centos添加iptables 模块的问题 多次尝试没有解决，请大家帮忙 谢谢！

fangjiafu

出现如下问题：提示iptables的源码解压出来的文件为非源码，通过www.net*.org下载
[root@test patch-o-matic-ng-20091201]# ./runme --download
Successfully downloaded external patch geoip
Successfully downloaded external patch condition
Successfully downloaded external patch IPMARK
Successfully downloaded external patch ROUTE
Successfully downloaded external patch connlimit
Successfully downloaded external patch ipp2p
Successfully downloaded external patch time
Successfully downloaded external patch ipv4options
Successfully downloaded external patch TARPIT
Successfully downloaded external patch ACCOUNT
Successfully downloaded external patch pknock
/usr/src/iptables-1.4.5 doesn't look like a iptables source code directory to me.
后来认为可能是iptables没有configure导致，configure以后，这个问题没有了，但是后来安装iptables出现如下问题：

make BINDIR=/sbin LIBDIR=/lib MANDIR=/usr/share/man install
提示以下错误，提示没有ipt_connlimit.h，这个文件在论坛的文章中没有提到，我在包中也没找到，不知道该怎么往下继续了
麻烦各位指点一下 谢谢！
libipt_connlimit.c:10:48: warning: linux/netfilter_ipv4/ipt_connlimit.h: No such file or directory
libipt_connlimit.c: In function `parse':
libipt_connlimit.c:42: error: dereferencing pointer to incomplete type
libipt_connlimit.c:47: warning: implicit declaration of function `check_inverse'
libipt_connlimit.c:48: error: dereferencing pointer to incomplete type
libipt_connlimit.c:49: error: dereferencing pointer to incomplete type
libipt_connlimit.c:56: warning: implicit declaration of function `exit_error'
libipt_connlimit.c:60: error: dereferencing pointer to incomplete type
libipt_connlimit.c:62: error: dereferencing pointer to incomplete type
libipt_connlimit.c: In function `final_check':
libipt_connlimit.c:56: warning: redundant redeclaration of 'exit_error'
libipt_connlimit.c:56: warning: previous implicit declaration of 'exit_error' was here
libipt_connlimit.c: In function `print':
libipt_connlimit.c:103: error: dereferencing pointer to incomplete type
libipt_connlimit.c:104: error: dereferencing pointer to incomplete type
libipt_connlimit.c:104: error: dereferencing pointer to incomplete type
libipt_connlimit.c: In function `save':
libipt_connlimit.c:112: error: dereferencing pointer to incomplete type
libipt_connlimit.c:112: error: dereferencing pointer to incomplete type
libipt_connlimit.c:113: error: dereferencing pointer to incomplete type
libipt_connlimit.c: At top level:
libipt_connlimit.c:116: error: variable `connlimit' has initializer but incomplete type
libipt_connlimit.c:117: error: unknown field `name' specified in initializer
libipt_connlimit.c:117: warning: excess elements in struct initializer
libipt_connlimit.c:117: warning: (near initialization for `connlimit')
libipt_connlimit.c:118: error: unknown field `version' specified in initializer
libipt_connlimit.c:118: warning: excess elements in struct initializer
libipt_connlimit.c:118: warning: (near initialization for `connlimit')
libipt_connlimit.c:119: error: unknown field `size' specified in initializer
libipt_connlimit.c:119: error: invalid application of `sizeof' to incomplete type `ipt_connlimit_info'
libipt_connlimit.c:119: warning: excess elements in struct initializer
libipt_connlimit.c:119: warning: (near initialization for `connlimit')
libipt_connlimit.c:120: error: unknown field `userspacesize' specified in initializer
libipt_connlimit.c:120: error: dereferencing pointer to incomplete type
libipt_connlimit.c:120: warning: excess elements in struct initializer
libipt_connlimit.c:120: warning: (near initialization for `connlimit')
libipt_connlimit.c:121: error: unknown field `help' specified in initializer
libipt_connlimit.c:121: warning: excess elements in struct initializer
libipt_connlimit.c:121: warning: (near initialization for `connlimit')
libipt_connlimit.c:122: error: unknown field `parse' specified in initializer
libipt_connlimit.c:122: warning: excess elements in struct initializer
libipt_connlimit.c:122: warning: (near initialization for `connlimit')
libipt_connlimit.c:123: error: unknown field `final_check' specified in initializer
libipt_connlimit.c:123: warning: excess elements in struct initializer
libipt_connlimit.c:123: warning: (near initialization for `connlimit')
libipt_connlimit.c:124: error: unknown field `print' specified in initializer
libipt_connlimit.c:124: warning: excess elements in struct initializer
libipt_connlimit.c:124: warning: (near initialization for `connlimit')
libipt_connlimit.c:125: error: unknown field `save' specified in initializer
libipt_connlimit.c:125: warning: excess elements in struct initializer
libipt_connlimit.c:125: warning: (near initialization for `connlimit')
libipt_connlimit.c:126: error: unknown field `extra_opts' specified in initializer
libipt_connlimit.c:127: warning: excess elements in struct initializer
libipt_connlimit.c:127: warning: (near initialization for `connlimit')
libipt_connlimit.c: In function `libipt_connlimit_init':
libipt_connlimit.c:131: warning: implicit declaration of function `register_match'
libipt_connlimit.c: At top level:
libipt_connlimit.c:116: error: storage size of `connlimit' isn't known
make[1]: *** [libipt_connlimit.oo] Error 1
make[1]: Leaving directory `/usr/src/iptables-1.4.5/extensions'
make: *** [install-recursive] Error 1

