From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:0.9.4) Gecko/20010913 Description of problem: The script /etc/init.d/ipchains (parameter start) will not run ipchains (the script will not realize modprobe ipchains). Iptables is not running and not in memory. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Mark ipchains in the setup script for start (runlevel 3) 2. Unmark iptables in the same runlevel. 3. After reload system (init 6) type in console ipchains -L 4. Module ipchains is not loaded in memory and You will obtain message as " Not supported by kernel". After command modprobe ipchains , the module is loaded and ipchains will be ok. Actual Results: I have to start ipchains in /etc/rc.d/rc.local with command modprobe ipchains. Expected Results: I think, that the problem is in the script /etc/init./ipchains, which will not provide modprobe ipchains. Additional info:
Did you configure a firewall during installation? If not, did you configure one using lokkit or firewall-config after installation? Also, can you provide the output of the following: uname -a
No, i didn't configured the RedHat firewall. I'm using my own ipchains script. None of lokkit or firewall-config used. [root@michal root]# uname -a Linux michal 2.4.9-7 #1 Thu Oct 18 13:42:17 EDT 2001 i586 unknown I have upgrade of the kernel package to 2.4.9-7, but was the same with kernel 2.4.7 from the distribution cd.
The ipchains initscript is intended for usage only with the supplied firewall configuration utilities. It is not easily possible for it to work with arbitrary firewall scripts. The reason for this is that we have two separate firewall possibilities. ipchains, and iptables. Only one of the two can be used. If a user chooses to use ipchains, and enables an ipchains firewall and the initscript, then iptables will be nonfunctional. The reverse is true also. The initscripts are written to detect these conflicts and handle them gracefully. This still left one problem. If a user has enabled either the ipchains or iptables initscript, but does not use the Red Hat supplied firewall configuration tools, what would occur, is the first firewall initscript would load the given firewall support, precluding the usage of the other. For example, if you enabled ipchains initscript and the iptables initscript in ntsysv, but did not use the Red Hat tools, and instead tried to use iptables - it would not work because ipchains module would have loaded. That problem was solved by having our initscripts detect a configured firewall first, prior to loading any modules. So if a user has configured ipchains firewall, load ipchains module, and enable the firewall rules. Alternatively, if a user has configured an iptables firewall, load iptables support, and enable the rules. The condition of a user written firewall script however, leaves room for a thousand possiblilities none of which are easily detectable. So, if you are using a custom made ipchains or iptables firewall, the Red Hat supplied ipchains and/or iptables scripts should both be disabled in ntsysv. Your firewall script will have to load the appropriate kernel modules as necessary. Alternatively, you can use the Red Hat supplied firewall configuration tools. I hope this helps.
This is not solution of the problem. The problem is in the script /etc/init.d/ipchains , which have test (if) for start the command modprobe ipchains. And this test not works good. Thats all. In Red Hat 7.1 this test was successfull. In Red Hat 7.2 sometimes not.
No, the problem is somewhere in the kernel. The script /etc/init.d/ipchains works good with the kernel 2.4.7-10.rpm from the distribution RH 7.2. When I update to the kernel-2.4.9-13 (rpm too, athlon version) from the rh 7.2 updates, the script /etc/init.d/ipchains will not load the ipchains module.