FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 08-31-2011, 02:24 AM
Always Learning
 
Default Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On a VPS I wanted to add to IP tables:-

iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP

I got:

iptables: Unknown error 18446744073709551615

uname -a = 2.6.35.4 #2 (don't know how this got installed)

lsmod | grep ipt = ipt_LOG 5419 2

yum upgrade iptables* = nothing to install.

---------------------------------------

On a standalone server (C 5.6)

iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP

is accepted.

uname -a = 2.6.18-274.el5 #1

lsmod | grep ipt =
ipt_LOG 39617 1
iptable_filter 36161 1
ip_tables 55457 1 iptable_filter
x_tables 50505 6
xt_string,xt_state,ipt_LOG,xt_tcpudp,ip_tables,ip6 _tables

------------------------------------------------

Appreciate suggestions on how to get kernel 2.6.35.4 to install the
whole IP tables package, especially the STRING and RECENT options (in
-m).

Thank you.

Paul.




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 03:02 AM
Steve Walsh
 
Default Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On 08/31/2011 12:24 PM, Always Learning wrote:
> On a VPS I wanted to add to IP tables:-
>
> iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP
>
> I got:
>
> iptables: Unknown error 18446744073709551615
>
> uname -a = 2.6.35.4 #2 (don't know how this got installed)

I'm wagering that's not the full output of uname -a. As far as I'm
aware, centos have never shipped a 2.6.35 kernel with any release, and
that's the sort of error you get with a openVZ "stab" (or Stable)
kernel, where unless the host provides you with the modules, there's not
a lot you can do about it.


> <snip>
>
> Appreciate suggestions on how to get kernel 2.6.35.4 to install the
> whole IP tables package, especially the STRING and RECENT options (in
> -m).

Perhaps you might want to talk to your hosting company about what
they're selling you, because it certainly isn't a 'pure' centos install.

Steve.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 03:07 AM
Always Learning
 
Default Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On Wed, 2011-08-31 at 13:02 +1000, Steve Walsh wrote:

> I'm wagering that's not the full output of uname -a. As far as I'm
> aware, centos have never shipped a 2.6.35 kernel with any release, and
> that's the sort of error you get with a openVZ "stab" (or Stable)
> kernel, where unless the host provides you with the modules, there's not
> a lot you can do about it.

Centos 6 is, I believe, 2.6.32, so 2.6.35 is something strange. Google
shows that version in many data centres.

> Perhaps you might want to talk to your hosting company about what
> they're selling you, because it certainly isn't a 'pure' centos install.

Have already done that. I'm getting about 6,000 web hits a day (all
wrong URLs) from a lunatic who I can stop in IP Tables but only if the
alleged Centos version is up-to-date.

Thank you.

Paul.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 03:11 AM
"John R. Dennison"
 
Default Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On Wed, Aug 31, 2011 at 04:07:44AM +0100, Always Learning wrote:
>
> Have already done that. I'm getting about 6,000 web hits a day (all
> wrong URLs) from a lunatic who I can stop in IP Tables but only if the
> alleged Centos version is up-to-date.

Has nothing to do with being up-to-date; it has to do with no having the
necessary iptables facilities available. Talk to your hoster.




John
--
In today's online world, what your mother told you is true, only more so:
people really can judge you by your friends.

-- Harold Abelson, MIT computer science professor, on personal information
that can be gleaned from social networking sites, NY Times, 17 March 2010
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 03:17 AM
Always Learning
 
Default Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On Tue, 2011-08-30 at 22:11 -0500, John R. Dennison wrote:

> On Wed, Aug 31, 2011 at 04:07:44AM +0100, Always Learning wrote:
> >
> > Have already done that. I'm getting about 6,000 web hits a day (all
> > wrong URLs) from a lunatic who I can stop in IP Tables but only if the
> > alleged Centos version is up-to-date.
>
> Has nothing to do with being up-to-date; it has to do with no having the
> necessary iptables facilities available. Talk to your hoster.

NO I will not. I have already emailed them.

The necessary IP Tables facilities are not available. Therefore,
contrary to your strange assertion "Has nothing to do with being
up-to-date" that IP Tables version is certain OUT-OF-DATE because the
modern parts have not been included !!!

Have a nice day.

Paul.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 03:22 AM
"John R. Dennison"
 
Default Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On Wed, Aug 31, 2011 at 04:17:36AM +0100, Always Learning wrote:
>
> NO I will not. I have already emailed them.

Then you won't get the support. Period.

> The necessary IP Tables facilities are not available. Therefore,
> contrary to your strange assertion "Has nothing to do with being
> up-to-date" that IP Tables version is certain OUT-OF-DATE because the
> modern parts have not been included !!!

It's not out of date. OpenVZ / "stab" kernels don't support all ipt-*
modules by default; they have to be configured on a container basis.

You can argue and be wrong or you can contact your hoster and have the
modules you need enabled or you can find an alternate provider. The
choice is yours.




John
--
The ability to focus attention on important things is a defining
characteristic of intelligence.

-- Robert J. Shiller (1946-), American economist, academic, and author,
Irrational Exuberance (2006)
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 03:30 AM
Always Learning
 
Default Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On Tue, 2011-08-30 at 22:22 -0500, John R. Dennison wrote:

> On Wed, Aug 31, 2011 at 04:17:36AM +0100, Always Learning wrote:
> >
> > NO I will not. I have already emailed them.
>
> Then you won't get the support. Period.

Utter rubbish. They are excellent either by phone or by email.

> It's not out of date. OpenVZ / "stab" kernels don't support all ipt-*
> modules by default; they have to be configured on a container basis.
>
> You can argue and be wrong or you can contact your hoster and have the
> modules you need enabled or you can find an alternate provider. The
> choice is yours.

Thank you for informing me the 'choice' is mine. Without such undoubted
inspirational wisdom I would never have known I had a choice. I am most
grateful to you.

How many occasions must I state I have emailed the service company
before you refrain from telling me to contact the "hoster" ?

Have a peaceful and relaxing evening and a very nice day tomorrow.


Paul.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 03:30 AM
Steve Walsh
 
Default Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On 08/31/2011 01:17 PM, Always Learning wrote:
> NO I will not. I have already emailed them.

wow....just...wow.

> The necessary IP Tables facilities are not available. Therefore,
> contrary to your strange assertion "Has nothing to do with being
> up-to-date" that IP Tables version is certain OUT-OF-DATE because the
> modern parts have not been included !!!

They have not been included, probably because you are running an openVZ
'stab' kernel. Failing to give us the complete output in your initial
post means that anyone helping you is taking blind guesses. As an
example, here is the output of uname -a on my C6.0 system;

Linux omg.wtf.bbq.lol.au 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27
19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux

As you can see, it has a little bit more information that the output of
the uname -a command you included in your original

If I google "iptables on openvz", I get the following link from their
wiki - http://wiki.openvz.org/Setting_up_an_iptables_firewall, have you
tried that path?

But, without the full information to start with, it's all conjecture.

Steve

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 03:41 AM
"John R. Dennison"
 
Default Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On Wed, Aug 31, 2011 at 04:30:37AM +0100, Always Learning wrote:
>
> Thank you for informing me the 'choice' is mine. Without such undoubted
> inspirational wisdom I would never have known I had a choice. I am most
> grateful to you.

The choice is indeed yours. You can 1) listen to those that know what
they are talking about and probably have 50 years of combined experience;
or 2) remain in the dark and clueless.

> How many occasions must I state I have emailed the service company
> before you refrain from telling me to contact the "hoster" ?

How many times must you argue when you ask for assistance [1] and have it
provided for you, free of charge.

If you want help at least be willing to consider the answers you are
given and not discount them out of hand because they don't fit the way
you wish things were.

[1] "Appreciate suggestions on how to get kernel 2.6.35.4 to install the
whole IP tables package, especially the STRING and RECENT options
(in -m)."




John
--
Creativity is allowing oneself to make mistakes. Art is knowing which ones
to keep.

-- Scott Adams (1957-), American cartoonist and satirist,
The Dilbert Principle (1996)
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 08-31-2011, 03:43 AM
Always Learning
 
Default Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On Wed, 2011-08-31 at 13:30 +1000, Steve Walsh wrote:

> They have not been included, probably because you are running an openVZ
> 'stab' kernel. Failing to give us the complete output in your initial
> post means that anyone helping you is taking blind guesses.

That you for the useful enlightenment. I was unaware it was an OpenVZ. I
thought is was XEN on Ubuntu.

> As an example, here is the output of uname -a on my C6.0 system;
>
> Linux omg.wtf.bbq.lol.au 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27
> 19:49:27 BST 2011 x86_64 x86_64 x86_64 GNU/Linux
>
> As you can see, it has a little bit more information that the output
> of he uname -a command you included in your original

Well I cut-out the unnecessary parts and produced a uname -r.
It was the kernel version that interested me. I just happened to know it
is 'Linux' and 'GNU' so did not need a reminder.

> If I google "iptables on openvz", I get the following link from their
> wiki - http://wiki.openvz.org/Setting_up_an_iptables_firewall, have you
> tried that path?

Of course not. My telepathy does not extend beyond half-way down Africa.
If I have known, but I did not know then, about Open VZ then I would
have typed that into Google.

> But, without the full information to start with, it's all conjecture.

I note from your web site you are in to marriage guidance too.

Have a nice day.

Paul.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:19 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org