Linode Forum
https://forum.linode.com/

IP Tables Error
https://forum.linode.com/viewtopic.php?f=19&t=6981
Page 2 of 4

Author:  sblantipodi [ Fri Apr 22, 2011 7:43 am ]
Post subject: 

obs wrote:
I installed centos locally first and that doesn't suffer from the problem so it seems to be a linode only problem.


I have this problem too on CentOS 5.6, but I have it only if I boot with the latest paravirt kernel 2.6.38, no problem if I boot with the legacy one 2.6.18.

Code:
[root@**** ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: security raw nat mangle fi[FAILED]


Sincerely I haven't understood what is the problem and how to solve it.

Author:  obs [ Fri Apr 22, 2011 12:49 pm ]
Post subject: 

Apply this patch http://pastebin.linode.com/5191 to /etc/init.d/iptables

Author:  sblantipodi [ Sat Apr 23, 2011 8:22 am ]
Post subject: 

obs wrote:
Apply this patch http://pastebin.linode.com/5191 to /etc/init.d/iptables


I have just applyed the patch, restarted my CentoOS 5.6 with the latest paravirt 2.6.38 but on boot I can read this error:

Code:
Settings chains to policy ACCEPT: security raw mangle filter [FAILED]


Thanks for the help, I appreciate it.

Author:  obs [ Sat Apr 23, 2011 9:49 am ]
Post subject: 

Odd worked for someone else and myself, can you put the contents of your /etc/init.d/iptables in pastebin.linode.com

Author:  sblantipodi [ Sat Apr 23, 2011 10:05 am ]
Post subject: 

obs wrote:
Odd worked for someone else and myself, can you put the contents of your /etc/init.d/iptables in pastebin.linode.com


Done:
http://pastebin.linode.com/5199

Author:  obs [ Sat Apr 23, 2011 10:30 am ]
Post subject: 

Well it's patched ok without looking at the server I'm not sure what's wrong.

Author:  sblantipodi [ Sat Apr 23, 2011 10:44 am ]
Post subject: 

obs wrote:
Well it's patched ok without looking at the server I'm not sure what's wrong.


If I manually restart iptables with
service iptables restart
I get no error.

But on boot I can see this:
Image

Author:  obs [ Sat Apr 23, 2011 10:50 am ]
Post subject: 

That's just plain weird, I don't have a centos system handy to test this on right now either :/

Author:  sblantipodi [ Sat Apr 23, 2011 11:35 am ]
Post subject: 

no one else with this problem?

You can see this problem only on boot because if you restart iptables manually, no error is displayed.

Author:  sblantipodi [ Thu Apr 28, 2011 6:56 pm ]
Post subject: 

I would like to have an answer from Linode since this is a problem of most users here running CentOS.

Thanks.

Author:  thelongmile [ Sat May 21, 2011 4:51 am ]
Post subject: 

Hi all, Sorry to hijack such an old thread

I've attempted to apply the same patch here, this is the exact contents of the file

Code:
--- iptables.new   2011-04-21 14:04:21.000000000 +0100
+++ iptables   2011-04-21 14:05:44.000000000 +0100
@@ -119,7 +119,13 @@
     ret=0
     for i in $tables; do
         echo -n "$i "
-        case "$i" in
+        case "$i" in
+      security)
+                    $IPTABLES -t security -P INPUT $policy \
+                    && $IPTABLES -t security -P OUTPUT $policy \
+                    && $IPTABLES -t security -P FORWARD $policy \
+                   || let ret+=1
+                ;;
             raw)
                 $IPTABLES -t raw -P PREROUTING $policy \
                     && $IPTABLES -t raw -P OUTPUT $policy \


This is as per the download button on this paste file. On a fresh install of Centos 5.6.

The patch runs, but comes up to the following

Code:
missing header for unified diff at line 3 of patch
can't find file to patch at input line 3
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|--- iptables.new   2011-04-21 14:04:21.000000000 +0100
|+++ iptables   2011-04-21 14:05:44.000000000 +0100
--------------------------
File to patch: /etc/init.d/iptables
patching file /etc/init.d/iptables
Hunk #1 FAILED at 119.
1 out of 1 hunk FAILED -- saving rejects to file /etc/init.d/iptables.rej


Any ideas here at all?

Author:  obs [ Sun May 22, 2011 6:06 am ]
Post subject: 

It means /etc/init.d/iptables is different compared to the one I made the patch for, post the contents of it into pastebin.linode.com and post the url here

Author:  thelongmile [ Sun May 22, 2011 6:08 am ]
Post subject: 

oops sorry, I thought I had updated this, I fixed this one myself eventually, looking at the config, everything was the same but it just refused to add the extra entry, I manually added it, and everything generally worked, I still have the profile but need to boot it if you'd like to see what else is different, as it's only the additional lines I added
(could be good for reference?)

Author:  obs [ Sun May 22, 2011 6:37 am ]
Post subject: 

If adding the lines manually worked then don't worry about it :) Linode already know about this issue so hopefully it'll be fixed in the distro soon.

Author:  webmonkey [ Tue May 24, 2011 1:16 pm ]
Post subject:  Update?

Does anyone know of an updated patch? The pastebin link doesn't work anymore and I'm still having this issue.

Thanks!

Page 2 of 4 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/