免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
12下一页
最近访问板块 发新帖
查看: 7279 | 回复: 18

[网络管理] centos添加iptables 模块的问题 多次尝试没有解决,请大家帮忙 谢谢! [复制链接]

论坛徽章:
0
发表于 2009-12-03 00:09 |显示全部楼层
出现如下问题:提示iptables的源码解压出来的文件为非源码,通过www.net*.org下载
[root@test patch-o-matic-ng-20091201]# ./runme --download
Successfully downloaded external patch geoip
Successfully downloaded external patch condition
Successfully downloaded external patch IPMARK
Successfully downloaded external patch ROUTE
Successfully downloaded external patch connlimit
Successfully downloaded external patch ipp2p
Successfully downloaded external patch time
Successfully downloaded external patch ipv4options
Successfully downloaded external patch TARPIT
Successfully downloaded external patch ACCOUNT
Successfully downloaded external patch pknock
/usr/src/iptables-1.4.5 doesn't look like a iptables source code directory to me.
后来认为可能是iptables没有configure导致,configure以后,这个问题没有了,但是后来安装iptables出现如下问题:

make BINDIR=/sbin LIBDIR=/lib MANDIR=/usr/share/man install
提示以下错误,提示没有ipt_connlimit.h,这个文件在论坛的文章中没有提到,我在包中也没找到,不知道该怎么往下继续了
麻烦各位指点一下 谢谢!
libipt_connlimit.c:10:48: warning: linux/netfilter_ipv4/ipt_connlimit.h: No such file or directory
libipt_connlimit.c: In function `parse':
libipt_connlimit.c:42: error: dereferencing pointer to incomplete type
libipt_connlimit.c:47: warning: implicit declaration of function `check_inverse'
libipt_connlimit.c:48: error: dereferencing pointer to incomplete type
libipt_connlimit.c:49: error: dereferencing pointer to incomplete type
libipt_connlimit.c:56: warning: implicit declaration of function `exit_error'
libipt_connlimit.c:60: error: dereferencing pointer to incomplete type
libipt_connlimit.c:62: error: dereferencing pointer to incomplete type
libipt_connlimit.c: In function `final_check':
libipt_connlimit.c:56: warning: redundant redeclaration of 'exit_error'
libipt_connlimit.c:56: warning: previous implicit declaration of 'exit_error' was here
libipt_connlimit.c: In function `print':
libipt_connlimit.c:103: error: dereferencing pointer to incomplete type
libipt_connlimit.c:104: error: dereferencing pointer to incomplete type
libipt_connlimit.c:104: error: dereferencing pointer to incomplete type
libipt_connlimit.c: In function `save':
libipt_connlimit.c:112: error: dereferencing pointer to incomplete type
libipt_connlimit.c:112: error: dereferencing pointer to incomplete type
libipt_connlimit.c:113: error: dereferencing pointer to incomplete type
libipt_connlimit.c: At top level:
libipt_connlimit.c:116: error: variable `connlimit' has initializer but incomplete type
libipt_connlimit.c:117: error: unknown field `name' specified in initializer
libipt_connlimit.c:117: warning: excess elements in struct initializer
libipt_connlimit.c:117: warning: (near initialization for `connlimit')
libipt_connlimit.c:118: error: unknown field `version' specified in initializer
libipt_connlimit.c:118: warning: excess elements in struct initializer
libipt_connlimit.c:118: warning: (near initialization for `connlimit')
libipt_connlimit.c:119: error: unknown field `size' specified in initializer
libipt_connlimit.c:119: error: invalid application of `sizeof' to incomplete type `ipt_connlimit_info'
libipt_connlimit.c:119: warning: excess elements in struct initializer
libipt_connlimit.c:119: warning: (near initialization for `connlimit')
libipt_connlimit.c:120: error: unknown field `userspacesize' specified in initializer
libipt_connlimit.c:120: error: dereferencing pointer to incomplete type
libipt_connlimit.c:120: warning: excess elements in struct initializer
libipt_connlimit.c:120: warning: (near initialization for `connlimit')
libipt_connlimit.c:121: error: unknown field `help' specified in initializer
libipt_connlimit.c:121: warning: excess elements in struct initializer
libipt_connlimit.c:121: warning: (near initialization for `connlimit')
libipt_connlimit.c:122: error: unknown field `parse' specified in initializer
libipt_connlimit.c:122: warning: excess elements in struct initializer
libipt_connlimit.c:122: warning: (near initialization for `connlimit')
libipt_connlimit.c:123: error: unknown field `final_check' specified in initializer
libipt_connlimit.c:123: warning: excess elements in struct initializer
libipt_connlimit.c:123: warning: (near initialization for `connlimit')
libipt_connlimit.c:124: error: unknown field `print' specified in initializer
libipt_connlimit.c:124: warning: excess elements in struct initializer
libipt_connlimit.c:124: warning: (near initialization for `connlimit')
libipt_connlimit.c:125: error: unknown field `save' specified in initializer
libipt_connlimit.c:125: warning: excess elements in struct initializer
libipt_connlimit.c:125: warning: (near initialization for `connlimit')
libipt_connlimit.c:126: error: unknown field `extra_opts' specified in initializer
libipt_connlimit.c:127: warning: excess elements in struct initializer
libipt_connlimit.c:127: warning: (near initialization for `connlimit')
libipt_connlimit.c: In function `libipt_connlimit_init':
libipt_connlimit.c:131: warning: implicit declaration of function `register_match'
libipt_connlimit.c: At top level:
libipt_connlimit.c:116: error: storage size of `connlimit' isn't known
make[1]: *** [libipt_connlimit.oo] Error 1
make[1]: Leaving directory `/usr/src/iptables-1.4.5/extensions'
make: *** [install-recursive] Error 1

