From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90; KPELECT6) <-- this is the workstation not the server! ;) Description of problem: Every now and again, iptables fails to load up, with my script reporting 'Nat table not found, maybe you need to insmod'. Under /proc/net/ip_table_names it only holds mangle and filter, whereas it should hold nat,mangle and filter. I have tried insmod, rmmod and modprobe (not in that order, but I have removed and installed many modules) and the nat module keeps coming back with a page of errors. Sorry, I can not reproduce this error/bug. But to restore my system, I need to reboot. Does anyone know of a workaround/patch? I can keep rebooting all the time, it just ain't feasible. Version-Release number of selected component (if applicable): iptables-1.2.8 How reproducible: Couldn't Reproduce Additional info:
Which iptables and kernel version are you using? Can you send me your /etc/sysconfig/iptables?
IPTables version 1.2.8 Kernel 2.4.20-20 I can't send /etc/sysconfig/iptables cos I ain't using that, I have my own custom script that kicks in after /etc/init.d/iptables. And noooo it ain't my script, that I am confident in, cos it doesn't the nat table loaded (which is need before my script). My script is just calling for the 'Nat' table
I need more information: - which iptables (full version string) - which kernel (full version string) - a test case
Created attachment 94559 [details] IPTables config file from RedHat 7.3 This is a config file that was known to be working until upgrading to IPTables 1.2.8 and kernel 2.4.20
I've had the exact same problems on my system. Rebooting works, but restarting the iptables service does not. Previously, the iptables init.d script did not unload and load the iptables modules. A quick solution would be to modify the script to leave the modules alone. I've attached a working iptables config file that no longer works with the iptables 1.2.8 + kernel 2.4.20 combination.
Linux kernel 2.4.20-20.7 IPTables 1.2.8 That is all the information I have ... I cannot repeat the problem so I don't have a test case ... I just know since the updating it has failed a few times ... I tried re-loading the modules but that seems to produce error messages as if the modules don't work, maybe?
I have the same problems on my system and can reproduce it. Versions: RedHat 7.1 iptables-1.2.8-8.72.3 kernel-2.4.20-20.7 Additional modules loaded: ip_conntrack_ftp ip_nat_ftp (in that order) After a fresh restart of the system there is no problem doing a "service iptables restart". The problem starts when a client on the network starts an ftp session towards the internet. Both passive and active sessions trigger the problem. "service iptables restart" will get stuck. ps -aux indicates that the system is very busy with: modprobe -r ip_conntrack_ftp It indicates that about 98% CPU is used. I certainly hope that this problem can be solved. It is unclear to me if other vulnaribilities are present when someone has used ftp. Anyway iptables and/or the kernel seem to have a problem.
Additional detail: Without the modules ip_conntrack_ftp ip_nat_ftp loaded there is no problem.
*** This bug has been marked as a duplicate of 103177 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.