* [gentoo-user] iptables error
@ 2006-11-08 15:29 Arnau Bria
2006-11-08 16:16 ` Hans-Werner Hilse
` (3 more replies)
0 siblings, 4 replies; 12+ messages in thread
From: Arnau Bria @ 2006-11-08 15:29 UTC (permalink / raw
To: gentoo-user
Hi,
I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables stop
working.
I get this error:
# iptables-restore < /etc/iptables.noviembre
getsockopt failed strangely: No such file or directory
I have those modules loaded:
# lsmod
Module Size Used by
iptable_filter 3968 0
ip_tables 14436 1 iptable_filter
x_tables 14980 1 ip_tables
is there anything missing? It worked fine with old kernel...
cheers!
--
Arnau Bria
http://blog.emergetux.net
Wiggum: Dispara a las ruedas Lou.
Lou: eee, es un tanque jefe.
Wiggum: Me tienes hartito con todas tus excusas.
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-08 15:29 [gentoo-user] iptables error Arnau Bria
@ 2006-11-08 16:16 ` Hans-Werner Hilse
2006-11-08 16:33 ` Arnau Bria
2006-11-08 16:20 ` Tim Garton
` (2 subsequent siblings)
3 siblings, 1 reply; 12+ messages in thread
From: Hans-Werner Hilse @ 2006-11-08 16:16 UTC (permalink / raw
To: gentoo-user
Hi,
On Wed, 8 Nov 2006 16:29:45 +0100 Arnau Bria <arnau@emergetux.net>
wrote:
> I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables stop
> working.
As iptables is very depending on the kernel's API, did you
- change kernel configuration?
- try re-emerging iptables?
-hwh
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-08 15:29 [gentoo-user] iptables error Arnau Bria
2006-11-08 16:16 ` Hans-Werner Hilse
@ 2006-11-08 16:20 ` Tim Garton
2006-11-08 16:51 ` Arnau Bria
2006-11-08 17:09 ` Mike Williams
2006-11-08 17:19 ` Richard Fish
3 siblings, 1 reply; 12+ messages in thread
From: Tim Garton @ 2006-11-08 16:20 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1187 bytes --]
Perhaps try these modules as well?
gentoo sbin # lsmod
Module Size Used by
xt_tcpudp 7936 1
iptable_nat 10756 1
ip_nat 21292 1 iptable_nat
ip_conntrack 51332 2 iptable_nat,ip_nat
iptable_filter 7296 0
ip_tables 22760 2 iptable_nat,iptable_filter
x_tables 18568 3 xt_tcpudp,iptable_nat,ip_tables
Tim
On 11/8/06, Arnau Bria <arnau@emergetux.net> wrote:
>
> Hi,
>
> I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables stop
> working.
>
> I get this error:
>
> # iptables-restore < /etc/iptables.noviembre
> getsockopt failed strangely: No such file or directory
>
> I have those modules loaded:
>
> # lsmod
> Module Size Used by
> iptable_filter 3968 0
> ip_tables 14436 1 iptable_filter
> x_tables 14980 1 ip_tables
>
> is there anything missing? It worked fine with old kernel...
>
> cheers!
> --
> Arnau Bria
> http://blog.emergetux.net
> Wiggum: Dispara a las ruedas Lou.
> Lou: eee, es un tanque jefe.
> Wiggum: Me tienes hartito con todas tus excusas.
> --
> gentoo-user@gentoo.org mailing list
>
>
[-- Attachment #2: Type: text/html, Size: 2508 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-08 16:16 ` Hans-Werner Hilse
@ 2006-11-08 16:33 ` Arnau Bria
2006-11-08 16:50 ` Arnau Bria
0 siblings, 1 reply; 12+ messages in thread
From: Arnau Bria @ 2006-11-08 16:33 UTC (permalink / raw
To: gentoo-user
On Wed, 8 Nov 2006 17:16:20 +0100
Hans-Werner Hilse wrote:
> Hi,
>
> On Wed, 8 Nov 2006 16:29:45 +0100 Arnau Bria <arnau@emergetux.net>
> wrote:
>
> > I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables
> > stop working.
>
> As iptables is very depending on the kernel's API, did you
> - change kernel configuration?
nop. just make oldconfig with default values for new options.
> - try re-emerging iptables?
nop, gonna do it.
> -hwh
thanks!
--
Arnau Bria
http://blog.emergetux.net
Wiggum: Dispara a las ruedas Lou.
Lou: eee, es un tanque jefe.
Wiggum: Me tienes hartito con todas tus excusas.
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-08 16:33 ` Arnau Bria
@ 2006-11-08 16:50 ` Arnau Bria
2006-11-08 17:24 ` Hans-Werner Hilse
0 siblings, 1 reply; 12+ messages in thread
From: Arnau Bria @ 2006-11-08 16:50 UTC (permalink / raw
To: gentoo-user
On Wed, 8 Nov 2006 17:33:31 +0100
Arnau Bria wrote:
> > As iptables is very depending on the kernel's API, did you
> > - change kernel configuration?
