,2°E -> OpenPLi4.0@vusolo2
Multifeed Offset: 19,2°E | 13,0°E | 4,8°E | 5,0°W -> OpenPLi4.0@dm800se + OpenPLi4.0@vuzero
Re: Iptables on Openpli #52
-
- PLi® Core member
- 7,185 posts
+323
Excellent
Posted 8 March 2016 - 22:40
Try to add it (Google for the right syntax). Sometimes the defconfig in the git shows not all available options.
Xtrend ET-9200, ET-8000, ET-10000, OpenPliPC on Ubuntu 12.04
Re: Iptables on Openpli #53
-
- Senior Member
- 68 posts
+1
Neutral
Posted 28 March 2016 - 09:50
Google was not my friend. Can someone post the syntax for ipt_state and some more ipt_* packages?
Maybe the next build will be successful.
TechniSat Multytenne Twin: 19,2°E | 13,0°E | 23,5°E | 28,2°E -> OpenPLi4.0@vusolo2
Multifeed Offset: 19,2°E | 13,0°E | 4,8°E | 5,0°W -> OpenPLi4.0@dm800se + OpenPLi4.0@vuzero
Re: Iptables on Openpli #54
-
- Senior Member
- 228 posts
0
Neutral
Posted 22 November 2016 - 16:29
I'm late 
Something like
CONFIG_NETFILTER_XT_MATCH_STATE
still present in defconfig
4 user(s) are reading this topic
0 members, 4 guests, 0 anonymous users
