Iptstate on Knoppix 6.4.4 - not working

[vkrishn]

Hi Managed to install Iptstate in Debian-Lenny(installed), PuppyLinux(Live CD) and Debian-Squeeze(Live CD) without problem. I am unable to install/use it in Knoppix 6.4.4(Live DVD). The program starts but does not show any connection states. I installed Iptstate in running Live DVD by doing following: 1. sudo su 2. apt-get update 3. apt-get install Iptstate 4. Iptstate Regards. V.Krishn

[kl522]

Late reply. You need to load the conntrack modules prior to using iptstate.

Code:

   # modprobe nf_conntrack_ipv4
   # modprobe nf_conntrack ipv6

Bottomline there should be a /proc/net/ip_conntrack there. If not, the required kernel modules have not been loaded.

[vkrishn]

Late reply. You need to load the conntrack modules prior to using iptstate.

Code:

   # modprobe nf_conntrack_ipv4
   # modprobe nf_conntrack ipv6

Bottomline there should be a /proc/net/ip_conntrack there. If not, the required kernel modules have not been loaded.

Code:

root@Microknoppix:~# ll /proc/net/ip_conntrack 
-r--r----- 1 root root 0 Jul  4 05:05 /proc/net/ip_conntrack

Though this method works in Squeeze(Live CD) but I am still not able to make it work in Knoppix-6.4.4(DVD).

[kl522]

Code:

root@Microknoppix:~# ll /proc/net/ip_conntrack 
-r--r----- 1 root root 0 Jul  4 05:05 /proc/net/ip_conntrack

Though this method works in Squeeze(Live CD) but I am still not able to make it work in Knoppix-6.4.4(DVD).

There are two possibilities. Either there is something wrong with the version of iptstate loaded, or still there is some other kernel modules not loaded ( load all the netlink and conntrack modules!) . As I don't exactly use Knoppix-6.4.4 and my kernel is custom compiled, I can't have first hand experience on knoppix 6.4.4.

[kl522]

I can't have first hand experience on knoppix 6.4.4....

I tried it on knoppix 6.4.4 in a virtual machine and found this problem is a lot more interesting than I originally thought. Yes, basically I can confirm that I could repeat the same problem. More specifically, when I do a 'cat /proc/net/ip_conntrack' this is what I get :-

Code:

     # cat /proc/net/ip_conntrack
cat /proc/net/ip_conntrack: no more space on device

A check on similar error message on the net revealed this post :-

https://bbs.archlinux.org/viewtopic.php?pid=890384

Basically it says kernel 2.6.37 is broken in nf_conntrack. I don't know whether to believe it or not, it is a very serious claim, or perhaps it is fixed in the subversion 2.6.37.X, but if this is true, it renders Knoppix 6.4.4 hopeless for any serious networking/iptables/conntrack applications.

[vkrishn]

Basically it says kernel 2.6.37 is broken in nf_conntrack. I don't know whether to believe it or not, it is a very serious claim, or perhaps it is fixed in the subversion 2.6.37.X, but if this is true, it renders Knoppix 6.4.4 hopeless for any serious networking/iptables/conntrack applications.

Well I am able to get realtime event log by doing:

Code:

 root@Microknoppix:~# conntrack -E

Not sure, maybe iptstate is incompatible with knoppix 6.4.4.
Would try to run on older knoppix version.

[utu]

@ anyone

Where do we stand on this in Knoppix 6.7?

[vkrishn]

Had to do the following to make it work.

modprobe ip_conntrack

Though I came across another problem (not confiming). dpkg seems to give error after couple of package installation in persistent knoppix-data.img.