Bug 178962
| Summary: | iptables failing in the ROUTE target (missing libipt_ROUTE.so) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | João Mauricio de O. Alves <jmauricio> |
| Component: | kernel | Assignee: | Dave Jones <davej> |
| Status: | CLOSED UPSTREAM | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5 | CC: | pfrields, twoerner, wtogami |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-10-21 06:47:12 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
João Mauricio de O. Alves
2006-01-25 19:41:36 UTC
There is no ipt_ROUTE support in the kernel and in glibc-kernheaders. Assigning to kernel for now. Please assign to glibc-kernheaders as soon as ipt_ROUTE made it into the kernel. Just a note to perhaps help the original poster work around the issue. I've been patching ipt_ROUTE into iptables for a long time. Unfortunately, at least in the past, the iptables tarball did not include appropriate kernel headers. Some versions of the Fedora iptables SRPMs (e.g., iptables-1.3.2-1.src.rpm) have included the machinery necessary to bundle the header files in the SRPMS, and use those instead of glibc-kernheaders. By replacing the headers, e.g., netfilter-2.4.20.tar.gz, with a new set of headers such as netfilter-2.6.15.1.tar.gz generated from Patch-o-Matic, and, incidentally, adding -D__user= to the compilation options (OPT), the package should build. [My iptables-1.3.3 + kernel 2.6.12 package required changing u8,u16,u32 to their __u8,__u16,__u32 variants, but I recall seeing a patch go upstream to fix this.] Be sure to test the new package thoroughly, especially NAT and MANGLE behavior; I've had several problems with mismatched iptables/kernel interfaces. As I can see now, this is not a minor issue. I managed to workaround the problem with iproute2. I am still testing the general solution found at: http://lartc.org/howto/lartc.rpdb.html http://lartc.org/howto/lartc.rpdb.multiple-links.html But it seems to work and we have support for it in Fedora Core 4. As a suggestion, you could just put a note in the iptables man pages, informing the users the ROUTE target does not work. I spent some time to figure out that it was not related to some mistake I did, but some missing feature in the kernel. We can find many examples on the Internet, using the ROUTE target as a possible solution. But it is very hard to find a place informing that it is not available in the RedHat OSes (RHEL, FC). Thanks for the immediate response. This is a mass-update to all currently open kernel bugs. A new kernel update has been released (Version: 2.6.15-1.1830_FC4) based upon a new upstream kernel release. Please retest against this new kernel, as a large number of patches go into each upstream release, possibly including changes that may address this problem. This bug has been placed in NEEDINFO_REPORTER state. Due to the large volume of inactive bugs in bugzilla, if this bug is still in this state in two weeks time, it will be closed. Should this bug still be relevant after this period, the reporter can reopen the bug at any time. Any other users on the Cc: list of this bug can request that the bug be reopened by adding a comment to the bug. If this bug is a problem preventing you from installing the release this version is filed against, please see bug 169613. Thank you. The bug is still active, using the new kernel: uname -r 2.6.15-1.1830_FC4smp # iptables -t mangle -A POSTROUTING -s 10.10.20.3 -j ROUTE --gw 10.10.20.1 iptables v1.3.0: Unknown arg `--gw' Try `iptables -h' or 'iptables --help' for more information. ============================ However, we can workaround the problem using the following solution: http://lartc.org/howto/lartc.rpdb.html http://lartc.org/howto/lartc.rpdb.multiple-links.html http://lists.netfilter.org/pipermail/netfilter/2000-November/006089.html [This comment added as part of a mass-update to all open FC4 kernel bugs] FC4 has now transitioned to the Fedora legacy project, which will continue to release security related updates for the kernel. As this bug is not security related, it is unlikely to be fixed in an update for FC4, and has been migrated to FC5. Please retest with Fedora Core 5. Thank you. The problem is still active: # uname -r 2.6.17-1.2187_FC5smp # iptables -t mangle -A POSTROUTING -s 10.10.20.3 -j ROUTE --gw 10.10.20.1 iptables v1.3.5: Unknown arg `--gw' Try `iptables -h' or 'iptables --help' for more information. # rpm -qa | grep iptables iptables-1.3.5-1.2 A new kernel update has been released (Version: 2.6.18-1.2200.fc5) based upon a new upstream kernel release. Please retest against this new kernel, as a large number of patches go into each upstream release, possibly including changes that may address this problem. This bug has been placed in NEEDINFO state. Due to the large volume of inactive bugs in bugzilla, if this bug is still in this state in two weeks time, it will be closed. Should this bug still be relevant after this period, the reporter can reopen the bug at any time. Any other users on the Cc: list of this bug can request that the bug be reopened by adding a comment to the bug. In the last few updates, some users upgrading from FC4->FC5 have reported that installing a kernel update has left their systems unbootable. If you have been affected by this problem please check you only have one version of device-mapper & lvm2 installed. See bug 207474 for further details. If this bug is a problem preventing you from installing the release this version is filed against, please see bug 169613. If this bug has been fixed, but you are now experiencing a different problem, please file a separate bug for the new problem. Thank you. This needs to get upstream first. |