| View previous topic :: View next topic |
| Author |
Message |
PaulSorensen
Tux's lil' helper
Joined: 15 Apr 2004
Posts: 80
Location: Chicago, USA
|
 Posted: Wed Feb 07, 2007 9:52 pm Post subject: iptables issues after upgrade to gentoo-sources-2.20 |
 |
|
I upgraded to the latest kernel today (and have the latest iptables tools version 1.3.7).
Now when I boot, I get the following errors when /etc/init.d/iptables tries to start:
| Code: |
* Loading iptables state and starting firewall ...
FATAL: Module ip_tables not found.
iptables-restore v1.3.7: iptables-restore: unable to initializetable 'nat'
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information. |
Now, I have ip_tables compiled into the kernel and the .config was created by applying "make oldconfig" to the previous kernel config (where iptables was fine).
Any ideas?
Thanks
Paul |
|
| Back to top |
|
 |
madisonicus
Veteran
Joined: 20 Sep 2006
Posts: 1130
|
| Posted: Wed Feb 07, 2007 11:41 pm Post subject: |
|
|
There were a bunch of additions to netfilter in the 2.6.20 kernel including a change to NAT support. Might double check to be sure some of your options didn't move around.
HTH,
m
_________________
Please add [SOLVED] to your message title if you feel that your question has been answered.
------
Intel Q9300 Core2 Quad * Gigabyte GA-EP35C-DS3R
Samsung x360
AMD64 x2 4200+ * TF7050-M2 * HTPC
ZOTAC ION A-U Mini-ITX * HTPC |
|
| Back to top |
|
|
Draco-LVNH
n00b
Joined: 07 Dec 2005
Posts: 30
Location: Mexico, Michoacan, Morelia
|
| Posted: Thu Feb 08, 2007 5:45 am Post subject: |
|
|
i have some problems too, i use shorewall ( iptables interface ) and with 2.6.19 it was going all right, but when i updated to 2.6.20 ( gentoo-sources both ) iptables started to mark an error like the one on https://forums.gentoo.org/viewtopic-t-535674-highlight-chain+target+match.html, so i did what that forum says and it changed the error, now is another that i cannot find  ... this is what happend...
| Code: |
[23:32] Ragnarok vhosts.d # Servicios.sh shorewall start
* Starting firewall ...
iptables: Invalid argument
ERROR: Command "/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT" Failed
iptables: Invalid argument
iptables: Invalid argument
/sbin/shorewall: line 529: 1474 Terminated ${VARDIR}/.start $debugging start [ !! ]
|
now i am just hopping to see a fix in bugs or portage |
|
| Back to top |
|
|
gami
Apprentice
Joined: 02 Jun 2006
Posts: 297
|
| Posted: Thu Feb 08, 2007 7:00 am Post subject: |
|
|
I had the same problem, too. Connection tracking was not fully enabled after upgrading with a 2.6.19 config file as a base. In menuconfig I checked all the visible related entries to no avail. However, looking at the raw /usr/src/linux/.config file I noticed that CONFIG_NF_CONNTRACK_IPV4 and CONFIG_NF_CONNTRACK_IPV6 (for those who need IP6) wasn't set. I edited the .config file and reran make menuconfig. This time the appropriate entries were visible and the kernel later built with connection tracking enabled. Look at this thread on the kernel mailing list for details and how pleased Linus is with the situation  |
|
| Back to top |
|
|
Draco-LVNH
n00b
Joined: 07 Dec 2005
Posts: 30
Location: Mexico, Michoacan, Morelia
|
| Posted: Thu Feb 08, 2007 10:07 pm Post subject: |
|
|
| Thank you very much, i have that disabled, so i turned it on for recompiling the Kernel a little more late |
|
| Back to top |
|
|
Draco-LVNH
n00b
Joined: 07 Dec 2005
Posts: 30
Location: Mexico, Michoacan, Morelia
|
| Posted: Thu Feb 08, 2007 10:24 pm Post subject: |
|
|
| Thank you again, it worked... i just compiled the module, and now shorewall works again, have a good day |
|
| Back to top |
|
|
Paczesiowa
Guru
Joined: 06 Mar 2006
Posts: 593
Location: Oborniki Śląskie, Poland
|
| Posted: Fri Feb 09, 2007 5:08 pm Post subject: |
|
|
| is it just me, or there is no layer7 option in kernel config? (I reemerged l7-filter afetr new kernel) |
|
| Back to top |
|
|
PaulSorensen
Tux's lil' helper
Joined: 15 Apr 2004
Posts: 80
Location: Chicago, USA
|
| Posted: Fri Feb 09, 2007 5:35 pm Post subject: I'll give it a try |
|
|
| I'll give it a try tonight - and mark [SOLVED] if it works - thanks for the help! |
|
| Back to top |
|
|
karafeka
Tux's lil' helper
Joined: 02 Aug 2004
Posts: 89
|
| Posted: Sun Apr 01, 2007 3:21 pm Post subject: |
|
|
| Paczesiowa wrote: | | is it just me, or there is no layer7 option in kernel config? (I reemerged l7-filter afetr new kernel) |
There is no support for l7-filter in 2.6.20 and 21, yet.
On l7-filter milling list is a patch, but it is not working. |
|
| Back to top |
|
|
tnt
Veteran
Joined: 27 Feb 2004
Posts: 1222
|
|
| Back to top |
|
|
jcat
Veteran
Joined: 26 May 2006
Posts: 1337
|
| Posted: Thu Jun 28, 2007 3:38 pm Post subject: |
|
|
Excellent. This sorted my issues as well! 
Cheers,
jcat |
|
| Back to top |
|
|
|
Other Things Gentoo
