Iptables (and starting it)


Forum: Networking
Topic: Iptables (and starting it)
started by: Divago

Posted by Divago on Jan. 15 2008,15:11
Hi all
again with pointless question :)

now i'm setting an iptables on my dsl-n frugal installed system to block viewing some url (like "parental control"...)
i found iptables.dsl on dsl repositories
i downloaded it and put on /mydsl folder (same one where i put all .dsl extension i whanna autoload at startup)
rebooted

it says loaded iptables at startup

but
a) there is no /etc/sysconfig/iptables file
i created one by myself, from scratch (well, copying one from google :) )

b) there is no "/etc/init.d/iptables" script to start|stop|reload
so how can i start/stop/reload iptables?

c) i tried to launch
# iptables -L
but this is the answer:
Code Sample

FATAL: Module ip_tables not found.
iptables v1.2.6a: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.


someone can point me where am i wrong?
(assuming i'm not really competent with linux nor iptables :( )

ty vm

Posted by Juanito on Jan. 15 2008,15:18
Looking at the error messages, it seems like the iptables.dsl extension contains one or more kernel modules (I say this without checking so I could be totally wrong) that are probably built for dsl (2.4.26 or 2.4.31) and so would not work with dsln (2.6.12)?
Posted by lucky13 on Jan. 15 2008,15:31
Juanito is correct. The iptables extension is kernel-specific and works only for 2.4.26.
Posted by curaga on Jan. 15 2008,15:52
Iptables does compile quite easily.

To start it, most prefer creating their own script and running that from bootlocal.sh, /etc/sysconfig/iptables is a distro-specific way. Or most download the nice linux firewall script courtesy of projectfiles.com and then start that from bootlocal.sh :)

You can block sites without iptables, too:
Just add the url(s) of the site to /etc/hosts with an ip of 127.0.0.1, so they all point to yourself and unless you are running a web server, no getting to those pages.

Posted by roberts on Jan. 15 2008,16:21
Quote (curaga @ Jan. 15 2008,07:52)
...
You can block sites without iptables, too:
Just add the url(s) of the site to /etc/hosts with an ip of 127.0.0.1, so they all point to yourself and unless you are running a web server, no getting to those pages.

My /etc/hosts has 2077 items listed.
Mostly to block ad, banner, and click servers.
It makes for a faster internet experience as I am not waiting for these other, not wanted, site connections.

Posted by Divago on Jan. 16 2008,14:17
Quote (curaga @ Jan. 15 2008,10:52)

;_;
ok so i cannot use iptables for dsl-n... :(
Quote
You can block sites without iptables, too:
Just add the url(s) of the site to /etc/hosts with an ip of 127.0.0.1, so they all point to yourself and unless you are running a web server, no getting to those pages.
Oh cool
and i can also do the viceversa? i mean: allowing only 2 url and redirecting others to 127.0.0.1? (this is what i need to... :) )

Posted by curaga on Jan. 16 2008,16:09
correction: iptables.dsl with can't be used with dsl-n. iptables can, if you can compile it.

Sorry, /etc/hosts only works that way, it can't allow some and direct all others to something. Iptables is needed for that..

I think though that the iptables modules are included in DSL-N; not sure though. does
Quote
find /lib/modules -name "*conntr*"
give any output?

Posted by Divago on Jan. 17 2008,13:26
Quote (curaga @ Jan. 16 2008,11:09)
I think though that the iptables modules are included in DSL-N; not sure though. does
Quote
find /lib/modules -name "*conntr*"
give any output?

nope, no output :(

Posted by curaga on Jan. 17 2008,15:22
Well, if the modules aren't included, you're facing building the kernel. Have you done it before?
It's quite easy, you can use the default configuration as a base, just select the ip tables modules, and maybe remove stuff you don't need. If you compile for your processor, it will run faster too.

It's 2.6.13 patched with unionfs, I think.

Posted by Juanito on Jan. 17 2008,17:59
2.6.12 :)
Posted by curaga on Jan. 18 2008,12:56
Oops, my bad :)
Posted by roberts on Jan. 18 2008,21:58
Quote (Juanito @ Jan. 17 2008,09:59)
2.6.12 :)

Really, I did do a 2.6.19. I guess I never released it. I just booted it now and it is indeed a 2.6.19.



Posted by WDef on Jan. 18 2008,23:41
Here's one possibility for /etc/hosts:
Code Sample

# block google analytics
127.0.0.1 www.google-analytics.com


Although I haven't noticed as much of a slow down effect due to google-analytics as I used to, so this is not as important unless one objects to one's visit to a website being logged by google.

There was a time on one connection I had when google-analytics was simply _strangling_ the web.  Seems to have improved a lot.

Any other faves for /etc/hosts blocking?

Posted by roberts on Jan. 19 2008,00:40
Quote (WDef @ Jan. 18 2008,15:41)
Here's one possibility for /etc/hosts:
Code Sample

# block google analytics
127.0.0.1 www.google-analytics.com


Although I haven't noticed as much of a slow down effect due to google-analytics as I used to, so this is not as important unless one objects to one's visit to a website being logged by google.

There was a time on one connection I had when google-analytics was simply _strangling_ the web.  Seems to have improved a lot.

Any other faves for /etc/hosts blocking?

Yes. Take a look at < Block Adservers List > Then click on this "hosts file ready" < list >

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.