Re: [Fwbuilder-discussion] Couldn't load match `ipv4options':/lib/iptables/libipt_ipv4options.so

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

the error message means module ipv4options was not compiled into  
iptables. This module is part of the base repository of netfilter  
modules but I do not know why it is not available on your system.  
Fwbuilder compiler generates iptables command that uses this module  
to match IP packet with options such as 'lsrr', 'ssrr' etc.

What is the rule number of the rule with IP service object that  
matches 'lsrr', 'ssrr' and 'rr' options ? Possible reason why you see  
the error on a different rule when you re-enable it is that the  
normal output you get from the firewall script is buffered, while  
error messages are not. This means the normal output can be poorly  
synchronized with errors and the error may relate to a different rule.

--vk

On Mar 7, 2006, at 12:14 PM, Brian Diehl wrote:

> Hi All,
>
> First off, let me apologize for the length and probably mis- 
> formatted e-mail (Gotta love GMail).  I am getting an error message  
> "Couldn't load match `ipv4options':/lib/iptables/ 
> libipt_ipv4options.so: cannot open shared object file: No such file  
> or directory"
> This is a Red Hat EL4 box (2.6.9-22 kernel), with iptables 1.2.11-3.
>
> The recent change to the fw rules was that i added this rule:
>
> Src: Any
> Dst: Any
> Svc: Custom IP with 'lsrr', 'ssrr', 'rr' and 'all fragments' checked
> Deny
>
> However if i disable this rule, re-compile then reinstall, this  
> error message goes away (which is expected).
> When i re-enable this rule, the installer complains about this  
> error on a different rule.
>
>
> First Time Log Snip:
>
> Rule 5 (global)
> iptables v1.2.11: Couldn't load match `ipv4options':/lib/iptables/ 
> libipt_ipv4options.so: cannot open shared object file: No such file  
> or directory
>
> Try `iptables -h' or 'iptables --help' for more information.
> iptables v1.2.11: Couldn't load match `ipv4options':/lib/iptables/ 
> libipt_ipv4options.so: cannot open shared object file: No such file  
> or directory
>
> Try `iptables -h' or 'iptables --help' for more information.
> Rule 6 (global)
>
>
> Disabled, Re-installed Rules, then re-enabled Log Snip:
>
> Rule 1 (eth1)
> iptables v1.2.11: Couldn't load match `ipv4options':/lib/iptables/ 
> libipt_ipv4options.so: cannot open shared object file: No such file  
> or directory
>
> Try `iptables -h' or 'iptables --help' for more information.
> Rule 0 (lo)
> Rule 0 (global)
> Rule 1 (global)
> Rule 2 (global)
> Rule 3 (global)
> iptables v1.2.11: Couldn't load match `ipv4options':/lib/iptables/ 
> libipt_ipv4options.so: cannot open shared object file: No such file  
> or directory
>
> Try `iptables -h' or 'iptables --help' for more information.
> iptables v1.2.11: Couldn't load match `ipv4options':/lib/iptables/ 
> libipt_ipv4options.so: cannot open shared object file: No such file  
> or directory
>
> Try `iptables -h' or 'iptables --help' for more information.
> Rule 4 (global)
>
> My First question is this:  If I Enable/Disable Rule 1, Why does  
> the installer complain on different rules each install?  (The rules  
> it is complaining about do not have IP options set)
> Second question, I cannot seem to find libipt_ipv4options.so, I've  
> done quite a bit of googling and i cannot seem to find this library  
> (On an EL4 machine).  Can anyone offer some assistance to this?
>
> Thanks!
>
> --Brian.
> !DSPAM:440de9dd317648301512642!