Bug 55701 - ipchains did not start
ipchains did not start
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: ipchains (Show other bugs)
7.2
i586 Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-11-05 06:03 EST by Michal Vymazal
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-11-05 09:17:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Vymazal 2001-11-05 06:03:25 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:0.9.4) Gecko/20010913

Description of problem:
The script /etc/init.d/ipchains (parameter start) will not run ipchains
(the script will not realize   modprobe ipchains).
Iptables is not running and not in memory.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Mark ipchains in the setup script for start (runlevel 3)
2. Unmark iptables in the same runlevel.
3. After reload system (init 6) type in console ipchains -L
4. Module ipchains is not loaded in memory and You will obtain message as "
Not supported by kernel". After command   modprobe ipchains , the module is
loaded and ipchains will be ok.
	

Actual Results:  I have to start ipchains in /etc/rc.d/rc.local   with
command  modprobe ipchains.

Expected Results:  I think, that the problem is in the script
/etc/init./ipchains, which will not provide   modprobe ipchains.

Additional info:
Comment 1 Mike A. Harris 2001-11-05 06:10:23 EST
Did you configure a firewall during installation?  If not, did you
configure one using lokkit or firewall-config after installation?

Also, can you provide the output of the following:  uname -a
Comment 2 Michal Vymazal 2001-11-05 09:15:36 EST
No, i didn't configured the RedHat firewall. I'm using my own ipchains script.
None of lokkit or firewall-config used.

[root@michal root]# uname -a
Linux michal 2.4.9-7 #1 Thu Oct 18 13:42:17 EDT 2001 i586 unknown

I have upgrade of the kernel package to 2.4.9-7, but was the same with kernel
2.4.7 from the distribution cd.
Comment 3 Mike A. Harris 2001-11-05 09:29:13 EST
The ipchains initscript is intended for usage only with the supplied
firewall configuration utilities.  It is not easily possible for
it to work with arbitrary firewall scripts.  The reason for this is
that we have two separate firewall possibilities.  ipchains, and
iptables.

Only one of the two can be used.  If a user chooses to use ipchains,
and enables an ipchains firewall and the initscript, then iptables
will be nonfunctional.  The reverse is true also.

The initscripts are written to detect these conflicts and handle
them gracefully.  This still left one problem.  If a user has
enabled either the ipchains or iptables initscript, but does not
use the Red Hat supplied firewall configuration tools, what would
occur, is the first firewall initscript would load the given
firewall support, precluding the usage of the other.  For example,
if you enabled ipchains initscript and the iptables initscript in
ntsysv, but did not use the Red Hat tools, and instead tried to
use iptables - it would not work because ipchains module would
have loaded.

That problem was solved by having our initscripts detect a configured
firewall first, prior to loading any modules.  So if a user has
configured ipchains firewall, load ipchains module, and enable the
firewall rules.  Alternatively, if a user has configured an iptables
firewall, load iptables support, and enable the rules.

The condition of a user written firewall script however, leaves room
for a thousand possiblilities none of which are easily detectable.

So, if you are using a custom made ipchains or iptables firewall,
the Red Hat supplied ipchains and/or iptables scripts should both
be disabled in ntsysv.  Your firewall script will have to load
the appropriate kernel modules as necessary.  Alternatively, you can
use the Red Hat supplied firewall configuration tools.

I hope this helps.
Comment 4 Michal Vymazal 2001-11-05 10:36:20 EST
This is not solution of the problem. The problem is in the script
/etc/init.d/ipchains , which have test (if) for start the command  modprobe
ipchains. And this test not works good. Thats all. In Red Hat 7.1 this test was
successfull. In Red Hat 7.2 sometimes not.
Comment 5 Michal Vymazal 2001-11-20 19:51:03 EST
No, the problem is somewhere in the kernel. The script /etc/init.d/ipchains
works good with the kernel 2.4.7-10.rpm from the distribution RH 7.2. When I
update to the kernel-2.4.9-13 (rpm too, athlon version) from the rh 7.2 updates,
the script /etc/init.d/ipchains will not load the ipchains module.

Note You need to log in before you can comment on or make changes to this bug.