Hi guys,
I’m trying to install a firewall, however it looks like nf_tables, ip_tables etc kernel modules are not included. I’m not familiar with working with the kernel, so it would be difficult for me to build my own kernel or whatever.
Does anyone know the easiest way to get a firewall running on this board?
Thanks
nf_tables, ip_tables should include be into the linux kernel. how do you test it ?
Hey,
I ran lsmod and ip_tables is not there. But maybe I’m wrong and I just don’t know how to enable it?
debian@npi:~/libmnl$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
debian@npi:~/libmnl$ uname -r
4.19.71-imx-r1
debian@npi:~/libmnl$ lsmod
Module Size Used by
imx_wm8960 16384 0
snd_soc_wm8960 40960 0
snd_soc_fsl_sai 24576 0
imx_pcm_dma_v2 16384 1 snd_soc_fsl_sai
snd_soc_fsl_spdif 24576 0
snd_soc_fsl_asrc 45056 0
imx_pcm_dma 16384 1 snd_soc_fsl_spdif
snd_soc_core 147456 7 snd_soc_fsl_asrc,snd_soc_fsl_sai,imx_pcm_dma_v2,snd_soc_fsl_spdif,imx_pcm_dma,snd_soc_wm8960,imx_wm8960
snd_pcm_dmaengine 16384 3 imx_pcm_dma_v2,imx_pcm_dma,snd_soc_core
snd_pcm 98304 9 snd_soc_fsl_asrc,snd_soc_fsl_sai,snd_pcm_dmaengine,imx_pcm_dma_v2,snd_soc_fsl_spdif,imx_pcm_dma,snd_soc_core,snd_soc_wm8960,imx_wm8960
snd_timer 32768 1 snd_pcm
evbug 16384 0
dht11 16384 0
touch_gt9xx 61440 0
debian@npi:/lib/modules/4.19.71-imx-r1$ ls
kernel modules.builtin modules.dep.bin modules.softdep
modules.alias modules.builtin.bin modules.devname modules.symbols
modules.alias.bin modules.dep modules.order modules.symbols.bin
debian@npi:/lib/modules/4.19.71-imx-r1$ cd kernel/
debian@npi:/lib/modules/4.19.71-imx-r1/kernel$ ls
crypto drivers fs lib sound
How about manual loading?
sudo modprobe ip_tables
lsmod | grep ip_tables
lsmod | grep ip_tables returns nothing
debian@npi:~$ lsmod | grep ip_tables
debian@npi:~$
And modprobe ip_tables says that it doesn’t exist.
debian@npi:~$ modprobe --verbose ip_tables
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.19.71-imx-r1
nf_tables should also be in there, since the image is based on Debian Buster. https://wiki.debian.org/nftables
I’ve never done it before and know very little about it, but after some searching it looks like I need to build a new kernel with these modules in place. And to do this I need the kernel source. Do you know if Seeed have released a guide for how they have built this image? They must do something kind of special, since fire-config is on the image. Looking around on it, it seems to be a modified image of BeagleBone Black Debian minimal image. But the size of the NPi image is a lot smaller, so there are definitely some things removed from it.
This surprises me, but we provide Linux-headers so that you can compile the missing modules yourself.
Ok no problem. I might come back to you on this topic when I figure out how to compile the new kernel/modules.
Thanks.
@ [Baozhu]
You mention the headers are available I can not find them anywhere. Can you point us to a wiki or download where this and/or other module recourse can be found?
I wasn’t able to figure it out either. I followed the digikey tutorial a couple of times, but that wasn’t working either.
It’s a good board, but the software / support around it is lacking. Search through the forums and everyone says the same thing.
I found another board from a company called Solidrun which is similar, only it’s more expensive. ClearFog Base. They provide multiple different images, as well as Armbian runs on it. So it’s a bit easier to get up and running with it.
Good luck.
Yeh,
It’s a bit disappointing because if it were not for the lack of kernel/module support it would be a good board. I also have tried the Digikey build process to no avail. I’ve also been struggling with replicating the image either SD or eMMC.
Definitely need to work on the support tools on this item.
I hope Baozhu chimes in.
You can download headers from this command, which allows you to customize a lot of kernel modules. @sucseeed @rv1
sudo apt install linux-headers- 4.19.71-imx-r1
We host deb on our GitHub, and you can see all the binaries.
https://github.com/Seeed-Studio/seeed-linux-deb/blob/master/pool/main/l/linux-upstream/linux-headers-4.19.71-imx-r1_1stable_armhf.deb
Hi Guys,
So I installed the deb file, the apt line did not work for me and started installing a DIRTY kernel image?
However it does not seem to work:
make -C /lib/modules/4.19.71-imx-r1/build M=$(pwd) modules
make: Entering directory ‘/usr/src/linux-headers-4.19.71-imx-r1’
Building modules, stage 2.
MODPOST 0 modules
make: Leaving directory ‘/usr/src/linux-headers-4.19.71-imx-r1’
I am not an experienced kernael or module builder am i mssing something ?
My main need as many in this thread is to install the network modukles for iptables, nat and tun for openvpn. Any clues on to what to do next.
Robin
