Linode Forum :: IP Tables Error

Hello,

Thank you for contacting us! The issue you are experiencing with iptables is happening due to our paravirt kernel having a "security" chain compiled into it, and the default "iptables" init script included with CentOS does not know how to handle it. You are able to resolve this issue by downloading an amended version of the "iptables" init script. Please issue the following commands as the "root" user:

cd /etc/init.d
mv iptables ~/iptables.bak
wget http://epoxie.net/12023.txt && cat 12023.txt | tr -d '\r' > iptables
chmod +x iptables
rm -rf 12023.txt

Now, "iptables" should now start successfully:

service iptables restart

If there is anything else we can do for you, please let us know.

Regards,

Author:	webmonkey [ Tue May 24, 2011 5:44 pm ]
Post subject:
Thanks, that would be great! http://pastebin.linode.com/5350 Do you have any tips or know of any guides on learning how to do this myself?

Author:	obs [ Wed May 25, 2011 6:17 pm ]
Post subject:
Try this http://db.tt/wgvN7Dy Let me know if it works.

Author:	webmonkey [ Thu May 26, 2011 7:33 pm ]
Post subject:
Thanks for the patch! Sorry for the noob question, but I'm not sure how to use it. Could you point me in the right direction please? Thank you

Author:	obs [ Fri May 27, 2011 11:24 am ]
Post subject:
run patch -p1 < /pathtopatch

Author:	webmonkey [ Fri May 27, 2011 12:44 pm ]
Post subject:
The patch ran successfully (after I specified which file to patch); but did not seem to fix the issue. After restarting iptables, I got: /etc/init.d/iptables: line 125: syntax error near unexpected token `&&' /etc/init.d/iptables: line 125: ` && $IPTABLES -t security -P OUTPUT $policy \ ' Here is the current iptables file (after patching): http://pastebin.linode.com/5376 Thank you for your continued help!

Linode Forum https://forum.linode.com/

IP Tables Error https://forum.linode.com/viewtopic.php?f=19&t=6981	Page 3 of 4

Author:	obs [ Fri May 27, 2011 3:05 pm ]
Post subject:
Some trailing whitespace crept in oops! I've updated the patch, and just for webmonkey here's a patch to fix your broken iptables script http://db.tt/zYuD1lk

Author:	webmonkey [ Fri May 27, 2011 3:24 pm ]
Post subject:
It works! I repatched it and corrected the 'ip_conntrack_netbios_n' issue (just like the first post in this thread) and now I can restart iptables just fine. Much thanks obs! Would this same patch work for Ubuntu? I'm having the same issue on a different Linode server.

Author:	obs [ Fri May 27, 2011 3:55 pm ]
Post subject:
No it wouldn't work on ubuntu your issue there will be something different.

Author:	sblantipodi [ Thu Jul 21, 2011 8:07 am ]
Post subject:
this problem is present also in CentOS 6 The link to the patch is broken and I have the problem also on a fresh new CentOS 6.

Author:	obs [ Thu Jul 21, 2011 8:47 am ]
Post subject:
sblantipodi wrote: this problem is present also in CentOS 6 The link to the patch is broken and I have the problem also on a fresh new CentOS 6. Whoops must have moved the file, here's a link http://db.tt/wgvN7Dy I've not tried it on centos6

Author:	sblantipodi [ Thu Jul 21, 2011 9:37 am ]
Post subject:
obs wrote: sblantipodi wrote: this problem is present also in CentOS 6 The link to the patch is broken and I have the problem also on a fresh new CentOS 6. Whoops must have moved the file, here's a link http://db.tt/wgvN7Dy I've not tried it on centos6 can you do it please? I want to be sure that it will work ok. thanks.

Author:	sblantipodi [ Thu Jul 21, 2011 11:22 am ]
Post subject:
I would like to see a patch from linode guys since they gived us a fresh new VPS with this error from start Is it asking too much?

Author:	sblantipodi [ Thu Jul 21, 2011 11:53 am ]
Post subject:
this is what this excellent support answered: Quote: Hello, Thank you for contacting us! The issue you are experiencing with iptables is happening due to our paravirt kernel having a "security" chain compiled into it, and the default "iptables" init script included with CentOS does not know how to handle it. You are able to resolve this issue by downloading an amended version of the "iptables" init script. Please issue the following commands as the "root" user: cd /etc/init.d mv iptables ~/iptables.bak wget http://epoxie.net/12023.txt && cat 12023.txt \| tr -d '\r' > iptables chmod +x iptables rm -rf 12023.txt Now, "iptables" should now start successfully: service iptables restart If there is anything else we can do for you, please let us know. Regards, Fixed the problem, thank you Linode support!!!

Author:	Intervex_Digital [ Thu May 03, 2012 7:11 pm ]
Post subject:
Unfortunately I'm running into the same issue on a minty fresh install of CentOS and the link on epoxie.net is dead... does anyone have a working /etc/init.d/iptables script they'd be willing to share?

Author:	obs [ Thu May 03, 2012 7:24 pm ]
Post subject:
Mine still exists https://www.dropbox.com/s/nrbvbe2veypdq ... bles.patch dunno if it still works, this was for centos 5.x

Page 3 of 4	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/