论坛徽章:
0
发表于 2009-12-03 10:38 |显示全部楼层
是不是说的不够详细啊?
Centos 4.3下,iptables 1.4.5,最新的path*,

论坛徽章:
0
发表于 2009-12-03 11:05 |显示全部楼层
没明白,说的不详细

论坛徽章:
0
发表于 2009-12-03 13:35 |显示全部楼层

回复 #3 skyadmin 的帖子

Centos 4.3 编译iptables模块 出现错误,内核版本2.6.9.34,
操作过程如下:
rpm -ivh ker*.src.rpm
rpmbuild -bp --target=i686 kernel-2.6.spec
cp -a /usr/src/redhat/BUILD/kernel-2.6.9/linux-2.6.9 /usr/src
vi Makefile
该成EXTRAVERSION = -34.EL
make mrproper
make menuconfig
cd /usr/src/iptables-1.4.5
./configure
cd  /usr/src/patch-o-matic-ng
./runme --download
./runme connlimitd
make modules_prepare
make M=net/ipv4/netfilter

cp -f /usr/src/linux-2.6.9/net/ipv4/netfilter/*.ko /lib/modules/2.6.9-42.EL/kernel/net/ipv4/netfilter/
chmod +x /lib/modules/2.6.9-42.EL/kernel/net/ipv4/netfilter/*.ko
depmod -a

cd /usr/src/iptables-1.4.5
# export KERNEL_DIR=/usr/src/linux-2.6.9
# export IPTABLES_DIR=/usr/src/iptables-1.4.5
make BINDIR=/sbin LIBDIR=/lib MANDIR=/usr/share/man install

出现错误:

libipt_connlimit.c:10:48: warning: linux/netfilter_ipv4/ipt_connlimit.h: No such file or directory
libipt_connlimit.c: In function `parse':
libipt_connlimit.c:42: error: dereferencing pointer to incomplete type
libipt_connlimit.c:47: warning: implicit declaration of function `check_inverse'
libipt_connlimit.c:48: error: dereferencing pointer to incomplete type
libipt_connlimit.c:49: error: dereferencing pointer to incomplete type
libipt_connlimit.c:56: warning: implicit declaration of function `exit_error'
libipt_connlimit.c:60: error: dereferencing pointer to incomplete type
libipt_connlimit.c:62: error: dereferencing pointer to incomplete type
libipt_connlimit.c: In function `final_check':
libipt_connlimit.c:56: warning: redundant redeclaration of 'exit_error'
libipt_connlimit.c:56: warning: previous implicit declaration of 'exit_error' was here
libipt_connlimit.c: In function `print':
libipt_connlimit.c:103: error: dereferencing pointer to incomplete type
libipt_connlimit.c:104: error: dereferencing pointer to incomplete type
libipt_connlimit.c:104: error: dereferencing pointer to incomplete type
libipt_connlimit.c: In function `save':
libipt_connlimit.c:112: error: dereferencing pointer to incomplete type
libipt_connlimit.c:112: error: dereferencing pointer to incomplete type
libipt_connlimit.c:113: error: dereferencing pointer to incomplete type
libipt_connlimit.c: At top level:
libipt_connlimit.c:116: error: variable `connlimit' has initializer but incomplete type
libipt_connlimit.c:117: error: unknown field `name' specified in initializer
libipt_connlimit.c:117: warning: excess elements in struct initializer
libipt_connlimit.c:117: warning: (near initialization for `connlimit')
libipt_connlimit.c:118: error: unknown field `version' specified in initializer
libipt_connlimit.c:118: warning: excess elements in struct initializer
libipt_connlimit.c:118: warning: (near initialization for `connlimit')
libipt_connlimit.c:119: error: unknown field `size' specified in initializer
libipt_connlimit.c:119: error: invalid application of `sizeof' to incomplete type `ipt_connlimit_info'
libipt_connlimit.c:119: warning: excess elements in struct initializer
libipt_connlimit.c:119: warning: (near initialization for `connlimit')
libipt_connlimit.c:120: error: unknown field `userspacesize' specified

