[gentoo-user] Latest update; problems with ppp and iptables

[gentoo-user] Latest update; problems with ppp and iptables

[Walter Dnes]

  I apologize for the ppp repost.  In addition to my Gentoo problems,
an unco-ordinated MX change resulted in me not getting 36 hours worth of
mail, so I've probably missed any replies to that.

  OK, so I waited a while between kernel upgrades *AND* there was a
layout upgrade in the meantime.  Let's just say that "make oldconfig"
did *NOT* work very well.  I got kernel panic, and it wouldn't boot.  I
hauled out the install CD, booted, chrooted, re-emerged kernel 2.6.16-r7
(yeah. I know, still "behind the times"), and manually entered all the
stuff in "make menuconfig", and rebuilt the kernel.  On bootup it
complained about /etc/conf.d/net and pointed me to a new example file.
I changed a couple of entries to...

config_eth0="192.168.123.252 broadcast 192.168.123.255 netmask 255.255.255.248 mtu 1454"
routes_eth0=("default via 192.168.123.254")

...and rebooted.  One less complaint.

  I still have 2 problems.  During bootup, I get...
====================================================
 * Loading iptables state and starting firewall ...
FATAL: Module ip_tables not found.
iptables-restore v1.3.5: iptables-restore: unable to initializetable 'raw'

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more informat  [ !! ]
====================================================

  There seem to be a lot more entries for iptables, netfilter, and
xtables (huh???) than I remember.  I obviously missed something
somewhere.  Any idea from the error message which "make menuconfig" item
it was?  Even though I'm behind a NATting ADSL router-modem, I'm taking
down eth0, except when up/down loading email and news.


  Secondly, whilst trying to emerge/update ppp, I get
=====================================================
>>> checking ppp-2.4.3-patches-20060707.tar.gz ;-)
 * Gentoo is moving toward common configuration file for all network
 * interfaces. Thus starting from >=ppp-2.4.3-r10 the following files
 * are obsoleted and should be removed to avoid future confusion:
 *     /etc/conf.d/net.ppp0 - conflict with baselayout
 *     /etc/init.d/net.ppp0 - conflict with baselayout
 *     /etc/ppp/chat-default - unused by this version
 *     /etc/ppp/options-pppoe - unused by this version
 *     /etc/ppp/options-pptp - unused by this version

 * If you use the old net.ppp0 script, you need to:
 *    - upgrade to >=sys-apps/baselayout-1.12.0_pre11
 *    - set ppp0 parameters in /etc/conf.d/net (see example file)
 *    - remove conflicting files
 *    - upgrade net-dialup/ppp

 * If you never used net.ppp0 script, just run the following commands:
 *     rm //etc/conf.d/net.ppp0 //etc/init.d/net.ppp0 //etc/ppp/chat-default //etc/ppp/options-pppoe //etc/ppp/options-pptp
 *     emerge --resume

!!! ERROR: net-dialup/ppp-2.4.3-r16 failed.
Call stack:
  ebuild.sh, line 1555:   Called dyn_setup
  ebuild.sh, line 668:   Called pkg_setup
  ppp-2.4.3-r16.ebuild, line 75:   Called die

!!! Conflicts with baselayout support detected
!!! If you need support, post the topmost build error, and the call stack if relevant.
====================================================

  I'm on baselayout-1.12.4-r7, and I invoke ppp for dialup with
pon/poff.  I use pppconfig for setup.  Is it safe for me to delete the
files?

-- 
Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Latest update; problems with ppp and iptables

[Mick]

[-- Attachment #1: Type: text/plain, Size: 3962 bytes --]

On Thursday 07 September 2006 22:26, Walter Dnes wrote:
>   I apologize for the ppp repost.  In addition to my Gentoo problems,
> an unco-ordinated MX change resulted in me not getting 36 hours worth of
> mail, so I've probably missed any replies to that.

No worries, I'll repeat what I said earlier.

>   OK, so I waited a while between kernel upgrades *AND* there was a
> layout upgrade in the meantime.  Let's just say that "make oldconfig"
> did *NOT* work very well.  I got kernel panic, and it wouldn't boot.  I
> hauled out the install CD, booted, chrooted, re-emerged kernel 2.6.16-r7
> (yeah. I know, still "behind the times"), and manually entered all the
> stuff in "make menuconfig", and rebuilt the kernel.  On bootup it
> complained about /etc/conf.d/net and pointed me to a new example file.
> I changed a couple of entries to...
>
> config_eth0="192.168.123.252 broadcast 192.168.123.255 netmask
> 255.255.255.248 mtu 1454" routes_eth0=("default via 192.168.123.254")
>
> ...and rebooted.  One less complaint.
>
>   I still have 2 problems.  During bootup, I get...
> ====================================================
>  * Loading iptables state and starting firewall ...
> FATAL: Module ip_tables not found.
> iptables-restore v1.3.5: iptables-restore: unable to initializetable 'raw'
>
> Error occurred at line: 2
> Try `iptables-restore -h' or 'iptables-restore --help' for more informat  [
> !! ] ====================================================
>
>   There seem to be a lot more entries for iptables, netfilter, and
> xtables (huh???) than I remember.  I obviously missed something
> somewhere.  Any idea from the error message which "make menuconfig" item
> it was?  Even though I'm behind a NATting ADSL router-modem, I'm taking
> down eth0, except when up/down loading email and news.

