0

I tried installing nf_conntrack module in RHEL , it fails

[root@boot]# modprobe nf_conntrack_ipv6

FATAL: Module nf_conntrack_ipv6 not found.

[root@boot]# modprobe nf_conntrack

FATAL: Module nf_conntrack not found.

[root@boot]# lsmod | grep -i nf

nfnetlink_queue 16129 2

nfnetlink 10713 4 nfnetlink_queue,ip_conntrack

xt_NFQUEUE 6209 2

x_tables 17349 18 xt_tcpudp,xt_state,ipt_addrtype,ipt_TOS,ipt_tos ,xt_string,ipt_owner,xt_multiport,xt_MARK,xt_mark,ipt_iprange,ipt_hashlimit,xt_c onntrack,xt_CONNMARK,xt_connmark,ip_tables,xt_NFQUEUE,ip6_tables

[root@boot]# [root@boot]# [root@boot]# lsmod | grep -i nf

nfnetlink_queue 16129 2

nfnetlink 10713 4 nfnetlink_queue,ip_conntrack

xt_NFQUEUE 6209 2

x_tables 17349 18 xt_tcpudp,xt_state,ipt_addrtype,ipt_TOS,ipt_tos ,xt_string,ipt_owner,xt_multiport,xt_MARK,xt_mark,ipt_iprange,ipt_hashlimit,xt_c onntrack,xt_CONNMARK,xt_connmark,ip_tables,xt_NFQUEUE,ip6_tables

[root@boot]# [root@boot]# lsmod | grep -i conntrack

xt_conntrack 6593 0

ip_conntrack 53281 4 xt_state,xt_conntrack,xt_CONNMARK,xt_connmark

nfnetlink 10713 4 nfnetlink_queue,ip_conntrack

x_tables 17349 18 xt_tcpudp,xt_state,ipt_addrtype,ipt_TOS,ipt_tos ,xt_string,ipt_owner,xt_multiport,xt_MARK,xt_mark,ipt_iprange,ipt_hashlimit,xt_c onntrack,xt_CONNMARK,xt_connmark,ip_tables,xt_NFQUEUE,ip6_tables [root@boot]#

[root@boot]# cat config-2.6.18-194.el5PAE | grep -i "nf_"

CONFIG_IP_NF_CONNTRACK=m CONFIG_IP_NF_CT_ACCT=y CONFIG_IP_NF_CONNTRACK_MARK=y CONFIG_IP_NF_CONNTRACK_SECMARK=y CONFIG_IP_NF_CONNTRACK_EVENTS=y CONFIG_IP_NF_CONNTRACK_NETLINK=m CONFIG_IP_NF_CT_PROTO_SCTP=m CONFIG_IP_NF_FTP=m CONFIG_IP_NF_IRC=m CONFIG_IP_NF_NETBIOS_NS=m CONFIG_IP_NF_TFTP=m CONFIG_IP_NF_AMANDA=m CONFIG_IP_NF_PPTP=m CONFIG_IP_NF_H323=m CONFIG_IP_NF_SIP=m CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_IPRANGE=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_RECENT=m CONFIG_IP_NF_MATCH_ECN=m CONFIG_IP_NF_MATCH_DSCP=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_MATCH_OWNER=m CONFIG_IP_NF_MATCH_ADDRTYPE=m CONFIG_IP_NF_MATCH_HASHLIMIT=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_LOG=m CONFIG_IP_NF_TARGET_ULOG=m CONFIG_IP_NF_TARGET_TCPMSS=m CONFIG_IP_NF_NAT=m CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_TARGET_SAME=m CONFIG_IP_NF_NAT_SNMP_BASIC=m CONFIG_IP_NF_NAT_IRC=m CONFIG_IP_NF_NAT_FTP=m CONFIG_IP_NF_NAT_TFTP=m CONFIG_IP_NF_NAT_AMANDA=m CONFIG_IP_NF_NAT_PPTP=m CONFIG_IP_NF_NAT_H323=m CONFIG_IP_NF_NAT_SIP=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_DSCP=m CONFIG_IP_NF_TARGET_TTL=m CONFIG_IP_NF_TARGET_CLUSTERIP=m CONFIG_IP_NF_RAW=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m CONFIG_IP6_NF_QUEUE=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_RT=m CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_FRAG=m CONFIG_IP6_NF_MATCH_HL=m CONFIG_IP6_NF_MATCH_OWNER=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_LOG=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_RAW=m CONFIG_BRIDGE_NF_EBTABLES=m [root@boot]#

[root@boot]# uname -a

Linux 2.6.18-194.el5PAE #1 SMP Tue Mar 16 22:00:21 EDT 2010 i686 i686 i386 GNU/Linux [root@boot]#

sam
  • 1
  • 3

1 Answers1

1

I believe the answer is to compile the ipv6 conntrack modules yourself, since they aren't included in the standard RHEL 5 kernels. Your other choice is to leave the firewall pretty wide open so that you can get the IPv6 traffic out which is probably a bad idea but may be acceptable in certain circumstances.

Another workaround would be to use a local web proxy so that at least your web traffic can go out over IPv6. The trouble then is finding one which supports IPv6 well.

WheresAlice
  • 5,530
  • 2
  • 24
  • 20