> nop. just make oldconfig with default values for new options.
> > - try re-emerging iptables?
I've recompiled iptables and I still have same problem...
> > -hwh
thanks!
--
Arnau Bria
http://blog.emergetux.net
Wiggum: Dispara a las ruedas Lou.
Lou: eee, es un tanque jefe.
Wiggum: Me tienes hartito con todas tus excusas.
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-08 16:20 ` Tim Garton
@ 2006-11-08 16:51 ` Arnau Bria
0 siblings, 0 replies; 12+ messages in thread
From: Arnau Bria @ 2006-11-08 16:51 UTC (permalink / raw
To: gentoo-user
On Wed, 8 Nov 2006 08:20:48 -0800
Tim Garton wrote:
> Perhaps try these modules as well?
>
> gentoo sbin # lsmod
> Module Size Used by
> xt_tcpudp 7936 1
> iptable_nat 10756 1
> ip_nat 21292 1 iptable_nat
> ip_conntrack 51332 2 iptable_nat,ip_nat
> iptable_filter 7296 0
> ip_tables 22760 2 iptable_nat,iptable_filter
> x_tables 18568 3 xt_tcpudp,iptable_nat,ip_tables
# lsmod
Module Size Used by
ip_conntrack 46112 0
xt_tcpudp 4096 0
xt_MARK 3328 0
iptable_filter 3968 0
ip_tables 14436 1 iptable_filter
x_tables 14980 3 xt_tcpudp,xt_MARK,ip_tables
# iptables-restore < /etc/iptables.noviembre
getsockopt failed strangely: No such file or directory
(I don't use nat).
Thanks for your reply.
--
Arnau Bria
http://blog.emergetux.net
Wiggum: Dispara a las ruedas Lou.
Lou: eee, es un tanque jefe.
Wiggum: Me tienes hartito con todas tus excusas.
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-08 15:29 [gentoo-user] iptables error Arnau Bria
2006-11-08 16:16 ` Hans-Werner Hilse
2006-11-08 16:20 ` Tim Garton
@ 2006-11-08 17:09 ` Mike Williams
2006-11-08 17:19 ` Richard Fish
3 siblings, 0 replies; 12+ messages in thread
From: Mike Williams @ 2006-11-08 17:09 UTC (permalink / raw
To: gentoo-user
On Wednesday 08 November 2006 15:29, Arnau Bria wrote:
> I get this error:
>
> # iptables-restore < /etc/iptables.noviembre
> getsockopt failed strangely: No such file or directory
Whenever I get errors like these my first step is to run the command under
strace, then follow the reams of output backwards to find the file or
directory it's looking for.
# emerge strace
# strace iptables-restore < /etc/iptables.noviembre
Not quite sure how it will react to the redirection.
--
Mike Williams
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-08 15:29 [gentoo-user] iptables error Arnau Bria
` (2 preceding siblings ...)
2006-11-08 17:09 ` Mike Williams
@ 2006-11-08 17:19 ` Richard Fish
2006-11-09 9:46 ` Arnau Bria
3 siblings, 1 reply; 12+ messages in thread
From: Richard Fish @ 2006-11-08 17:19 UTC (permalink / raw
To: gentoo-user
On 11/8/06, Arnau Bria <arnau@emergetux.net> wrote:
> Hi,
>
> I've done a kernel upgrade, from 2.6.16 to 17-r8 and my iptables stop
> working.
>
> I get this error:
>
> # iptables-restore < /etc/iptables.noviembre
> getsockopt failed strangely: No such file or directory
I'd suggest you make a copy of this file and try to identify which
rule from this file is causing the error. It is a plain text file, so
you can comment out (with '#' characters) various rules (lines that
start with '[') to figure out which rule is causing the error.
BTW, many of the filter options changed in recent kernels. You should
double check your kernel configuration and make sure you have at least
CONFIG_NETFILTER=y
CONFIG_NETFILTER_XTABLES=m
You'll also need at least some CONFIG_NETFILTER_XT_* options under
Networking->
Networking options ->
Network packet filtering ->
Core Netfilter Configuration ->
-Richard
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-08 16:50 ` Arnau Bria
@ 2006-11-08 17:24 ` Hans-Werner Hilse
0 siblings, 0 replies; 12+ messages in thread
From: Hans-Werner Hilse @ 2006-11-08 17:24 UTC (permalink / raw
To: gentoo-user
Hi,
On Wed, 8 Nov 2006 17:50:13 +0100
Arnau Bria <arnau@emergetux.net> wrote:
> On Wed, 8 Nov 2006 17:33:31 +0100
> Arnau Bria wrote:
>
> > > As iptables is very depending on the kernel's API, did you
> > > - change kernel configuration?
> > nop. just make oldconfig with default values for new options.
>
> > > - try re-emerging iptables?
> I've recompiled iptables and I still have same problem...
