The officially official Devuan Forum!

You are not logged in.

#1 2020-09-29 20:53:11

bbatten
Member
Registered: 2017-07-02
Posts: 54  

arptables

I am using iptables-legacy. From the installation procedure output:

iptables (1.8.1-1) unstable; urgency=medium

    By default, this package will try to use the nf_tables kernel backend
    instead of the xtables one. Please, read more about this in
    /usr/share/doc/iptables/README.Debian, including details about the new
    update-alternatives configuration possibilities.
    This is a major update on the way iptables works and may have severe impact
    in running systems which are upgrading between Debian versions.
    The arptables and ebtables binaries are also affected, and those packages
    will be updated soon as well.

-- Arturo Borrero Gonzalez <arturo@debian.org>  Wed,  24 Oct 2018 14:00:00 +0200

Bottom line is I'm screwed. My iptables setup no longer works.

Is it safe to use the Debian arptables and ebtables packages? the README.debian says arptables-legacy and ebtables-legacy are in the Debian packages.

Thanks,

Offline

#2 2020-09-30 16:38:45

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: arptables

Have you tried

# apt install {eb,arp}tables
# update-alternatives --set arptables /usr/sbin/arptables-legacy
# update-alternatives --set ebtables /usr/sbin/ebtables-legacy

Brianna Ghey — Rest In Power

Offline

#3 2020-09-30 21:20:03

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,253  

Re: arptables

You might also want to reinstall iptables without nftables; perhaps something like

# apt-get install --reinstall nftables- iptables

That should give you a set up that allows the "normal" iptables rules.

Online

#4 2020-10-01 06:09:52

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: arptables

^ Looks like the OP is already using the legacy iptables version.

And anyway there's no need to uninstall nftables:

# update-alternatives --set iptables /usr/sbin/iptables-legacy

Brianna Ghey — Rest In Power

Offline

#5 2020-10-01 10:38:43

xinomilo
Unknown
Registered: 2017-07-02
Posts: 315  

Re: arptables

Offline

#6 2020-10-04 21:31:57

bbatten
Member
Registered: 2017-07-02
Posts: 54  

Re: arptables

Thanks for the replies.
@ralph.ronnquist: I don't have nftables installed.
@Head_on_a_Stick: I installed ebtables and arptables, then updated etc-alternatives per your suggestion. No luck.

FWIW, while running on ascii, I did not have ebtables or arptables installed. Things worked just fine without them. I suspect that iptables-legacy for beowulf is not really bit-for-bit the same as the iptables available in ascii. Is there an "oldstable" for devuan that would allow me to purge beowulf iptables, arptables, and ebtables, then install the version of iptables available there?

Thanks,

Offline

#7 2020-10-04 22:33:00

GlennW
Member
From: Brisbane, Australia
Registered: 2019-07-18
Posts: 644  

Re: arptables

I've tried this, it's hectic! but only because I was trying to stick with iptables instead of ebtables, I don't know why really,

I just didn't want to change from iptables squid firewalled proxy server setup I'd been using for years.

I ended up changing my scripts to nftables, seems to work ok.

I used arch and gentoo help/wiki pages to work my way through the install and setup.

Last edited by GlennW (2020-10-04 22:33:23)


pic from 1993, new guitar day.

Offline

#8 2020-10-05 01:49:26

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,253  

Re: arptables

@bbatten: iptables on beowulf (or buster, really) doesn't require arptables or ebtables, but it recommends nftables.

Upon installation, it gets set up to use the iptables-nft alternative implementation and then it provides syntax transparency via /usr/sbin/xtables-nft-multi so as to use the "traditional" iptables rules language for manipulating and reviewing the rules.

It also gives you the option to change it to use the iptables-legacy implementation through update-alternatives.

Doesn't that work for you?

Online

#9 2020-10-06 18:56:06

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: arptables

bbatten wrote:

No luck.

That is not enough information for us to be able to help you — please post the relevant log entries that show the failures to which you allude.

Can we also see

update-alternatives --display iptables
iptables-save

Brianna Ghey — Rest In Power

Offline

Board footer