How to resolve “no connection tracking support in the kernel†in Vuurmuur?
Multi tool use
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
So I'm trying to get Vuurmuur installed on a headless linux box that I've been using as a home router. So far, I've been using iptables but wanted to switch to using something more convenient/easier to use.
SERVER SETUP
I'm running:
Ubuntu 16.04.3 LTS Xenial
4.4.0-97-generic #120-Ubuntu SMP Tue Sep 19 17:28:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
VUURMUUR SETUP
Vuurmuur doesn't have a debian package maintainer so I added this entry to my apt sources:
deb ftp://ftp.vuurmuur.org/ubuntu/ raring main
Do an apt-get update, install vuurmuur and things look ok BUT when I try to run vuurmuur this happens:
# vuurmuur
Error: checking for iptables-capabilities failed. Please see error.log.
I checked the documentation here: https://www.vuurmuur.org/trac/wiki/Faq
and that suggests that iptables or conntrack is not setup correctly
For completeness, this is the error in the error log:
01/04/2018 13:57:18 : PID 1866 : vuurmuur : Error (-1): no connection tracking support in the kernel (in: check_iptcaps:402).
I did a lsmod for iptables and conntrack and they both seem to be there:
# lsmod | egrep "iptable|conntr"
nf_conntrack_netlink 40960 0
nfnetlink 16384 2 nf_conntrack_netlink,nfnetlink_queue
iptable_mangle 16384 0
xt_conntrack 16384 2
iptable_filter 16384 1
iptable_nat 16384 1
nf_conntrack_ipv4 16384 3
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_nat_ipv4 16384 1 iptable_nat
nf_conntrack 106496 9 xt_helper,nf_nat,xt_state,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,xt_connmark,nf_conntrack_ipv4
ip_tables 24576 3 iptable_filter,iptable_mangle,iptable_nat
x_tables 36864 20 xt_mark,xt_helper,xt_length,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_NFQUEUE,xt_limit,xt_state,xt_conntrack,xt_LOG,xt_mac,xt_nat,iptable_filter,xt_CLASSIFY,xt_TCPMSS,xt_connmark,ipt_REJECT,xt_REDIRECT,iptable_mangle
WHAT AM I MISSING?
I've seen some other posts that the way conntrack is enabled has changed in the past so I'm wondering if between Raring and Xenial, the method to check for iptables/conntrack changed but vuurmuur hasn't been updated yet.
Thanks,
Alex
iptables kernel-modules firewall ip-conntrack
asked Jan 4 at 19:03
alexpotato
1707
add a comment |Â
up vote
0
down vote
favorite
So I'm trying to get Vuurmuur installed on a headless linux box that I've been using as a home router. So far, I've been using iptables but wanted to switch to using something more convenient/easier to use.
SERVER SETUP
I'm running:
Ubuntu 16.04.3 LTS Xenial
4.4.0-97-generic #120-Ubuntu SMP Tue Sep 19 17:28:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
VUURMUUR SETUP
Vuurmuur doesn't have a debian package maintainer so I added this entry to my apt sources:
deb ftp://ftp.vuurmuur.org/ubuntu/ raring main
Do an apt-get update, install vuurmuur and things look ok BUT when I try to run vuurmuur this happens:
# vuurmuur
Error: checking for iptables-capabilities failed. Please see error.log.
I checked the documentation here: https://www.vuurmuur.org/trac/wiki/Faq
and that suggests that iptables or conntrack is not setup correctly
For completeness, this is the error in the error log:
01/04/2018 13:57:18 : PID 1866 : vuurmuur : Error (-1): no connection tracking support in the kernel (in: check_iptcaps:402).
