View previous topic :: View next topic |
Author |
Message |
PaulSorensen Tux's lil' helper
Joined: 15 Apr 2004 Posts: 80 Location: Chicago, USA
|
Posted: Wed Feb 07, 2007 9:52 pm Post subject: iptables issues after upgrade to gentoo-sources-2.20 |
|
|
I upgraded to the latest kernel today (and have the latest iptables tools version 1.3.7).
Now when I boot, I get the following errors when /etc/init.d/iptables tries to start:
Code: |
* Loading iptables state and starting firewall ...
FATAL: Module ip_tables not found.
iptables-restore v1.3.7: iptables-restore: unable to initializetable 'nat'
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information. |
Now, I have ip_tables compiled into the kernel and the .config was created by applying "make oldconfig" to the previous kernel config (where iptables was fine).
Any ideas?
Thanks
Paul |
|
Back to top |
|
|
madisonicus Veteran
Joined: 20 Sep 2006 Posts: 1130
|
Posted: Wed Feb 07, 2007 11:41 pm Post subject: |
|
|
There were a bunch of additions to netfilter in the 2.6.20 kernel including a change to NAT support. Might double check to be sure some of your options didn't move around.
HTH,
m _________________ Please add [SOLVED] to your message title if you feel that your question has been answered.
------
Intel Q9300 Core2 Quad * Gigabyte GA-EP35C-DS3R
Samsung x360
AMD64 x2 4200+ * TF7050-M2 * HTPC
ZOTAC ION A-U Mini-ITX * HTPC |
|
Back to top |
|
|
Draco-LVNH n00b
Joined: 07 Dec 2005 Posts: 30 Location: Mexico, Michoacan, Morelia
|
Posted: Thu Feb 08, 2007 5:45 am Post subject: |
|
|
i have some problems too, i use shorewall ( iptables interface ) and with 2.6.19 it was going all right, but when i updated to 2.6.20 ( gentoo-sources both ) iptables started to mark an error like the one on https://forums.gentoo.org/viewtopic-t-535674-highlight-chain+target+match.html, so i did what that forum says and it changed the error, now is another that i cannot find ... this is what happend...
Code: |
[23:32] Ragnarok vhosts.d # Servicios.sh shorewall start
* Starting firewall ...
iptables: Invalid argument
ERROR: Command "/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT" Failed
iptables: Invalid argument
iptables: Invalid argument
/sbin/shorewall: line 529: 1474 Terminated ${VARDIR}/.start $debugging start [ !! ]
|
now i am just hopping to see a fix in bugs or portage |
|
Back to top |
|
|
gami Apprentice
Joined: 02 Jun 2006 Posts: 297
|
Posted: Thu Feb 08, 2007 7:00 am Post subject: |
|
|
I had the same problem, too. Connection tracking was not fully enabled after upgrading with a 2.6.19 config file as a base. In menuconfig I checked all the visible related entries to no avail. However, looking at the raw /usr/src/linux/.config file I noticed that CONFIG_NF_CONNTRACK_IPV4 and CONFIG_NF_CONNTRACK_IPV6 (for those who need IP6) wasn't set. I edited the .config file and reran make menuconfig. This time the appropriate entries were visible and the kernel later built with connection tracking enabled. Look at this thread on the kernel mailing list for details and how pleased Linus is with the situation |
|
Back to top |
|
|
Draco-LVNH n00b
Joined: 07 Dec 2005 Posts: 30 Location: Mexico, Michoacan, Morelia
|
Posted: Thu Feb 08, 2007 10:07 pm Post subject: |
|
|
Thank you very much, i have that disabled, so i turned it on for recompiling the Kernel a little more late |
|
Back to top |
|
|
Draco-LVNH n00b
Joined: 07 Dec 2005 Posts: 30 Location: Mexico, Michoacan, Morelia
|
Posted: Thu Feb 08, 2007 10:24 pm Post subject: |
|
|
Thank you again, it worked... i just compiled the module, and now shorewall works again, have a good day |
|
Back to top |
|
|
Paczesiowa Guru
Joined: 06 Mar 2006 Posts: 593 Location: Oborniki Śląskie, Poland
|
Posted: Fri Feb 09, 2007 5:08 pm Post subject: |
|
|
is it just me, or there is no layer7 option in kernel config? (I reemerged l7-filter afetr new kernel) |
|
Back to top |
|
|
PaulSorensen Tux's lil' helper
Joined: 15 Apr 2004 Posts: 80 Location: Chicago, USA
|
Posted: Fri Feb 09, 2007 5:35 pm Post subject: I'll give it a try |
|
|
I'll give it a try tonight - and mark [SOLVED] if it works - thanks for the help! |
|
Back to top |
|
|
karafeka Tux's lil' helper
Joined: 02 Aug 2004 Posts: 89
|
Posted: Sun Apr 01, 2007 3:21 pm Post subject: |
|
|
Paczesiowa wrote: | is it just me, or there is no layer7 option in kernel config? (I reemerged l7-filter afetr new kernel) |
There is no support for l7-filter in 2.6.20 and 21, yet.
On l7-filter milling list is a patch, but it is not working. |
|
Back to top |
|
|
tnt Veteran
Joined: 27 Feb 2004 Posts: 1222
|
|
Back to top |
|
|
jcat Veteran
Joined: 26 May 2006 Posts: 1337
|
Posted: Thu Jun 28, 2007 3:38 pm Post subject: |
|
|
Excellent. This sorted my issues as well!
Cheers,
jcat |
|
Back to top |
|
|
|