iptables missing module - libipt_statistic.so not found?

Issues related to configuring your network
jsosic
Posts: 24
Joined: 2009/02/13 15:00:00

iptables missing module - libipt_statistic.so not found?

Post by jsosic » 2010/02/26 17:23:46

Hi.

I'm using CentOS 5.4 x86_64, and I've noticed the following error:
[code]# # iptables -A POSTROUTING -s 192.168.0.0/16 -o eth0 -m statistic --mode random --probability 0.04 -j SNAT --to-source xxx.xxx.xxx.xxx
iptables v1.3.5: Couldn't load match `statistic':/lib64/iptables/libipt_statistic.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.[/code]

As far as I can see, there is no libipt_statistic.so in /lib64/iptables:
[code]# rpm -ql iptables | grep statistic[/code]

iptables is 1.3.5, and that module was added in 1.3.6 tree. I wonder why was there no patch backported, while xt_statistic.o module is in current 2.6.18 kernel in RHEL / CentOS.

Any ideas?

michaelnel
Posts: 1478
Joined: 2006/05/29 16:50:11
Location: San Francisco, CA

iptables missing module - libipt_statistic.so not found?

Post by michaelnel » 2010/02/26 18:37:05

[quote]
jsosic wrote:
I wonder why was there no patch backported, while xt_statistic.o module is in current 2.6.18 kernel in RHEL / CentOS.

Any ideas?[/quote]

Normally they backport bug fixes and security fixes, not feature upgrades.

jsosic
Posts: 24
Joined: 2009/02/13 15:00:00

Re: iptables missing module - libipt_statistic.so not found?

Post by jsosic » 2010/02/26 19:30:13

Yes, but please note that xt_statistic Kernel module is present... Also, xt_statistic.h is present in kernel-devel package. And xt_statistic.h is MISSING from kernel-headers. It's fxxxin' disaster!!!! What's the point in having xt_statistic kernel module, if you can't use it because there is no libipt_statistic.so?!!? For me it's a bug, without any explanation that can suffice.

Anyway, I've backported it my self, so if anyone wants it, here's howto:

1. There is no xt_statistic.h in kernel-headers, so:
[code]# yum install kernel-devel kernel-headers
# cp /usr/src/kernels/2.6.18-164.11.1.el5-x86_64/include/linux/netfilter/xt_statistic.h /usr/include/linux/netfilter[/code]
2. We need new specfile and new patch for iptables RPM packages. They are available here:
http://kosjenka.srce.hr/~jsosic/CentOS/libipt_statistic/
3. Now you need to download latest iptables source RPM from CentOS mirrors, and run:
[code]# rpm2cpio iptables*rpm | cpio -idv
# unalias cp
# cp *patch iptables-1.3.5.tar.bz2 iptables.spec iptables.init /usr/src/redhat/SOURCES/[/code]
5. Modify the SPEC file (increase release, add new patch and chmod+x) or simply use spec file provided by me
6. Build the package:
[code]# rpmbuild -bb iptables.spec[/code]


Finally, you can also download my packages from SRCE:
ftp://ftp.srce.hr/srce-redhat/01-srce/el5/x86_64/

If you want to use it as a REPO, here is a repo package:
ftp://ftp.srce.hr/srce-redhat/_repos/srce-release-4-5.noarch.rpm

Note that after installing this iptables package, you can use STATISTICS match in iptables rules.

[moderator note - inappropriate word edited]

michaelnel
Posts: 1478
Joined: 2006/05/29 16:50:11
Location: San Francisco, CA

Re: iptables missing module - libipt_statistic.so not found?

Post by michaelnel » 2010/02/26 19:36:07

You probably ought to mind your mouth around these parts or the Sheriff will come by and moderate you.

jsosic
Posts: 24
Joined: 2009/02/13 15:00:00

Re: iptables missing module - libipt_statistic.so not found?

Post by jsosic » 2010/02/26 19:37:53

It's sad to see that out of all the work I've done you only see one sentence. Really really sad dude.

Also, here is a bug report: http://bugs.centos.org/view.php?id=4216

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: iptables missing module - libipt_statistic.so not found?

Post by pschaff » 2010/02/26 21:50:16

[quote]
jsosic wrote:
It's sad to see that out of all the work I've done you only see one sentence. Really really sad dude.

Also, here is a bug report: http://bugs.centos.org/view.php?id=4216[/quote]

I'm not the one who moderated you, so I don't know the word deleted, but chances are I would have done the same. Some of our members are of more delicate sensibility, and we have some who are pre-teen, so we try to keep it clean. That does not mean your very helpful and otherwise excellent posts are any less valued. :pint:

User avatar
AlanBartlett
Forum Moderator
Posts: 9345
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: iptables missing module - libipt_statistic.so not found?

Post by AlanBartlett » 2010/02/27 12:58:16

My two comments --

(1) No post in this thread has been moderated by me, either.

(2) [i]CentOS 5[/i] == [i]RHEL 5[/i] at the binary level -- [b]including[/b] bugs (true or perceived), errors and omissions. So please offer your solution upstream to [url=http://wiki.centos.org/FAQ/General?highlight=(TUV)#head-d29a2b7e61ffc544973098f9dd49fe4663efba50]TUV[/url] by means of their [url=https://bugzilla.redhat.com/frontpage.cgi]bug tracker[/url]. Once it has been accepted and incorporated into [i]RHEL 5[/i], it will also appear in [i]CentOS 5[/i].

marco114
Posts: 2
Joined: 2007/09/11 12:05:48
Contact:

Re: iptables missing module - libipt_statistic.so not found?

Post by marco114 » 2010/12/14 20:50:43

Hello, I tried to follow the instructions, but couldn't find the SRPMS for Iptables, could someone point me to it? Or provide better instructions? I'd be most greatful. I really need to get IPTables with Statistics module.

-Marc

User avatar
AlanBartlett
Forum Moderator
Posts: 9345
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: iptables missing module - libipt_statistic.so not found?

Post by AlanBartlett » 2010/12/14 22:50:19

Go to any of the public [i]CentOS[/i] mirror sites and look in the [b]5/os/SRPMS/[/b] directory. There you will find iptables-1.3.5-5.3.el5_4.1.src.rpm :-)

If you really need an explicit URL, try the [i]CentOS[/i] main mirror --

http://mirror.centos.org/centos/5/os/SRPMS/iptables-1.3.5-5.3.el5_4.1.src.rpm

marco114
Posts: 2
Joined: 2007/09/11 12:05:48
Contact:

Re: iptables missing module - libipt_statistic.so not found?

Post by marco114 » 2010/12/15 04:30:42

getting lots of errors, first of all when I tried the cp line:

cp *patch iptables-1.3.5.tar.bz2 iptables.spec iptables.init /usr/src/redhat/SOURCES/

I got this:
/usr/src/redhat/SOURCES -> directory not found

so I created it. Then I had to install rpm-build package from yum.

After installing it and running the rpmbuild command, I got errors.... (last few lines shown):

+ cp ip6tables-save ip6tables-restore iptables-save iptables-restore /var/tmp/iptables-buildroot/sbin
+ cp iptables-restore.8 iptables-save.8 /var/tmp/iptables-buildroot/usr/share/man/man8
+ mkdir -p /var/tmp/iptables-buildroot/etc/rc.d/init.d
+ install -c -m755 /usr/src/redhat/SOURCES/iptables.init /var/tmp/iptables-buildroot/etc/rc.d/init.d/iptables
+ sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g'
+ install -c -m755 ip6tables.init /var/tmp/iptables-buildroot/etc/rc.d/init.d/ip6tables
+ mkdir -p /var/tmp/iptables-buildroot/etc/sysconfig
+ install -c -m755 /usr/src/redhat/SOURCES/iptables-config /var/tmp/iptables-buildroot/etc/sysconfig/iptables-config
install: cannot stat `/usr/src/redhat/SOURCES/iptables-config': No such file or directory
error: Bad exit status from /var/tmp/rpm-tmp.87507 (%install)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.87507 (%install)

Post Reply