| Linode Forum https://forum.linode.com/ |
|
| IPTables https://forum.linode.com/viewtopic.php?f=19&t=3930 |
Page 1 of 1 |
| Author: | michael21439 [ Fri Feb 27, 2009 8:23 am ] |
| Post subject: | IPTables |
I'm having a problem (below) when I try to start iptables. Code: [root@s1 ~]# service iptables start Can anyone help? Thanks, Michael |
|
| Author: | Jay [ Fri Feb 27, 2009 11:17 am ] |
| Post subject: | |
You've defined a non-existent table in your iptables configuration. There's no iptable-table named "security". Those rules should be moved into filter, nat, or mangle (most likely filter). |
|
| Author: | michael21439 [ Fri Feb 27, 2009 11:44 am ] |
| Post subject: | |
Jay wrote: You've defined a non-existent table in your iptables configuration. There's no iptable-table named "security". Those rules should be moved into filter, nat, or mangle (most likely filter).
How do I remove it? |
|
| Author: | michael21439 [ Fri Feb 27, 2009 12:14 pm ] |
| Post subject: | |
Nevermind, fixed |
|
| Author: | troublshootr [ Fri Jun 11, 2010 5:09 am ] |
| Post subject: | |
The fix, at least for me, was to switch from the 2.6 paravirt kernel to the latest 2.6 stable. There's an issue with the paravirt kernel that Linode's Build team are aware of but there is no ETA on if/when there will be a resolution. Terry |
|
| Author: | curlyroger [ Fri Jun 11, 2010 11:01 pm ] |
| Post subject: | |
I get this error as well. I cannot figure out how to "fix" the error in my iptables configuration since I don't even use the word security. I'm running the paravirt kernel. Is there a risk to ignoring the error and letting iptables run as is? |
|
| Author: | troublshootr [ Sun Jun 13, 2010 5:49 am ] |
| Post subject: | |
I asked the same question and it wasn't really answered. This is what I received from support: "The issue is that the "Latest 2.6 Paravirt" kernel has a "security" chain and iptables doesn't know how to handle it. Usually switching to the "Latest 2.6 Stable" kernel resolves the issue without any further tweaking of the iptables init script (it often just ignores that chain and starts normally). Our builds team is indeed aware of this problem, however I do not have an ETA on if/when it will be resolved. It is perfectly fine to continue using our "Latest 2.6 Stable" kernel -- this kernel was actually the default selection for CentOS deployments until recently. No applications, with the exception of iptables, will operate differently when using the stable kernel." So not really an answer if you can use the paravirt kernel without a problem. If you find out the answer, please post. Note that if you execute an iptables-save while using the paravirt kernel, it will save a security chain in the /etc/sysconfig/iptables file so upon start-up with the 2.6 stable kernel, iptables will try to load a security chain and will really fail. Terry |
|
| Author: | sblantipodi [ Sun Apr 17, 2011 12:29 pm ] |
| Post subject: | |
I'm having the same issue when switched to latest 2.6 paravirt, no solution yet? |
|
| Author: | troublshootr [ Wed Sep 07, 2011 12:21 pm ] |
| Post subject: | |
Just deployed Cent OS 6 and ran into this problem again with latest paravirt. Found this on the web. http://impactservices.in/content/iptabl ... ter-failed Haven't tried it out yet. Not sure if it will screw anything else up. Anyone found a fix for this yet or has tried this out? Thanks, Terry |
|
| Author: | sblantipodi [ Wed Sep 07, 2011 1:12 pm ] |
| Post subject: | |
cd /etc/init.d mv iptables ~/iptables.bak wget http://epoxie.net/12023.txt && cat 12023.txt | tr -d '\r' > iptables chmod +x iptables rm -rf 12023.txt Now, "iptables" should now start successfully: service iptables restart EDIT: I don't have this error with the latest paravirt kernel 3 |
|
| Author: | troublshootr [ Thu Sep 08, 2011 3:54 pm ] |
| Post subject: | |
Hi, I tried with the latest paravirt 3 and I still get the same error. Terry |
|
| Author: | hoopycat [ Thu Sep 08, 2011 4:12 pm ] |
| Post subject: | |
troublshootr wrote: I tried with the latest paravirt 3 and I still get the same error.
It is a bug in CentOS, not in the kernel itself, so I wouldn't anticipate newer kernels changing much. |
|
| Author: | sblantipodi [ Thu Sep 08, 2011 4:23 pm ] |
| Post subject: | |
hoopycat wrote: troublshootr wrote: I tried with the latest paravirt 3 and I still get the same error. It is a bug in CentOS, not in the kernel itself, so I wouldn't anticipate newer kernels changing much. I don't consider it a bug in CentOS since it happen only with linode kernel and some other one. |
|
| Author: | hoopycat [ Thu Sep 08, 2011 6:24 pm ] |
| Post subject: | |
So the bug doesn't happen if you download the latest mainline kernel from kernel.org, compile it using a reasonably-similar configuration (e.g. from /proc/config.gz on a Linode), and boot with it on normal hardware? If it doesn't happen, I will retract my statement just as soon as I finish eating my hat. |
|
| Author: | sblantipodi [ Thu Sep 08, 2011 6:31 pm ] |
| Post subject: | |
hoopycat wrote: So the bug doesn't happen if you download the latest mainline kernel from kernel.org, compile it using a reasonably-similar configuration (e.g. from /proc/config.gz on a Linode), and boot with it on normal hardware? If it doesn't happen, I will retract my statement just as soon as I finish eating my hat.
I don't have tested it with similar configuration of the linode one so I can't answer. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|