Red Hat Bugzilla – Bug 55701
ipchains did not start
Last modified: 2008-05-01 11:38:01 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:0.9.4) Gecko/20010913
Description of problem:
The script /etc/init.d/ipchains (parameter start) will not run ipchains
(the script will not realize modprobe ipchains).
Iptables is not running and not in memory.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Mark ipchains in the setup script for start (runlevel 3)
2. Unmark iptables in the same runlevel.
3. After reload system (init 6) type in console ipchains -L
4. Module ipchains is not loaded in memory and You will obtain message as "
Not supported by kernel". After command modprobe ipchains , the module is
loaded and ipchains will be ok.
Actual Results: I have to start ipchains in /etc/rc.d/rc.local with
command modprobe ipchains.
Expected Results: I think, that the problem is in the script
/etc/init./ipchains, which will not provide modprobe ipchains.
Did you configure a firewall during installation? If not, did you
configure one using lokkit or firewall-config after installation?
Also, can you provide the output of the following: uname -a
No, i didn't configured the RedHat firewall. I'm using my own ipchains script.
None of lokkit or firewall-config used.
[root@michal root]# uname -a
Linux michal 2.4.9-7 #1 Thu Oct 18 13:42:17 EDT 2001 i586 unknown
I have upgrade of the kernel package to 2.4.9-7, but was the same with kernel
2.4.7 from the distribution cd.
The ipchains initscript is intended for usage only with the supplied
firewall configuration utilities. It is not easily possible for
it to work with arbitrary firewall scripts. The reason for this is
that we have two separate firewall possibilities. ipchains, and
Only one of the two can be used. If a user chooses to use ipchains,
and enables an ipchains firewall and the initscript, then iptables
will be nonfunctional. The reverse is true also.
The initscripts are written to detect these conflicts and handle
them gracefully. This still left one problem. If a user has
enabled either the ipchains or iptables initscript, but does not
use the Red Hat supplied firewall configuration tools, what would
occur, is the first firewall initscript would load the given
firewall support, precluding the usage of the other. For example,
if you enabled ipchains initscript and the iptables initscript in
ntsysv, but did not use the Red Hat tools, and instead tried to
use iptables - it would not work because ipchains module would
That problem was solved by having our initscripts detect a configured
firewall first, prior to loading any modules. So if a user has
configured ipchains firewall, load ipchains module, and enable the
firewall rules. Alternatively, if a user has configured an iptables
firewall, load iptables support, and enable the rules.
The condition of a user written firewall script however, leaves room
for a thousand possiblilities none of which are easily detectable.
So, if you are using a custom made ipchains or iptables firewall,
the Red Hat supplied ipchains and/or iptables scripts should both
be disabled in ntsysv. Your firewall script will have to load
the appropriate kernel modules as necessary. Alternatively, you can
use the Red Hat supplied firewall configuration tools.
I hope this helps.
This is not solution of the problem. The problem is in the script
/etc/init.d/ipchains , which have test (if) for start the command modprobe
ipchains. And this test not works good. Thats all. In Red Hat 7.1 this test was
successfull. In Red Hat 7.2 sometimes not.
No, the problem is somewhere in the kernel. The script /etc/init.d/ipchains
works good with the kernel 2.4.7-10.rpm from the distribution RH 7.2. When I
update to the kernel-2.4.9-13 (rpm too, athlon version) from the rh 7.2 updates,
the script /etc/init.d/ipchains will not load the ipchains module.