I can't remember exactly which entries cause this, but try adding conntrack 
and Connection tracking flow accounting, as well as Full NAT and the 
submodules below it.  Raw table support (required for NOTRACK/TRACE) will 
also help.

>   Secondly, whilst trying to emerge/update ppp, I get
> =====================================================
>
> >>> checking ppp-2.4.3-patches-20060707.tar.gz ;-)
>
>  * Gentoo is moving toward common configuration file for all network
>  * interfaces. Thus starting from >=ppp-2.4.3-r10 the following files
>  * are obsoleted and should be removed to avoid future confusion:
>  *     /etc/conf.d/net.ppp0 - conflict with baselayout
>  *     /etc/init.d/net.ppp0 - conflict with baselayout
>  *     /etc/ppp/chat-default - unused by this version
>  *     /etc/ppp/options-pppoe - unused by this version
>  *     /etc/ppp/options-pptp - unused by this version
>
>  * If you use the old net.ppp0 script, you need to:
>  *    - upgrade to >=sys-apps/baselayout-1.12.0_pre11
>  *    - set ppp0 parameters in /etc/conf.d/net (see example file)
>  *    - remove conflicting files
>  *    - upgrade net-dialup/ppp
>
>  * If you never used net.ppp0 script, just run the following commands:
>  *     rm //etc/conf.d/net.ppp0 //etc/init.d/net.ppp0
> //etc/ppp/chat-default //etc/ppp/options-pppoe //etc/ppp/options-pptp *    
> emerge --resume
>
> !!! ERROR: net-dialup/ppp-2.4.3-r16 failed.
> Call stack:
>   ebuild.sh, line 1555:   Called dyn_setup
>   ebuild.sh, line 668:   Called pkg_setup
>   ppp-2.4.3-r16.ebuild, line 75:   Called die
>
> !!! Conflicts with baselayout support detected
> !!! If you need support, post the topmost build error, and the call stack
> if relevant. ====================================================
>
>   I'm on baselayout-1.12.4-r7, and I invoke ppp for dialup with
> pon/poff.  I use pppconfig for setup.  Is it safe for me to delete the
> files?

It is safer to mv them to a different name/place.  Mine worked fine after I 
renamed them and completed the emerge.

HTH
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Latest update; problems with ppp and iptables

[Walter Dnes]

On Thu, Sep 07, 2006 at 11:12:09PM +0100, Mick wrote
> On Thursday 07 September 2006 22:26, Walter Dnes wrote:

> >   I'm on baselayout-1.12.4-r7, and I invoke ppp for dialup with
> > pon/poff.  I use pppconfig for setup.  Is it safe for me to delete
> > the files?
> 
> It is safer to mv them to a different name/place.  Mine worked fine
> after I renamed them and completed the emerge.

  Dohhhh.  I feel stupid for missing the obvious solution.  Dialup works
OK without those files.  I checked.  At least I managed to figure out
the iptables problem.  A year ago, I included just about everything in
iptables via "make menuconfig".  This has been inherited by subsequent
kernels via "make oldconfig".  When that blew up on me Wednesday, I had
to *MANUALLY* re-enter everything into "make menuconfig".  There was a
bunch of new stuff, so I read the "Help" for items I wasn't sure about.

  In that process, I decided I don't need raw or mangle support.  I'm
not doing any NAT stuff; my Netgear router/modem handles that.  So this
time around, I did not include raw or mangle.  However, I left in the
references in /var/lib/iptables/rules-save, which started like so...

# Generated by iptables-save v1.3.5 on Wed Sep  6 18:41:29 2006
*raw
:PREROUTING ACCEPT [8675812:8112852860]
:OUTPUT ACCEPT [7421674:1137157572]
COMMIT
# Completed on Wed Sep  6 18:41:29 2006
# Generated by iptables-save v1.3.5 on Wed Sep  6 18:41:29 2006
*mangle
:PREROUTING ACCEPT [75679798:80347321466]
:INPUT ACCEPT [75679763:80347310753]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [60668907:37528863764]
:POSTROUTING ACCEPT [60668897:37528208414]
COMMIT
# Completed on Wed Sep  6 18:41:29 2006
# Generated by iptables-save v1.3.5 on Wed Sep  6 18:41:29 2006
*filter
...

  I simply deleted every line before "*filter" and iptables now works
OK.  It doesn't attempt to use raw or mangle, which I haven't built.

-- 
Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
-- 
gentoo-user@gentoo.org mailing list