fangjiafu

是不是说的不够详细啊？
Centos 4.3下，iptables 1.4.5，最新的path*，

skyadmin

没明白，说的不详细

fangjiafu

Centos 4.3 编译iptables模块 出现错误，内核版本2.6.9.34，
操作过程如下：
rpm -ivh ker*.src.rpm
rpmbuild -bp --target=i686 kernel-2.6.spec
cp -a /usr/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9 /usr/src
vi Makefile
该成EXTRAVERSION = -34.EL
make mrproper
make menuconfig
cd /usr/src/iptables-1.4.5
./configure
cd  /usr/src/patch-o-matic-ng
./runme --download
./runme connlimitd
make modules_prepare
make M=net/ipv4/netfilter

cp -f /usr/src/linux-2.6.9/net/ipv4/netfilter/*.ko /lib/modules/2.6.9-42.EL/kernel/net/ipv4/netfilter/
chmod +x /lib/modules/2.6.9-42.EL/kernel/net/ipv4/netfilter/*.ko
depmod -a

cd /usr/src/iptables-1.4.5
# export KERNEL_DIR=/usr/src/linux-2.6.9
# export IPTABLES_DIR=/usr/src/iptables-1.4.5
make BINDIR=/sbin LIBDIR=/lib MANDIR=/usr/share/man install

