Bug 112213 - Iptable script unable to load relevant 2.6 modules
Iptable script unable to load relevant 2.6 modules
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: iptables (Show other bugs)
1.0
All Linux
high Severity high
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-16 05:44 EST by Nicolas Mailhot
Modified: 2005-10-31 17:00 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-06-09 11:15:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
/etc/sysconfig/iptables (5.56 KB, text/plain)
2003-12-16 05:45 EST, Nicolas Mailhot
no flags Details
sh -x /etc/init.d/iptables start > /tmp/iplog 2>&1 (2.20 KB, text/plain)
2003-12-17 08:13 EST, Nicolas Mailhot
no flags Details

  None (edit)
Description Nicolas Mailhot 2003-12-16 05:44:02 EST
After switching to 2.6 rawhide kernel my station lost its firewall. It
seems the iptables script no longuer loads the kernel modules it needs
to work, and as a result it fails.

This is a major showstopper and means rawhide can not be tested on an
insecure network.
Comment 1 Nicolas Mailhot 2003-12-16 05:45:07 EST
Created attachment 96551 [details]
/etc/sysconfig/iptables
Comment 2 Nicolas Mailhot 2003-12-16 05:45:44 EST
[nim@ulysse nim]$ rpm -q kernel
kernel-2.6.0-0.test11.1.13
[nim@ulysse nim]$ rpm -q iptables
iptables-1.2.8-13
Comment 3 Thomas Woerner 2003-12-17 07:46:37 EST
What kind of error occurs?
Can you attach the output of 'sh -x /etc/init.d/iptables start', please?
Comment 4 Nicolas Mailhot 2003-12-17 08:13:06 EST
Created attachment 96583 [details]
sh -x /etc/init.d/iptables start > /tmp/iplog 2>&1
Comment 5 Thomas Woerner 2003-12-17 08:26:46 EST
The iptables rules file that you atteched only has 138 lines and the
error occurs in line 142.

Can you please search for the line, that is not working? You can do
this by calling iptables line by line.
Comment 6 Nicolas Mailhot 2003-12-17 08:37:33 EST
Sorry, I removed the
-->%
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
-->%
header from the attachement.
With it the rules have exactly 142 lines.
(worked as-is with a 2.4 kernel, never put any iptable module
definitions anywhere)
Comment 7 Thomas Woerner 2004-02-02 05:52:19 EST
Can you reproduce ths error with a newer 2.6 kernel?
Comment 8 Nicolas Mailhot 2004-02-02 07:57:59 EST
Unfortunately, yes :

[root@ulysse root]# uname -a
Linux ulysse 2.6.1-1.65 #1 Fri Jan 30 17:28:54 EST 2004 i686 i686 i386
GNU/Linux

[root@ulysse root]# /etc/init.d/iptables restart
Suppression des règles de pare-feu :                       [  OK  ]
Configuration des chaînes sur la politique ACCEPT :filter  [  OK  ]
Déchargement des modules iptables :                        [  OK  ]
Application des règles de pare-feu iptables :iptables-restore: line
138 failed
                                                           [ÉCHOUÉ]
[root@ulysse root]# /sbin/lsmod
Module                  Size  Used by
iptable_filter          2816  0
ip_tables              17280  1 iptable_filter
snd_mixer_oss          18304  1
snd_cmipci             40760  1
snd_pcm               111880  1 snd_cmipci
snd_page_alloc         11652  1 snd_pcm
snd_opl3_lib           12672  1 snd_cmipci
snd_timer              32388  2 snd_pcm,snd_opl3_lib
snd_hwdep               9604  1 snd_opl3_lib
snd_mpu401_uart         9984  1 snd_cmipci
snd_rawmidi            28832  1 snd_mpu401_uart
snd_seq_device          8328  2 snd_opl3_lib,snd_rawmidi
snd                    55012  9
snd_mixer_oss,snd_cmipci,snd_pcm,snd_opl3_lib,snd_timer,snd_hwdep,snd_mpu401_uart,snd_rawmidi,snd_seq_device
soundcore              10720  2 snd
mga                   112044  2
md5                     4224  1
ipv6                  263552  10
parport_pc             39724  0
lp                     12652  0
parport                47336  2 parport_pc,lp
nfs                   165180  54
lockd                  62152  2 nfs
sunrpc                157768  112 nfs,lockd
3c59x                  39848  0
microcode               7200  0
hid                    58176  0
uhci_hcd               42896  0
usbcore               119388  4 hid,uhci_hcd
thermal                13200  0
processor              13988  1 thermal
fan                     4108  0
button                  6168  0
battery                 8972  0
asus_acpi               9368  0
ac                      4876  0
ext3                  128424  1
jbd                    86040  1 ext3
raid1                  21120  1
Comment 9 Nicolas Mailhot 2004-06-09 11:15:12 EDT
Fixed now
The only remining sore point is contrack_ftp, but I "solved" it by
putting it in the nat modules placeholder

Note You need to log in before you can comment on or make changes to this bug.