Results 1 to 9 of 9

Thread: no iptables in Raspberry pi image?

  1. #1
    Join Date
    2013-Sep
    Posts
    1

    no iptables in Raspberry pi image?

    I've downloaded the latest RPi image and installed it on my SD card, it works just fine.
    when i try to use iptable
    Code:
    iptables -L
    iptables v1.4.14: can"t initialize iptables  table 'filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernal needs to be upgraded.
    and indeed lsmod doesnt show iptables, nor can i modprobe/insmod it
    i tried to update/upgrade/dist-upgrade and still nothing

    am i missing something or does this image not come with iptables?

  2. #2
    Join Date
    2013-Sep
    Posts
    1
    Same issue here. This isnt something I'm strong at but would making this work only require getting an ip_tables module and putting it in the modules folder, or is this something that has to be compiled into the kernel?

  3. #3
    Join Date
    2013-Sep
    Posts
    5
    I've made little progress, but I still don't have it resolved. Here is what I've done:

    First take a look at this:http://docs.kali.org/armel-armhf/kali-linux-arm-chroot
    Then take a look here (more important): http://docs.kali.org/development/cus...berry-pi-image
    First I started by trying to build a custom image, which isn't hard but it is overkill since you can modify the standard image you have already downloaded. You will obviously need to bake a new kernel, and throw into the the image, which is really just a subset of the second link. The tools that the Kali team links to doesn't work for me, but the tools that standard raspberry pi community links to does work for me. I provided links along the way to show you how I derived my path. I also included my kernel config diff and the modules I have loaded.

    Namely:

    #Link to image:
    loopdevice=`losetup -f --show <image name>.img`
    device=`kpartx -va $loopdevice| sed -E 's/.*(loop[0-9])p.*/\1/g' | head -1`
    device="/dev/mapper/${device}"
    bootp=${device}p1
    rootp=${device}p2

    #mount it (I assume your following along with path):
    mount $rootp root
    mount $bootp boot

    # time to build (This process can be sped up if you get config.gz and "zcat config.gz > .config" in your kernel dir), I applied my kernel config diff below
    cd ~/arm-stuff
    mkdir -p kernel
    cd kernel
    git clone https://github.com/raspberrypi/tools.git
    git clone https://github.com/raspberrypi/linux.git raspberrypi
    cd raspberrypi
    touch .scmversion
    export ARCH=arm
    export CROSS_COMPILE=~/arm-stuff/kernel/toolchains/arm-eabi-linaro-4.6.2/bin/arm-eabi- # This compiler did not work for me, I used the other one discussed here: http://elinux.org/Rpi_kernel_compilation
    make bcmrpi_cutdown_defconfig
    # configure your kernel !
    make menuconfig
    make -j$(cat /proc/cpuinfo|grep processor|wc -l)
    make modules_install INSTALL_MOD_PATH=~/arm-stuff/images/root
    cd ../tools/mkimage/
    python imagetool-uncompressed.py ../../raspberrypi/arch/arm/boot/Image

    #Push it to the image
    cd ~/arm-stuff/images
    cp ~/arm-stuff/kernel/tools/mkimage/kernel.img boot/

    # reduced cleanup, in case you need to rinse and repeat
    umount $rootp
    umount $bootp

    #dd your image...

    Okay, after it boots these are the modules I have loaded:
    root@kali:~# lsmod
    Module Size Used by
    nf_nat_ftp 952 0
    iptable_nat 2408 0
    nf_conntrack_ftp 4856 1 nf_nat_ftp
    ipt_MASQUERADE 984 0
    nf_nat 9818 3 nf_nat_ftp,ipt_MASQUERADE,iptable_nat
    nf_conntrack_ipv4 8756 3 nf_nat,iptable_nat
    nf_defrag_ipv4 636 1 nf_conntrack_ipv4
    nf_conntrack 43092 6 nf_nat_ftp,ipt_MASQUERADE,nf_nat,nf_conntrack_ftp, iptable_nat,nf_conntrack_ipv4
    ip_tables 8532 1 iptable_nat
    x_tables 8776 3 ip_tables,ipt_MASQUERADE,iptable_nat
    ipv6 212924 12
    leds_gpio 1648 0
    led_class 1788 1 leds_gpio

    and unfortunately I still get the error:
    root@kali:~# iptables -L
    iptables v1.4.14: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.

