IPTables Debian 4 Xen VPS

When navigating to Networking->Firewall I get…

An error occured when checking your current IPtables configuration : FATAL: Could not load /lib/modules/2.6.18-4-xen-686/modules.dep: No such file or directory iptables v1.3.6: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. This may indicate that your kernel does not support IPtables.

I seem to remember a problem running iptables on a Xen VPS and ran across a suggested fix, but I don’t want to experiment with iptables and accidently disable remote access!

Lastly, do I need a firewall running if a NMAP port scan only shows ports that I want open?

I ran into the same problem with my self-made 64-bit Etch slice (before they were available). I think I have the solution, so I'll post it here in case it's of use to somebody. Also, if someone notices something I should have done differently, please speak up.

The modules for the Xen kernel can be downloaded from the xensource website as part of their main Xen tarball. The download page is here:
http://www.xensource.com/download/dl_303tarballs.html

These instructions are for 64-bit. I presume Slicehost’s 32-bit Sarge images used a 32-bit kernel; if so, get the modules from the 32-bit tarball instead.

  1. wget http://bits.xensource.com/oss-xen/release/3.0.3-0/bin.tgz/xen-3.0.3_0-install-x86_64.tgz
  2. tar zxf xen-3.0.3_0-install-x86_64.tgz
  3. zcat /proc/config.gz > my-config # just to verify
  4. diff my-config dist/install/boot/config-2.6.16.29-xen # there should be no differences
  5. mv dist/install/lib/modules/2.6.16.29-xen/ /lib/modules/
  6. update-modules
  7. iptables -L # this should work now
<br><br>Post edited by: JimJenkins, at: 2008/01/17 18:18