Hi all,

I am having problem when using iptables on AXP.
My hardware and software specs are followings:
- service module: SM-SRE-900-K9
- router: 2951
- axp: 1.6.1
- development machine: ubuntu 10.04 LTS

/* Capabilities config */
- Location: build/capabilities/cap.cfg
- Content:
@MODULES=
ip_tables.ko
iptable_filter.ko
iptable_mangle.ko
ip_queue.ko
tun.ko

/* Packaging output with cap-config=capabilities/cap.cfg */
*** Output:
SLIM Packaging Utility. (C) 2007-2010 Cisco Systems, Inc
Checking dependencies...
WARNING:  utility 'rpm' not found.  Unable to determine size
          of RPMs once they're installed on the blade.

WARNING: If an application from AXP 1.0/1.1 is repackaged to be installed
         on AXP 1.5, please make sure to increment the application version
  - Fixing Script Path: bin/post-install.sh -> ./bin/post-install.sh
Generated swap option: OFF
Generated share timezones option:  ON
Generated shutdown timeout option: 30
    The AXP host resource limits will be adjusted by the following amounts, due to depedencies on AXP add-ons:
        Disk    CPU    Memory
        0M    30    15M
INFO: 16mb will be added to the application's memory requirements to support
      the application's tmpfs file system (/tmp)
Creating project directories...
Preparing configuration for the core packaging tool...
Creating runtime signatures...
Generating a list of files to package...
Verify Capability Configuration file syntax...
Syntax check OK
Verify Capability Configurations are allowed...
Semantic check OK
Preparing package manifest...
Processing manifest file information...
Invoking core SLIM packaging utilities...
SLIM packaging core log file saved to: /home/netteam/axp/phase/4_Sniff/package/tmp/core.log
Renaming tf.pkg -> tf.1.9.pkg

Generated files:
  Output package: /home/netteam/axp/phase/4_Sniff/package/pkg/tf.1.9.pkg
  Output payload: /home/netteam/axp/phase/4_Sniff/package/pkg/tf.1.9.prt1

*** RPM packages in pre-defined third_party_rpms_repositories:
-rw-r--r-- 1 netteam netteam 239041 2011-07-22 14:41 iptables-1.3.5-5.3.el5_4.1.i386.rpm
-rw-r--r-- 1 netteam netteam 378562 2011-07-22 15:32 libpython2.4-2.4.6-1.2nxd2009.1.i586.rpm
-rw-r--r-- 1 netteam netteam 435834 2011-07-22 14:44 module-init-tools-3.3-0.pre3.1.60.el5_5.1.i386.rpm
-rw-r--r-- 1 netteam netteam  58222 2011-07-22 14:41 python-2.4.3-43.el5.i386.rpm
-rw-r--r-- 1 netteam netteam 978835 2011-07-20 15:21 tcl-8.4.13-4.el5.i386.rpm
-rw-r--r-- 1 netteam netteam 457548 2011-07-20 15:21 tcpdump-3.9.4-15.el5.i386.rpm

*** I am not sure whether my authorization bundle has its capabilities turned "ON". I just build the package with my existing auth_bundle.
From package_build output, it seemed OK.

QUESTION 1) Is that valid ?

/* Package installation on AXP */
*** on AXP:
AXP-X2# show app-service state
                   APPLICATION                STATE               HEALTH
                            tf               online                  ---

/* On Virtual instance, application name=tf */
*** user:
console-3.2# whoami  
root

*** module. This seemed that cisco lkm modules are loaded properly.
console-3.2# lsmod   
Module                  Size  Used by
tun                     8448  0
ip_queue                7952  0
iptable_mangle          2560  0
iptable_filter          2688  0
ip_tables              10532  2 iptable_mangle,iptable_filter

*** iptables.
console-3.2# iptables -L
iptables v1.3.5: can't initialize iptables table `filter': Permission denied (you must be root)

Question 2) I don't understand I can't use iptables since I am root user.

Thanks and Regards,
Zoebir

Hi Zoebir,

It appears your modules are getting installed ok as shown by lsmod, so your authorization privileges are ok. Please add to your capabilities file the NET_ADMIN privilege which should give you firewall configuration rights. If you still see errors, please check the host side messages.log file for errors via: 'show log name messages.log interactive'.

@BCAPABILITIES=
NET_ADMIN

Thanks,

Brett