    Anyone see what is missing? I feel like I should be close... I'm actually surprised that Debian or Kali teams don't have documentation explaining how to get iptables capability working. A google search digs up a lot of similar questions and I haven't seen a resolution that actually works (I have tried a few that don't).

    Anthony

  4. #4
    Join Date
    2013-Sep
    Posts
    5
    Okay, these are the differences between the stock Kali kernel configuration and mine:
    diff .config config.org
    465d464
    < CONFIG_XFRM_IPCOMP=m
    470,474c469
    < CONFIG_IP_ADVANCED_ROUTER=y
    < # CONFIG_IP_FIB_TRIE_STATS is not set
    < # CONFIG_IP_MULTIPLE_TABLES is not set
    < # CONFIG_IP_ROUTE_MULTIPATH is not set
    < # CONFIG_IP_ROUTE_VERBOSE is not set
    ---
    > # CONFIG_IP_ADVANCED_ROUTER is not set
    482c477
    < CONFIG_ARPD=y
    ---
    > # CONFIG_ARPD is not set
    484,488c479,482
    < # CONFIG_NET_IPVTI is not set
    < CONFIG_INET_AH=m
    < CONFIG_INET_ESP=m
    < CONFIG_INET_IPCOMP=m
    < CONFIG_INET_XFRM_TUNNEL=m
    ---
    > # CONFIG_INET_AH is not set
    > # CONFIG_INET_ESP is not set
    > # CONFIG_INET_IPCOMP is not set
    > # CONFIG_INET_XFRM_TUNNEL is not set
    490,496c484,488
    < CONFIG_INET_XFRM_MODE_TRANSPORT=m
    < CONFIG_INET_XFRM_MODE_TUNNEL=m
    < CONFIG_INET_XFRM_MODE_BEET=m
    < CONFIG_INET_LRO=y
    < CONFIG_INET_DIAG=y
    < CONFIG_INET_TCP_DIAG=y
    < CONFIG_INET_UDP_DIAG=m
    ---
    > # CONFIG_INET_XFRM_MODE_TRANSPORT is not set
    > # CONFIG_INET_XFRM_MODE_TUNNEL is not set
    > # CONFIG_INET_XFRM_MODE_BEET is not set
    > # CONFIG_INET_LRO is not set
    > # CONFIG_INET_DIAG is not set
    523,679c515
    < CONFIG_NETFILTER=y
    < # CONFIG_NETFILTER_DEBUG is not set
    < CONFIG_NETFILTER_ADVANCED=y
    <
    < #
    < # Core Netfilter Configuration
    < #
    < CONFIG_NETFILTER_NETLINK=m
    < CONFIG_NETFILTER_NETLINK_ACCT=m
    < CONFIG_NETFILTER_NETLINK_QUEUE=m
    < CONFIG_NETFILTER_NETLINK_LOG=m
    < CONFIG_NF_CONNTRACK=m
    < CONFIG_NF_CONNTRACK_MARK=y
    < CONFIG_NF_CONNTRACK_PROCFS=y
    < # CONFIG_NF_CONNTRACK_EVENTS is not set
    < # CONFIG_NF_CONNTRACK_TIMEOUT is not set
    < # CONFIG_NF_CONNTRACK_TIMESTAMP is not set
    < CONFIG_NF_CT_PROTO_DCCP=m
    < CONFIG_NF_CT_PROTO_GRE=m
    < CONFIG_NF_CT_PROTO_SCTP=m
    < CONFIG_NF_CT_PROTO_UDPLITE=m
    < CONFIG_NF_CONNTRACK_AMANDA=m
    < CONFIG_NF_CONNTRACK_FTP=m
    < CONFIG_NF_CONNTRACK_H323=m
    < CONFIG_NF_CONNTRACK_IRC=m
    < CONFIG_NF_CONNTRACK_BROADCAST=m
    < CONFIG_NF_CONNTRACK_NETBIOS_NS=m
    < CONFIG_NF_CONNTRACK_SNMP=m
    < CONFIG_NF_CONNTRACK_PPTP=m
    < CONFIG_NF_CONNTRACK_SANE=m
    < CONFIG_NF_CONNTRACK_SIP=m
    < CONFIG_NF_CONNTRACK_TFTP=m
    < CONFIG_NF_CT_NETLINK=m
    < CONFIG_NF_CT_NETLINK_TIMEOUT=m
    < # CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
    < # CONFIG_NETFILTER_TPROXY is not set
    < CONFIG_NETFILTER_XTABLES=m
    <
    < #
    < # Xtables combined modules
    < #
    < # CONFIG_NETFILTER_XT_MARK is not set
    < # CONFIG_NETFILTER_XT_CONNMARK is not set
    <
    < #
    < # Xtables targets
    < #
    < # CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
    < # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
    < # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
    < # CONFIG_NETFILTER_XT_TARGET_CT is not set
    < # CONFIG_NETFILTER_XT_TARGET_DSCP is not set
    < # CONFIG_NETFILTER_XT_TARGET_HL is not set
    < # CONFIG_NETFILTER_XT_TARGET_HMARK is not set
    < # CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
    < # CONFIG_NETFILTER_XT_TARGET_LED is not set
    < # CONFIG_NETFILTER_XT_TARGET_LOG is not set
    < # CONFIG_NETFILTER_XT_TARGET_MARK is not set
    < # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
    < # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
    < # CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
    < # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
    < # CONFIG_NETFILTER_XT_TARGET_TEE is not set
    < # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
    < # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
    < # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
    <
    < #
    < # Xtables matches
    < #
    < # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set
    < # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
    < # CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
    < # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
    < # CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
    < # CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set
    < # CONFIG_NETFILTER_XT_MATCH_CONNTRACK is not set
    < # CONFIG_NETFILTER_XT_MATCH_CPU is not set
    < # CONFIG_NETFILTER_XT_MATCH_DCCP is not set
    < # CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
    < # CONFIG_NETFILTER_XT_MATCH_DSCP is not set
    < # CONFIG_NETFILTER_XT_MATCH_ECN is not set
    < # CONFIG_NETFILTER_XT_MATCH_ESP is not set
    < # CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
    < # CONFIG_NETFILTER_XT_MATCH_HELPER is not set
    < # CONFIG_NETFILTER_XT_MATCH_HL is not set
    < # CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
    < # CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
    < # CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
    < # CONFIG_NETFILTER_XT_MATCH_MAC is not set
    < # CONFIG_NETFILTER_XT_MATCH_MARK is not set
    < # CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
    < # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
    < # CONFIG_NETFILTER_XT_MATCH_OSF is not set
    < # CONFIG_NETFILTER_XT_MATCH_OWNER is not set
    < # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
    < # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
    < # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
    < # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
    < # CONFIG_NETFILTER_XT_MATCH_REALM is not set
    < # CONFIG_NETFILTER_XT_MATCH_RECENT is not set
    < # CONFIG_NETFILTER_XT_MATCH_SCTP is not set
    < # CONFIG_NETFILTER_XT_MATCH_STATE is not set
    < # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
    < # CONFIG_NETFILTER_XT_MATCH_STRING is not set
    < # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
    < # CONFIG_NETFILTER_XT_MATCH_TIME is not set
    < # CONFIG_NETFILTER_XT_MATCH_U32 is not set
    < # CONFIG_IP_SET is not set
    < # CONFIG_IP_VS is not set
    <
    < #
    < # IP: Netfilter Configuration
    < #
    < CONFIG_NF_DEFRAG_IPV4=m
    < CONFIG_NF_CONNTRACK_IPV4=m
    < CONFIG_NF_CONNTRACK_PROC_COMPAT=y
    < # CONFIG_IP_NF_QUEUE is not set
    < CONFIG_IP_NF_IPTABLES=m
    < # CONFIG_IP_NF_MATCH_AH is not set
    < # CONFIG_IP_NF_MATCH_ECN is not set
    < # CONFIG_IP_NF_MATCH_RPFILTER is not set
    < # CONFIG_IP_NF_MATCH_TTL is not set
    < # CONFIG_IP_NF_FILTER is not set
    < # CONFIG_IP_NF_TARGET_ULOG is not set
    < CONFIG_NF_NAT=m
    < CONFIG_NF_NAT_NEEDED=y
    < CONFIG_IP_NF_TARGET_MASQUERADE=m
    < CONFIG_IP_NF_TARGET_NETMAP=m
    < CONFIG_IP_NF_TARGET_REDIRECT=m
    < CONFIG_NF_NAT_SNMP_BASIC=m
    < CONFIG_NF_NAT_PROTO_DCCP=m
    < CONFIG_NF_NAT_PROTO_GRE=m
    < CONFIG_NF_NAT_PROTO_UDPLITE=m
    < CONFIG_NF_NAT_PROTO_SCTP=m
    < CONFIG_NF_NAT_FTP=m
    < CONFIG_NF_NAT_IRC=m
    < CONFIG_NF_NAT_TFTP=m
    < CONFIG_NF_NAT_AMANDA=m
    < CONFIG_NF_NAT_PPTP=m
    < CONFIG_NF_NAT_H323=m
    < CONFIG_NF_NAT_SIP=m
    < CONFIG_IP_NF_MANGLE=m
    < CONFIG_IP_NF_TARGET_CLUSTERIP=m
    < # CONFIG_IP_NF_TARGET_ECN is not set
    < # CONFIG_IP_NF_TARGET_TTL is not set
    < CONFIG_IP_NF_RAW=m
    < CONFIG_IP_NF_ARPTABLES=m
    < CONFIG_IP_NF_ARPFILTER=m
    < CONFIG_IP_NF_ARP_MANGLE=m
    <
    < #
    < # IPv6: Netfilter Configuration
    < #
    < # CONFIG_NF_DEFRAG_IPV6 is not set
    < # CONFIG_NF_CONNTRACK_IPV6 is not set
    < # CONFIG_IP6_NF_IPTABLES is not set
    ---
    > # CONFIG_NETFILTER is not set
    2289,2290d2124
    < CONFIG_TEXTSEARCH=y
    < CONFIG_TEXTSEARCH_KMP=m