出现错误：

libipt_connlimit.c:10:48: warning: linux/netfilter_ipv4/ipt_connlimit.h: No such file or directory
libipt_connlimit.c: In function `parse':
libipt_connlimit.c:42: error: dereferencing pointer to incomplete type
libipt_connlimit.c:47: warning: implicit declaration of function `check_inverse'
libipt_connlimit.c:48: error: dereferencing pointer to incomplete type
libipt_connlimit.c:49: error: dereferencing pointer to incomplete type
libipt_connlimit.c:56: warning: implicit declaration of function `exit_error'
libipt_connlimit.c:60: error: dereferencing pointer to incomplete type
libipt_connlimit.c:62: error: dereferencing pointer to incomplete type
libipt_connlimit.c: In function `final_check':
libipt_connlimit.c:56: warning: redundant redeclaration of 'exit_error'
libipt_connlimit.c:56: warning: previous implicit declaration of 'exit_error' was here
libipt_connlimit.c: In function `print':
libipt_connlimit.c:103: error: dereferencing pointer to incomplete type
libipt_connlimit.c:104: error: dereferencing pointer to incomplete type
libipt_connlimit.c:104: error: dereferencing pointer to incomplete type
libipt_connlimit.c: In function `save':
libipt_connlimit.c:112: error: dereferencing pointer to incomplete type
libipt_connlimit.c:112: error: dereferencing pointer to incomplete type
libipt_connlimit.c:113: error: dereferencing pointer to incomplete type
libipt_connlimit.c: At top level:
libipt_connlimit.c:116: error: variable `connlimit' has initializer but incomplete type
libipt_connlimit.c:117: error: unknown field `name' specified in initializer
libipt_connlimit.c:117: warning: excess elements in struct initializer
libipt_connlimit.c:117: warning: (near initialization for `connlimit')
libipt_connlimit.c:118: error: unknown field `version' specified in initializer
libipt_connlimit.c:118: warning: excess elements in struct initializer
libipt_connlimit.c:118: warning: (near initialization for `connlimit')
libipt_connlimit.c:119: error: unknown field `size' specified in initializer
libipt_connlimit.c:119: error: invalid application of `sizeof' to incomplete type `ipt_connlimit_info'
libipt_connlimit.c:119: warning: excess elements in struct initializer
libipt_connlimit.c:119: warning: (near initialization for `connlimit')
libipt_connlimit.c:120: error: unknown field `userspacesize' specified

fangjiafu

版主呢？帮帮忙！

fangjiafu

找到原因了，iptables1.4.5 没有使用 /usr/src/linux/include/linux/netfilter_ipv4/下的ipp2p文件，使用的是本身目录中include文件
初学 希望大家多指点！
现在碰见一下问题，请大家指点
谢谢各位
[root@wallace iptables]# iptables -V
iptables v1.4.5
[root@wallace iptables]#  man iptables
Formatting page, please wait...
确认包含了ipp2p模块

[root@wallace iptables]# iptables -A INPUT -m ipp2p --
/usr/local/libexec/xtables/libipt_ipp2p.so: /usr/local/libexec/xtables/libipt_ipp2p.so: undefined symbol: exit_error
iptables v1.4.5: Couldn't load match `ipp2p'null)

Try `iptables -h' or 'iptables --help' for more information.

fangjiafu

把 li*ipp2p.c 裡頭的 exit_error 都改成 xtables_error, 然後再重新编译后解决了，碰见新的问题了。
[root@wallace netfilter]# ls
arptable_filter.ko  ip_queue.ko        iptable_raw.ko   ipt_ah.ko   ipt_ipp2p.ko   ipt_REJECT.ko  ipt_ULOG.ko
arp_tables.ko       iptable_filter.ko  ip_tables.ko     ipt_ecn.ko  ipt_LOG.ko     ipt_ttl.ko
arpt_mangle.ko      iptable_mangle.ko  ipt_addrtype.ko  ipt_ECN.ko  ipt_recent.ko  ipt_TTL.ko
[root@wallace netfilter]# pwd
/lib/modules/2.6.27/kernel/net/ipv4/netfilter

[root@wallace iptables]# iptables -A OUTPUT -m ipp2p --edk -j DROP
iptables: No chain/target/match by that name.

[root@wallace iptables]# iptables -A INPUT -p tcp --dport 1111 -j DROP

[root@wallace iptables]# iptables -A OUTPUT -p tcp -m connlimit --connlimit-above 10 -j DROP
iptables: No chain/target/match by that name.

[ 本帖最后由 fangjiafu 于 2009-12-8 00:10 编辑 ]

fangjiafu

白金版主 帮帮忙 非常感谢！

platinum

先看一下 lsmod，是否看到加载了 ipp2p 及 connlimit 内核模块
然后你要弄清楚自己的 iptables 所用的 lib 库的路径，确认一下编译好的 ipp2p.so 和 connlimit.so 是否在那个目录下
因为默认是在 /lib/iptables 里（高版本是 /lib/xtables），而你上面的错误提示显示是在 /usr/local/libexec/xtables

fangjiafu

1.4.5的iptables 安装在 /usr/local下面了！ 我再重新编译一遍，把整个过程发上来！

谢谢！