论坛徽章:
0
发表于 2009-12-03 15:04 |显示全部楼层
版主呢?帮帮忙!

论坛徽章:
0
发表于 2009-12-07 23:31 |显示全部楼层
找到原因了,iptables1.4.5 没有使用 /usr/src/linux/include/linux/netfilter_ipv4/下的ipp2p文件,使用的是本身目录中include文件
初学 希望大家多指点!
现在碰见一下问题,请大家指点
谢谢各位
[root@wallace iptables]# iptables -V
iptables v1.4.5
[root@wallace iptables]#  man iptables
Formatting page, please wait...
确认包含了ipp2p模块

[root@wallace iptables]# iptables -A INPUT -m ipp2p --
/usr/local/libexec/xtables/libipt_ipp2p.so: /usr/local/libexec/xtables/libipt_ipp2p.so: undefined symbol: exit_error
iptables v1.4.5: Couldn't load match `ipp2p'null)

Try `iptables -h' or 'iptables --help' for more information.

论坛徽章:
0
发表于 2009-12-08 00:01 |显示全部楼层
把 li*ipp2p.c 裡頭的 exit_error 都改成 xtables_error, 然後再重新编译后解决了,碰见新的问题了。
[root@wallace netfilter]# ls
arptable_filter.ko  ip_queue.ko        iptable_raw.ko   ipt_ah.ko   ipt_ipp2p.ko   ipt_REJECT.ko  ipt_ULOG.ko
arp_tables.ko       iptable_filter.ko  ip_tables.ko     ipt_ecn.ko  ipt_LOG.ko     ipt_ttl.ko
arpt_mangle.ko      iptable_mangle.ko  ipt_addrtype.ko  ipt_ECN.ko  ipt_recent.ko  ipt_TTL.ko
[root@wallace netfilter]# pwd
/lib/modules/2.6.27/kernel/net/ipv4/netfilter

[root@wallace iptables]# iptables -A OUTPUT -m ipp2p --edk -j DROP
iptables: No chain/target/match by that name.

[root@wallace iptables]# iptables -A INPUT -p tcp --dport 1111 -j DROP

[root@wallace iptables]# iptables -A OUTPUT -p tcp -m connlimit --connlimit-above 10 -j DROP
iptables: No chain/target/match by that name.

[ 本帖最后由 fangjiafu 于 2009-12-8 00:10 编辑 ]

论坛徽章:
0
发表于 2009-12-08 16:38 |显示全部楼层
白金版主 帮帮忙 非常感谢!

论坛徽章:
0
发表于 2009-12-08 16:46 |显示全部楼层
先看一下 lsmod,是否看到加载了 ipp2p 及 connlimit 内核模块
然后你要弄清楚自己的 iptables 所用的 lib 库的路径,确认一下编译好的 ipp2p.so 和 connlimit.so 是否在那个目录下
因为默认是在 /lib/iptables 里(高版本是 /lib/xtables),而你上面的错误提示显示是在 /usr/local/libexec/xtables

论坛徽章:
0
发表于 2009-12-08 16:51 |显示全部楼层

回复 #9 platinum 的帖子

1.4.5的iptables 安装在 /usr/local下面了! 我再重新编译一遍,把整个过程发上来!

谢谢!
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP