Rock960 Ubuntu firewall

kire88 · September 6, 2018, 9:22am

Hi all,
I just bought this board for testing purposes and started playing with the Ubuntu image.
When I started looking at the firewall, for example trying the command sudo iptables -L to get the list of rules, I got the following exception

modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.4.103/modules.dep.bin'
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.4.103
iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Does anyone did some testing with the firewall?
What can I do in order to have it working? I’ve tried to see if there are available modules with asmod, but there are any.

Best regards,
Matteo

dilshan · December 17, 2018, 1:12am

Got same issue with Debian. We got this issue when we try to install AWS GreenGrass core into this devboard. Any updates on this issue?

hectorm · December 17, 2018, 7:28pm

The error is due to the fact that the kernel does not have the necessary modules to use iptables. You need to compile the kernel with the required modules. This guide will help you.

I made some build scripts for my ROCK960 Model C and although I may include more modules and patches than you need (I use Docker and WireGuard), I think it might help you too.

hipboi · December 18, 2018, 2:00pm

I think we have fixed this in the new released image, can you test it?

Debian stretch desktop:

https://dl.vamrs.com/products/rock960/images/debian/rock960ab-debian-stretch-desktop-armhf-20181218_2036-gpt.img.gz

Ubuntu bionic minial:

https://dl.vamrs.com/products/rock960/images/ubuntu/rock960ab-ubuntu-bionic-minimal-arm64-20181218_2036-gpt.img.gz

A lot of modules are now built into the kernel deb package, just modprobe ip_tables to use it.

dilshan · December 20, 2018, 6:31am

Thanks @hipboi and @hectorm now issue is resolved.

Hiro · February 28, 2019, 3:41pm

Please help me.

I also tried updating the kernel to solve the same problem as this topic

I try " Build & Update Linux kernel on Rock960".
but It does not work.

I changed the following
wget releases.linaro.org/components/toolchain/binaries/latest/aarch64-linux-gnu/gcc--x86_64_aarch64-linux-gnu.tar.xz
↓
wget releases.linaro.org/components/toolchain/binaries/latest-7/aarch64-linux-gnu/gcc--x86_64_aarch64-linux-gnu.tar.xz
(latest→latest-7)

export CROSS_COMPILE=/aarch64-linux-gnu-gcc-
↓
export CROSS_COMPILE=/aarch64-linux-gnu-

cd …/…/build
↓
cd …/…

I succeeded make boot.img.No Error.
I succeeded flash image
rkdeveloptool wl 32768 boot.img

but I try
rkdeveloptool rd
rock960 is not start.

I retry flush old boot.img.I succeeded to start rock960.

Was there a mistake in the procedure I changed?

hipboi · February 27, 2019, 1:23am

You can try to check if boot.img is the right format.

file boot.img
sudo mount boot.img /mnt
ls /mnt

You should see the kernel and dtb files in /mnt

Hiro · February 27, 2019, 11:16am

I try it.
I can see
Image
rock960-model-ab-linux.dtb
extlinux/extlinux.conf

hipboi · February 27, 2019, 11:48am

The files should be right. What extlinux/extlinux.conf shows? You can compare not working one extlinux/extlinux.conf with the working extlinux/extlinux.conf

Hiro · February 27, 2019, 12:40pm

Thank you.but it does not work.

I change follow it. fixed dtb file name
and flush image and I can start my rock960

new file
label kernel-4.4
kernel /Image
fdt /rk3399-sapphire-excavator-linux.dtb
append earlyprintk console=ttyFIQ0,1500000n8 rw root=PARTUUID=b921b045-1d rootfstype=ext4 init=/sbin/init rootwait

old
label kernel-4.4
kernel /Image
fdt /rock960-model-ab-linux.dtb
append earlyprintk console=ttyFIQ0,1500000n8 rw root=PARTUUID=b921b045-1d rootfstype=ext4 init=/sbin/init rootwait

but I can not solve modprove Error.
I try “uname -r”
4.4.103

I will review the work of my build again

Hiro · February 28, 2019, 3:41pm

I try Update Linux kernel

-----start-----
wget releases.linaro.org/components/toolchain/binaries/7.4-2019.02/aarch64-linux-gnu/gcc--x86_64_aarch64-linux-gnu.tar.xz
tar -xf gcc--x86_64_aarch64-linux-gnu.tar.xz -C ./toolchain --strip-components=1
git clone https://github.com/96rocks/kernel.git
cd kernel
git checkout -t origin/rock960-4.4-dev
export ARCH=arm64
export CROSS_COMPILE=/aarch64-linux-gnu-
make rockchip_linux_defconfig
make Image dtbs -j$(nproc)
-----end-----

it was suceed.
but I can not my probrem.
I try “sudo iptables -L” on my Rock960
then “modprobe: ERROR”

Is the download URL incorrect?

hipboi · February 28, 2019, 11:26am

If you want to use iptables, you can just write the new images:

Debian stretch desktop:

https://dl.vamrs.com/products/rock960/images/debian/rock960ab-debian-stretch-desktop-armhf-20181218_2036-gpt.img.gz

Ubuntu bionic minial:

https://dl.vamrs.com/products/rock960/images/ubuntu/rock960ab-ubuntu-bionic-minimal-arm64-20181218_2036-gpt.img.gz

A lot of modules are now built into the kernel deb package, just modprobe ip_tables to use it.

If you want to build the kernel, you should follow this:

github.com

96boards/documentation/blob/master/consumer/rock/build/linux-kernel.md

---
title: Build & Update Linux kernel on Rock960
permalink: /documentation/consumer/rock/build/linux-kernel.md.html
---

# Build & Update Linux kernel on Rock960

This page provides the instructions for building and deploying linux
kernel on Rock960 from x86 host machine.

## Prerequisites:
- A host machine with relevant OS to install cross compiler and packages (Preferrably Ubuntu/Debian)
- Rock960 Model AB/C

## Download GNU cross-toolchain binaries

You need to download the correct GCC toolchain on your host depending the
architecture. Usually host is a standard Intel x86-64 computer, target is
the Rock960 which is AARCH64. <a href="https://www.linaro.org/downloads"> Linaro </a>  provides linux host binaries.
```shell

This file has been truncated. show original

Hiro · March 3, 2019, 10:35pm

Thanks hipboi

I created the kernel as below.
(It ran on Ubuntu 16.04)

mkdir toolchain
wget releases.linaro．org/components/toolchain/binaries/7.4-2019.02/aarch64-linux-gnu/gcc--x86_64_aarch64-linux-gnu.tar.xz
tar -xf gcc--x86_64_aarch64-linux-gnu.tar.xz -C ./toolchain --strip-components=1
git clone https：//github．com/96rocks/kernel.git
cd kernel/
git checkout -t origin/rock960-4.4-dev
export ARCH=arm64
export CROSS_COMPILE=/home/parallels/rock960/testDir/toolchain/bin/aarch64-linux-gnu-
make rockchip_linux_defconfig
make Image dtbs -j$(nproc)

It was success.
I get “arch/arm64/boot/Image”,“arch/arm64/boot/dts/rockchip/rock960-model-ab-linux.dtb”
And,I built it as follows.

git clone https：//github．com/96rocks/build.git
edit build/extlinux/rk3399.conf
*rk3399-sapphire-excavator-linux.dtb→rock960-model-ab-linux.dtb
mkdir out && cd out
mkdir kernel && cd kernel
cd …/…
./build/mk-image.sh -c rk3399 -t boot

It was success.
I get " boot.img",and I use rkdeveloptool

rkdeveloptool wl 32768 boot.img

It was success.
I could run my rock960.

but,I can’t use iptables.
I run in my rock960.

uname -r

4.4.103

This version seems to be the same as before the kernel change.
So far is that the kernel that responded to this problem is not released.

If you have a kernel that addresses this problem, I’d like to challenge, but I will give up if there is not.

Hiro · March 7, 2019, 9:39pm

I will report it as the problem is resolved.
Iuse

I had probrem.
It was nmcli was not work.

but,I run

sudo touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf
It was clear.

II referred to the following.

Thank you for your cooperation.

StupidCamel · July 6, 2019, 2:52am

i write the new ubuntu image, when i trying the command sudo modprobe ip_tables to use iptables, i got an error modprobe: command not found.
i could not find modprobe and depmod in /sbin, and kmod in /bin

hipboi · July 8, 2019, 6:35am

try:

sudo apt-get install kmod

first.