Hrm. Rethinking this, it might be due to an older set of include files
in /usr/include/linux. But don't change that, it'll break various
things. It might also be older an older interface used by glibc.
Do you have other things emerged that are netfilter related?
You can try to
$ strace iptables-restore < iptables.saved
and post the last 10-30 lines of output here. There'll probably be a
getsockopt call that fails.
Also have a look at your kernel's "make menuconfig", the module
architecture for iptables has changed -- maybe "oldconfig" didn't do
its job well... but I doubt that, since I've compiled everything as
modules, too, and there's only the modules you mentioned first loaded
for me.
Are you running with ACCEPT_KEYWORDS="~x86" ? Maybe you should try for
iptables, e.g.
$ ACCEPT_KEYWORDS="~x86" emerge iptables
that should give you iptables-1.3.6(-r1).
-hwh
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-08 17:19 ` Richard Fish
@ 2006-11-09 9:46 ` Arnau Bria
2006-11-09 16:40 ` Tim Garton
0 siblings, 1 reply; 12+ messages in thread
From: Arnau Bria @ 2006-11-09 9:46 UTC (permalink / raw
To: gentoo-user
On Wed, 8 Nov 2006 10:19:10 -0700
Richard Fish wrote:
> On 11/8/06, Arnau Bria <arnau@emergetux.net> wrote:
> I'd suggest you make a copy of this file and try to identify which
> rule from this file is causing the error. It is a plain text file, so
> you can comment out (with '#' characters) various rules (lines that
> start with '[') to figure out which rule is causing the error.
Well, I found them:
#-A INPUT -i eth0 -p tcp -m multiport --dports 4662,18491 -m tcp
--tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
#-A INPUT -i eth0 -p udp -m multiport --dports 4666,18491 -j ACCEPT
anyone knows what happens with both rules?
> -Richard
Thanks!
--
Arnau Bria
http://blog.emergetux.net
Wiggum: Dispara a las ruedas Lou.
Lou: eee, es un tanque jefe.
Wiggum: Me tienes hartito con todas tus excusas.
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-09 9:46 ` Arnau Bria
@ 2006-11-09 16:40 ` Tim Garton
2006-11-09 16:58 ` Arnau Bria
0 siblings, 1 reply; 12+ messages in thread
From: Tim Garton @ 2006-11-09 16:40 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 996 bytes --]
perhaps the multiport module? (xt_multiport)
On 11/9/06, Arnau Bria <arnau@emergetux.net> wrote:
>
> On Wed, 8 Nov 2006 10:19:10 -0700
> Richard Fish wrote:
>
> > On 11/8/06, Arnau Bria <arnau@emergetux.net> wrote:
>
> > I'd suggest you make a copy of this file and try to identify which
> > rule from this file is causing the error. It is a plain text file, so
> > you can comment out (with '#' characters) various rules (lines that
> > start with '[') to figure out which rule is causing the error.
> Well, I found them:
> #-A INPUT -i eth0 -p tcp -m multiport --dports 4662,18491 -m tcp
> --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
>
> #-A INPUT -i eth0 -p udp -m multiport --dports 4666,18491 -j ACCEPT
>
> anyone knows what happens with both rules?
>
>
> > -Richard
> Thanks!
>
> --
> Arnau Bria
> http://blog.emergetux.net
> Wiggum: Dispara a las ruedas Lou.
> Lou: eee, es un tanque jefe.
> Wiggum: Me tienes hartito con todas tus excusas.
> --
> gentoo-user@gentoo.org mailing list
>
>
[-- Attachment #2: Type: text/html, Size: 1475 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-user] iptables error
2006-11-09 16:40 ` Tim Garton
@ 2006-11-09 16:58 ` Arnau Bria
0 siblings, 0 replies; 12+ messages in thread
From: Arnau Bria @ 2006-11-09 16:58 UTC (permalink / raw
To: gentoo-user
On Thu, 9 Nov 2006 08:40:12 -0800
Tim Garton wrote:
> xt_multiport
Oooooh!
I've not looked for the solution yet :-(
Thanks a lot! that solved my problem!
--
Arnau Bria
http://blog.emergetux.net
Wiggum: Dispara a las ruedas Lou.
Lou: eee, es un tanque jefe.
Wiggum: Me tienes hartito con todas tus excusas.
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2006-11-09 17:06 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-11-08 15:29 [gentoo-user] iptables error Arnau Bria
2006-11-08 16:16 ` Hans-Werner Hilse
2006-11-08 16:33 ` Arnau Bria
2006-11-08 16:50 ` Arnau Bria
2006-11-08 17:24 ` Hans-Werner Hilse
2006-11-08 16:20 ` Tim Garton
2006-11-08 16:51 ` Arnau Bria
2006-11-08 17:09 ` Mike Williams
2006-11-08 17:19 ` Richard Fish
2006-11-09 9:46 ` Arnau Bria
2006-11-09 16:40 ` Tim Garton
2006-11-09 16:58 ` Arnau Bria
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox