124987 – iptables fails to restart- failure to insert module ipt_state.o

Bug 124987 - iptables fails to restart- failure to insert module ipt_state.o

Summary: iptables fails to restart- failure to insert module ipt_state.o

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	3.0
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	David Miller
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-06-01 19:43 UTC by Xander D Harkness
Modified:	2016-06-07 22:44 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-10-19 19:25:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Xander D Harkness 2004-06-01 19:43:48 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b)
Gecko/20040421

Description of problem:
After a period of time it becomes impossible to restart iptables.  I
receive a series of errors, it seems to stem from the failure to
remove the ip_conntrack module.

Version-Release number of selected component (if applicable):
iptables-1.2.8-12.3 kernel-2.4.21-15.EL

How reproducible:
Sometimes

Steps to Reproduce:
1.Leave server up for a period of time (I encountered it this time
after 45 days uptime)
2.run server with a series of iptables rules
3.run service iptables restart
    

Actual Results:  service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [FAILED]
Applying iptables firewall rules: iptables-restore: line 19 failed
                                                           [FAILED]


###################################


Jun  1 18:58:37 burrow iptables:  succeeded
Jun  1 18:58:38 burrow iptables:  failed
Jun  1 18:58:38 burrow kernel: ip_tables: (C) 2000-2002 Netfilter core
team
Jun  1 18:58:39 burrow insmod:
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o:
insmod ipt_state failed
Jun  1 18:58:39 burrow iptables:  failed


######################################


modprobe ipt_state
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o:
unresolved symbol ip_conntrack_get_Ra6f02512
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o:
unresolved symbol ip_conntrack_module_Rb0361033
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o:
insmod
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o failed
/lib/modules/2.4.21-9.0.3.EL/kernel/net/ipv4/netfilter/ipt_state.o:
insmod ipt_state failed


Expected Results:  iptables modules should be reloaded cleanly and the
firewall restarted

Additional info:

lsmod output:

Module                  Size  Used by    Not tainted
iptable_filter          2412   0  (autoclean) (unused)
ip_tables              15776   1  [iptable_filter]
ip_conntrack               0   0  (deleted)
cls_route               5400   0  (unused)
cls_u32                 6268   0
cls_fw                  3512   0  (unused)
sch_prio                3936   0  (unused)
sch_sfq                 4128   0  (unused)
sch_tbf                 4288   0
sch_cbq                14880   0
autofs                 13204   0  (autoclean) (unused)
ne2k-pci                7072   1
8390                    8064   0  [ne2k-pci]
crc32                   3712   0  [8390]
3c59x                  29616   1
natsemi                19040   1
ipv6                  221344  -1
floppy                 56592   0  (autoclean)
sg                     36140   0  (autoclean) (unused)
scsi_mod              103464   1  (autoclean) [sg]
loop                   11928   0  (autoclean)
lvm-mod                64224   0
keybdev                 2976   0  (unused)
mousedev                5492   0  (unused)
hid                    22084   0  (unused)
input                   5856   0  [keybdev mousedev hid]
usb-uhci               25836   0  (unused)
usbcore                77152   1  [hid usb-uhci]
ext3                   85704   4
jbd                    50572   4  [ext3]

Comment 1 Thomas Woerner 2004-06-02 08:10:07 UTC

This is a kernel netfilter problem. Assigning to kernel.

Comment 2 Greg Bailey 2005-09-17 05:38:26 UTC

I also encounter this bug.  In attempting to reproduce, I stumbled upon a way to
oops the kernel by unloading and reloading iptables modules.  I've opened a
bugzilla entry against the kernel at:

http://bugzilla.kernel.org/show_bug.cgi?id=5248

Don't know for sure if it's the same issue or not, but I've definitely seen this
too...

Comment 3 Greg Bailey 2005-09-20 18:47:49 UTC

A workaround for this appears to be:

service network restart

Seems to free up whatever the modprobe is waiting on...

Comment 4 RHEL Program Management 2007-10-19 19:25:08 UTC

This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.