Linode Forum

kavisaku · Joined: 18 Apr 2011 Posts: 9

When I restart iptables, I am getting the following error. Learned from this forum, that I need to change the kernel, which i did..not working good.

Code: [root@**** ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: security raw nat mangle fi[FAILED]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[FAILED]
[root@**** ~]# uname -a
Linux **** 2.6.38-linode31 #1 SMP Mon Mar 21 21:22:33 UTC 2011 i686 i686 i386 GNU/Linux

Running Centos 32-bit.

Your suggestions are highly appreciated..thank you!

obs · Joined: 07 Mar 2010 Posts: 1400 Location: Earth

try this http://www.linode.com/wiki/index.php/CentOS#TIP:_Loading_additional_iptaables_modules_.5BFAILED.5D

kavisaku · Joined: 18 Apr 2011 Posts: 9

thank you..that did fixed the netbios error..however, the first error still remains.

Setting chains to policy ACCEPT: security raw nat mangle fi[FAILED]

obs · Joined: 07 Mar 2010 Posts: 1400 Location: Earth

I should really have my cuppa tea before reading these posts so I read the whole thing....

Anyway can you put the content of your /etc/sysconfig/iptables file in http://pastebin.linode.com/ then post the link please.

kavisaku · Joined: 18 Apr 2011 Posts: 9

Thank you!!!!

But, what have I done? I rebooted the linode..When I used the Lish console, here is the error message.

Code: IPv4 over IPv4 tunneling driver
GRE over IPv4 tunneling driver
ip_conntrack version 2.4 (8192 buckets, 65536 max) - 228 bytes per conntrack
ip_conntrack_pptp version 3.1 loaded
ip_nat_pptp version 3.0 loaded
ip_tables: (C) 2000-2006 Netfilter Core Team
TCP bic registered
Initializing IPsec netlink socket
NET: Registered protocol family 1
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
IPv6 over IPv4 tunneling driver
ip6_tables: (C) 2000-2006 Netfilter Core Team
NET: Registered protocol family 17
NET: Registered protocol family 15
Bridge firewalling registered
Ebtables v2.0 registered
ebt_ulog: not logging via ulog since somebody else already registered for PF_BRIDGE
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
All bugs added by David S. Miller <davem@redhat.com>
SCTP: Hash tables configured (established 65536 bind 65536)
Using IPI Shortcut mode
XENBUS: Device with no driver: device/console/0
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
VFS: Mounted root (ext3 filesystem) readonly.
Freeing unused kernel memory: 224k freed
Warning: unable to open an initial console.

The Kernel is Latest 2.6 Legacy (2.6.18.8-linode22)

CentOS 32 bit.

I did nothing except changing the kernel as mentioned in the other thread...:( :) :)

obs · Joined: 07 Mar 2010 Posts: 1400 Location: Earth

I believe the latest version of centos requires the paravirt kernel (not positive though), switch back and provide the contents of /etc/sysconfig/iptables at http://pastebin.linode.com/

kavisaku · Joined: 18 Apr 2011 Posts: 9

thank you! the pastebin link;

http://pastebin.linode.com/5181

obs · Joined: 07 Mar 2010 Posts: 1400 Location: Earth

can you pastebin the contents of /etc/init.d/iptables as well (sorry forgot)

kavisaku · Joined: 18 Apr 2011 Posts: 9

@ obs;

http://pastebin.linode.com/5184

kavisaku · Joined: 18 Apr 2011 Posts: 9

FYKI, I am trying to run openvpn and pptp...Everytime I start the server, the iptables settings are not executed.

I don't know if this is related, but

Code: [root@*** etc]# modprobe ppp-compress-18 && echo ok
FATAL: Module ppp_mppe not found.

obs · Joined: 07 Mar 2010 Posts: 1400 Location: Earth

copy this into a file http://pastebin.linode.com/5191 and run
Code: patch -p1 < filename if it asks for a file choose /etc/init.d/iptables (replace filename in the command with the name of the file you saved it to). That will patch your init script.

kavisaku · Joined: 18 Apr 2011 Posts: 9

@ obs...You are a genius..Thanks a lot. :)

Code: [root@*** ~]# nano ipfix
[root@*** ~]# patch -p1 < ipfix
missing header for unified diff at line 3 of patch
can't find file to patch at input line 3
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|--- iptables.old 2011-04-20 17:08:49.000000000 -0400
|+++ iptables 2011-04-20 17:09:17.000000000 -0400
--------------------------
File to patch: /etc/init.d/iptables
patching file /etc/init.d/iptables
[root@*** ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: security raw nat mangle fi[ OK ]
Applying iptables firewall rules: [ OK ]

obs · Joined: 07 Mar 2010 Posts: 1400 Location: Earth

Np *goes and pokes linode to update their distro*

hoopycat · Posted: Thu Apr 21, 2011 1:13 pm Post subject:

obs wrote: *goes and pokes linode to update their distro*

Looks like it is a part of the iptables package in CentOS, so you probably want to poke either CentOS or Red Hat to fix it.

obs · Joined: 07 Mar 2010 Posts: 1400 Location: Earth

I installed centos locally first and that doesn't suffer from the problem so it seems to be a linode only problem.

IP Tables Error