iptables missing module - libipt_statistic.so not found?

Issues related to configuring your network

iptables missing module - libipt_statistic.so not found?

Postby jsosic » 2010/02/26 17:23:46

Hi.

I'm using CentOS 5.4 x86_64, and I've noticed the following error:
Code: Select all
# # iptables -A POSTROUTING -s 192.168.0.0/16 -o eth0 -m statistic --mode random --probability 0.04 -j SNAT --to-source xxx.xxx.xxx.xxx
iptables v1.3.5: Couldn't load match `statistic':/lib64/iptables/libipt_statistic.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.


As far as I can see, there is no libipt_statistic.so in /lib64/iptables:
Code: Select all
# rpm -ql iptables | grep statistic


iptables is 1.3.5, and that module was added in 1.3.6 tree. I wonder why was there no patch backported, while xt_statistic.o module is in current 2.6.18 kernel in RHEL / CentOS.

Any ideas?
jsosic
 
Posts: 23
Joined: 2009/02/13 15:00:00

iptables missing module - libipt_statistic.so not found?

Postby michaelnel » 2010/02/26 18:37:05

jsosic wrote:
I wonder why was there no patch backported, while xt_statistic.o module is in current 2.6.18 kernel in RHEL / CentOS.

Any ideas?


Normally they backport bug fixes and security fixes, not feature upgrades.
michaelnel
 
Posts: 1479
Joined: 2006/05/29 16:50:11
Location: San Francisco, CA

Re: iptables missing module - libipt_statistic.so not found?

Postby jsosic » 2010/02/26 19:30:13

Yes, but please note that xt_statistic Kernel module is present... Also, xt_statistic.h is present in kernel-devel package. And xt_statistic.h is MISSING from kernel-headers. It's fxxxin' disaster!!!! What's the point in having xt_statistic kernel module, if you can't use it because there is no libipt_statistic.so?!!? For me it's a bug, without any explanation that can suffice.

Anyway, I've backported it my self, so if anyone wants it, here's howto:

1. There is no xt_statistic.h in kernel-headers, so:
Code: Select all
# yum install kernel-devel kernel-headers
# cp /usr/src/kernels/2.6.18-164.11.1.el5-x86_64/include/linux/netfilter/xt_statistic.h /usr/include/linux/netfilter

2. We need new specfile and new patch for iptables RPM packages. They are available here:
http://kosjenka.srce.hr/~jsosic/CentOS/ ... statistic/
3. Now you need to download latest iptables source RPM from CentOS mirrors, and run:
Code: Select all
# rpm2cpio iptables*rpm | cpio -idv
# unalias cp
# cp *patch iptables-1.3.5.tar.bz2 iptables.spec iptables.init /usr/src/redhat/SOURCES/

5. Modify the SPEC file (increase release, add new patch and chmod+x) or simply use spec file provided by me
6. Build the package:
Code: Select all
# rpmbuild -bb iptables.spec



Finally, you can also download my packages from SRCE:
ftp://ftp.srce.hr/srce-redhat/01-srce/el5/x86_64/

If you want to use it as a REPO, here is a repo package:
ftp://ftp.srce.hr/srce-redhat/_repos/sr ... noarch.rpm

Note that after installing this iptables package, you can use STATISTICS match in iptables rules.

[moderator note - inappropriate word edited]
jsosic
 
Posts: 23
Joined: 2009/02/13 15:00:00

Re: iptables missing module - libipt_statistic.so not found?

Postby michaelnel » 2010/02/26 19:36:07

You probably ought to mind your mouth around these parts or the Sheriff will come by and moderate you.
michaelnel
 
Posts: 1479
Joined: 2006/05/29 16:50:11
Location: San Francisco, CA

Re: iptables missing module - libipt_statistic.so not found?

Postby jsosic » 2010/02/26 19:37:53

It's sad to see that out of all the work I've done you only see one sentence. Really really sad dude.

Also, here is a bug report: http://bugs.centos.org/view.php?id=4216
jsosic
 
Posts: 23
Joined: 2009/02/13 15:00:00

Re: iptables missing module - libipt_statistic.so not found?

Postby pschaff » 2010/02/26 21:50:16

jsosic wrote:
It's sad to see that out of all the work I've done you only see one sentence. Really really sad dude.

Also, here is a bug report: http://bugs.centos.org/view.php?id=4216


I'm not the one who moderated you, so I don't know the word deleted, but chances are I would have done the same. Some of our members are of more delicate sensibility, and we have some who are pre-teen, so we try to keep it clean. That does not mean your very helpful and otherwise excellent posts are any less valued. :pint:
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: iptables missing module - libipt_statistic.so not found?

Postby AlanBartlett » 2010/02/27 12:58:16

My two comments --

(1) No post in this thread has been moderated by me, either.

(2) CentOS 5 == RHEL 5 at the binary level -- including bugs (true or perceived), errors and omissions. So please offer your solution upstream to TUV by means of their bug tracker. Once it has been accepted and incorporated into RHEL 5, it will also appear in CentOS 5.
User avatar
AlanBartlett
Forum Moderator
 
Posts: 8975
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk

Re: iptables missing module - libipt_statistic.so not found?

Postby marco114 » 2010/12/14 20:50:43

Hello, I tried to follow the instructions, but couldn't find the SRPMS for Iptables, could someone point me to it? Or provide better instructions? I'd be most greatful. I really need to get IPTables with Statistics module.

-Marc
marco114
 
Posts: 2
Joined: 2007/09/11 12:05:48

Re: iptables missing module - libipt_statistic.so not found?

Postby AlanBartlett » 2010/12/14 22:50:19

Go to any of the public CentOS mirror sites and look in the 5/os/SRPMS/ directory. There you will find iptables-1.3.5-5.3.el5_4.1.src.rpm :-)

If you really need an explicit URL, try the CentOS main mirror --

http://mirror.centos.org/centos/5/os/SR ... .1.src.rpm
User avatar
AlanBartlett
Forum Moderator
 
Posts: 8975
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk

Re: iptables missing module - libipt_statistic.so not found?

Postby marco114 » 2010/12/15 04:30:42

getting lots of errors, first of all when I tried the cp line:

cp *patch iptables-1.3.5.tar.bz2 iptables.spec iptables.init /usr/src/redhat/SOURCES/

I got this:
/usr/src/redhat/SOURCES -> directory not found

so I created it. Then I had to install rpm-build package from yum.

After installing it and running the rpmbuild command, I got errors.... (last few lines shown):

+ cp ip6tables-save ip6tables-restore iptables-save iptables-restore /var/tmp/iptables-buildroot/sbin
+ cp iptables-restore.8 iptables-save.8 /var/tmp/iptables-buildroot/usr/share/man/man8
+ mkdir -p /var/tmp/iptables-buildroot/etc/rc.d/init.d
+ install -c -m755 /usr/src/redhat/SOURCES/iptables.init /var/tmp/iptables-buildroot/etc/rc.d/init.d/iptables
+ sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g'
+ install -c -m755 ip6tables.init /var/tmp/iptables-buildroot/etc/rc.d/init.d/ip6tables
+ mkdir -p /var/tmp/iptables-buildroot/etc/sysconfig
+ install -c -m755 /usr/src/redhat/SOURCES/iptables-config /var/tmp/iptables-buildroot/etc/sysconfig/iptables-config
install: cannot stat `/usr/src/redhat/SOURCES/iptables-config': No such file or directory
error: Bad exit status from /var/tmp/rpm-tmp.87507 (%install)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.87507 (%install)
marco114
 
Posts: 2
Joined: 2007/09/11 12:05:48

Next

Return to CentOS 5 - Networking Support

Who is online

Users browsing this forum: No registered users and 0 guests