I did a lsmod for iptables and conntrack and they both seem to be there:
# lsmod | egrep "iptable|conntr"
nf_conntrack_netlink 40960 0
nfnetlink 16384 2 nf_conntrack_netlink,nfnetlink_queue
iptable_mangle 16384 0
xt_conntrack 16384 2
iptable_filter 16384 1
iptable_nat 16384 1
nf_conntrack_ipv4 16384 3
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_nat_ipv4 16384 1 iptable_nat
nf_conntrack 106496 9 xt_helper,nf_nat,xt_state,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,xt_connmark,nf_conntrack_ipv4
ip_tables 24576 3 iptable_filter,iptable_mangle,iptable_nat
x_tables 36864 20 xt_mark,xt_helper,xt_length,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_NFQUEUE,xt_limit,xt_state,xt_conntrack,xt_LOG,xt_mac,xt_nat,iptable_filter,xt_CLASSIFY,xt_TCPMSS,xt_connmark,ipt_REJECT,xt_REDIRECT,iptable_mangle
WHAT AM I MISSING?
I've seen some other posts that the way conntrack is enabled has changed in the past so I'm wondering if between Raring and Xenial, the method to check for iptables/conntrack changed but vuurmuur hasn't been updated yet.
Thanks,
Alex
iptables kernel-modules firewall ip-conntrack
asked Jan 4 at 19:03
alexpotato
1707
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
So I'm trying to get Vuurmuur installed on a headless linux box that I've been using as a home router. So far, I've been using iptables but wanted to switch to using something more convenient/easier to use.
SERVER SETUP
I'm running:
Ubuntu 16.04.3 LTS Xenial
4.4.0-97-generic #120-Ubuntu SMP Tue Sep 19 17:28:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
VUURMUUR SETUP
Vuurmuur doesn't have a debian package maintainer so I added this entry to my apt sources:
deb ftp://ftp.vuurmuur.org/ubuntu/ raring main
Do an apt-get update, install vuurmuur and things look ok BUT when I try to run vuurmuur this happens:
# vuurmuur
Error: checking for iptables-capabilities failed. Please see error.log.
I checked the documentation here: https://www.vuurmuur.org/trac/wiki/Faq
and that suggests that iptables or conntrack is not setup correctly
For completeness, this is the error in the error log:
01/04/2018 13:57:18 : PID 1866 : vuurmuur : Error (-1): no connection tracking support in the kernel (in: check_iptcaps:402).
I did a lsmod for iptables and conntrack and they both seem to be there:
# lsmod | egrep "iptable|conntr"
nf_conntrack_netlink 40960 0
nfnetlink 16384 2 nf_conntrack_netlink,nfnetlink_queue
iptable_mangle 16384 0
xt_conntrack 16384 2
iptable_filter 16384 1
iptable_nat 16384 1
nf_conntrack_ipv4 16384 3
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_nat_ipv4 16384 1 iptable_nat
nf_conntrack 106496 9 xt_helper,nf_nat,xt_state,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,xt_connmark,nf_conntrack_ipv4
ip_tables 24576 3 iptable_filter,iptable_mangle,iptable_nat
x_tables 36864 20 xt_mark,xt_helper,xt_length,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_NFQUEUE,xt_limit,xt_state,xt_conntrack,xt_LOG,xt_mac,xt_nat,iptable_filter,xt_CLASSIFY,xt_TCPMSS,xt_connmark,ipt_REJECT,xt_REDIRECT,iptable_mangle
WHAT AM I MISSING?
I've seen some other posts that the way conntrack is enabled has changed in the past so I'm wondering if between Raring and Xenial, the method to check for iptables/conntrack changed but vuurmuur hasn't been updated yet.
Thanks,
Alex
iptables kernel-modules firewall ip-conntrack
asked Jan 4 at 19:03
alexpotato
1707
So I'm trying to get Vuurmuur installed on a headless linux box that I've been using as a home router. So far, I've been using iptables but wanted to switch to using something more convenient/easier to use.
SERVER SETUP
I'm running:
Ubuntu 16.04.3 LTS Xenial
4.4.0-97-generic #120-Ubuntu SMP Tue Sep 19 17:28:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
VUURMUUR SETUP
Vuurmuur doesn't have a debian package maintainer so I added this entry to my apt sources:
deb ftp://ftp.vuurmuur.org/ubuntu/ raring main
Do an apt-get update, install vuurmuur and things look ok BUT when I try to run vuurmuur this happens:
# vuurmuur
Error: checking for iptables-capabilities failed. Please see error.log.
I checked the documentation here: https://www.vuurmuur.org/trac/wiki/Faq
and that suggests that iptables or conntrack is not setup correctly
For completeness, this is the error in the error log:
01/04/2018 13:57:18 : PID 1866 : vuurmuur : Error (-1): no connection tracking support in the kernel (in: check_iptcaps:402).
I did a lsmod for iptables and conntrack and they both seem to be there:
# lsmod | egrep "iptable|conntr"
nf_conntrack_netlink 40960 0
nfnetlink 16384 2 nf_conntrack_netlink,nfnetlink_queue
iptable_mangle 16384 0
xt_conntrack 16384 2
iptable_filter 16384 1
iptable_nat 16384 1
nf_conntrack_ipv4 16384 3
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_nat_ipv4 16384 1 iptable_nat
nf_conntrack 106496 9 xt_helper,nf_nat,xt_state,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,xt_connmark,nf_conntrack_ipv4
ip_tables 24576 3 iptable_filter,iptable_mangle,iptable_nat
x_tables 36864 20 xt_mark,xt_helper,xt_length,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_NFQUEUE,xt_limit,xt_state,xt_conntrack,xt_LOG,xt_mac,xt_nat,iptable_filter,xt_CLASSIFY,xt_TCPMSS,xt_connmark,ipt_REJECT,xt_REDIRECT,iptable_mangle
WHAT AM I MISSING?
I've seen some other posts that the way conntrack is enabled has changed in the past so I'm wondering if between Raring and Xenial, the method to check for iptables/conntrack changed but vuurmuur hasn't been updated yet.
Thanks,
Alex
iptables kernel-modules firewall ip-conntrack
asked Jan 4 at 19:03
alexpotato
1707
asked Jan 4 at 19:03
alexpotato
1707
asked Jan 4 at 19:03
alexpotato
1707
asked Jan 4 at 19:03
alexpotato
1707
1707
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
So turns out their are two options:
Option 1
Run the vuurmuur command with the below option:
-t
Option 2 (what I did)
Use the 0.8rc5 version from the Vuurmuur website and I was able to start Vuurmuur.
answered Jan 4 at 19:41
alexpotato
1707
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
So turns out their are two options:
Option 1
Run the vuurmuur command with the below option:
-t
Option 2 (what I did)
Use the 0.8rc5 version from the Vuurmuur website and I was able to start Vuurmuur.
answered Jan 4 at 19:41
alexpotato
1707
add a comment |Â
up vote
2
down vote
accepted
So turns out their are two options:
Option 1
Run the vuurmuur command with the below option:
-t
Option 2 (what I did)
Use the 0.8rc5 version from the Vuurmuur website and I was able to start Vuurmuur.
answered Jan 4 at 19:41
alexpotato
1707
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
So turns out their are two options:
Option 1
Run the vuurmuur command with the below option:
-t
Option 2 (what I did)
Use the 0.8rc5 version from the Vuurmuur website and I was able to start Vuurmuur.
answered Jan 4 at 19:41
alexpotato
1707
So turns out their are two options:
Option 1
Run the vuurmuur command with the below option:
-t
Option 2 (what I did)
Use the 0.8rc5 version from the Vuurmuur website and I was able to start Vuurmuur.
answered Jan 4 at 19:41
alexpotato
1707
answered Jan 4 at 19:41
alexpotato
1707
answered Jan 4 at 19:41
alexpotato
1707
answered Jan 4 at 19:41
alexpotato
1707
1707
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f414829%2fhow-to-resolve-no-connection-tracking-support-in-the-kernel-in-vuurmuur%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password