  5. #5
    Join Date
    2013-Nov
    Posts
    3
    I have the same issue, been spending hours trying to get iptables working, did you ever get this to work?

  6. #6
    Join Date
    2013-Oct
    Posts
    4
    How do we ask Kali developers to install a firewall GUI and IP tables and fix wifi driver problem?

  7. #7
    Join Date
    2013-Mar
    Posts
    42
    @agabriel
    Can you tell me where the default Kali Kernel config is ?
    Tried to compile a new Kernel with iptables support direcly on the Raspian Pi - but there is no config file as here described --> http://docs.kali.org/development/rec...i-linux-kernel
    cp /boot/config-3.7-trunk-amd64 .config
    The "/boot" is empty here:
    root@kali:/usr/src/linux-source-3.7# pwd
    /usr/src/linux-source-3.7
    root@kali:/usr/src/linux-source-3.7# ls -l /boot/
    total 0
    root@kali:/usr/src/linux-source-3.7#
    If this here is a process that took to long if will use a Debain image with a kernel that comes with iptables and add the Kali tools.

  8. #8
    Join Date
    2013-Dec
    Posts
    1
    So, what's the status? Has anyone been able to get iptables working? I downloaded a kernel from someone trying to get iptables to work on the pi and it works! However I lose my keyboard and trackpad functionality on my atrix lapdock. Anyone here's a link to the website of the gentlement who compiled the kernel. It's available on the download page. http://daleruane.co.uk/securing-the-pi-part-2/

  9. #9
    Join Date
    2014-Jan
    Posts
    1
    Hi all

    on my pi I could solve the problem with doing a "rpi-update".

    I use the "2014-01-07-wheezy-raspbian.zip"

    root@plan02:~# uname -a
    Linux plan02 3.10.27+ #630 PREEMPT Fri Jan 17 19:44:36 GMT 2014 armv6l GNU/Linux

    root@plan02:~# iptables -nvL
    Chain INPUT (policy ACCEPT 722 packets, 104K bytes)
    pkts bytes target prot opt in out source destination

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 329 packets, 42528 bytes)
    pkts bytes target prot opt in out source destination

    for me, the problem has been solved with a firmware update of the pi.

Similar Threads

  1. Kali 2.0 image for Raspberry Pi3
    By ghodan in forum ARM Archive
    Replies: 29
    Last Post: 2016-05-08, 06:44
  2. Replies: 4
    Last Post: 2016-03-04, 18:50
  3. Raspberry pi 3 image - when will it be released
    By yhi in forum Project Archive
    Replies: 2
    Last Post: 2016-03-04, 05:23
  4. Raspberry Pi Image (Custom Cross-Compiled Kernel w/IPTables support)
    By Binary Overlord in forum Building Archive
    Replies: 0
    Last Post: 2013-11-04, 22:28

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •