I get the following message when starting up Bastille and when I try to set up my own rules by working with IPTables directly...

iptables v1.2.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.5: can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
modprobe: Can't locate module ip_conntrack
modprobe: Can't locate module ip_conntrack_ftp
modprobe: Can't locate module ipt_LOG
Setting up IP spoofing protection... done.
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
Allowing traffic from trusted interfaces... done.
iptables: No chain/target/match by that name
Setting up chains for public/internal interface traffic... done.
Setting up general rules...iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
done.

Any ideas on why this is happening? The server is running the latest kernal (2.4.19) and the latest version of IPTables (1.2.5).

EDIT: I just realized this question is more suited for the Security forum. Could someone move it for me even though the server has cPanel? Sorry for the mistake.

Thanks,
Scott:(

type iptables -L -n ...does it give you any output (hopefully a couple of blank tables)...if it doesn't..then you need insmod your iptables...

service ipchains stop
rmmod ipchains (just to be sure)
insmod ip_tables


hopefully that will help

Here's what I get when I try and stop IPChains...

Flushing all chains: ipchains: Incompatible with this kernel
[FAILED]
Removing user defined chains: ipchains: Incompatible with this kernel
[FAILED]
Resetting built-in chains to the default ACCEPT policy:ipchains: Protocol not available
[FAILED]

iptables -L -n returns:

Chain INPUT (policy DROP)
target prot opt source destination
DROP all -f 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2082
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2083
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2086
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2087
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2096
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7786
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6666

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Any ideas? HELP!


Thanks again,
Scott

Then your iptables is working..the error is coming from your bastille configuration.

I found something interesting:

i did cat /proc/net/ip_tables_names and only Filter was listed. Do I need to recompile the kernal to get the missing tables added? If yes, is there a how-to?

iptables has multiple modules that you can OPTIONALLY use, for example, nat. I don't see why servers would need to use nat.

Did you compile your kernel yourself?

If it is a redhat stock kernel, ALL of the modules SHOULD be available. I don't know anything about the script you are trying to use, but you may need to tell it where your insmod or modprobe is so that it can load the modules it needs.

Feel free to contact me if you need any more help, I don't check the forum very often.