Linode Forum
https://forum.linode.com/

IP Tables Error
https://forum.linode.com/viewtopic.php?f=19&t=6981		 Page 1 of 4
Author:  kavisaku [ Mon Apr 18, 2011 9:50 pm ]
Post subject:  IP Tables Error
When I restart iptables, I am getting the following error. Learned from this forum, that I need to change the kernel, which i did..not working good.

Code:
[root@**** ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: security raw nat mangle fi[FAILED]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n[FAILED]
[root@**** ~]# uname -a
Linux **** 2.6.38-linode31 #1 SMP Mon Mar 21 21:22:33 UTC 2011 i686 i686 i386 GNU/Linux


Running Centos 32-bit.

Your suggestions are highly appreciated..thank you!
Author:  obs [ Tue Apr 19, 2011 6:20 am ]
Post subject: 
try this http://www.linode.com/wiki/index.php/Ce ... BFAILED.5D
Author:  kavisaku [ Tue Apr 19, 2011 8:07 am ]
Post subject: 
thank you..that did fixed the netbios error..however, the first error still remains.

Setting chains to policy ACCEPT: security raw nat mangle fi[FAILED]
Author:  obs [ Tue Apr 19, 2011 8:40 am ]
Post subject: 
I should really have my cuppa tea before reading these posts so I read the whole thing....

Anyway can you put the content of your /etc/sysconfig/iptables file in http://pastebin.linode.com/ then post the link please.
Author:  kavisaku [ Tue Apr 19, 2011 10:24 am ]
Post subject: 
Thank you!!!!

But, what have I done? I rebooted the linode..When I used the Lish console, here is the error message.

Code:
IPv4 over IPv4 tunneling driver                                                                     
GRE over IPv4 tunneling driver                                                                      
ip_conntrack version 2.4 (8192 buckets, 65536 max) - 228 bytes per conntrack                        
ip_conntrack_pptp version 3.1 loaded                                                                
ip_nat_pptp version 3.0 loaded                                                                      
ip_tables: (C) 2000-2006 Netfilter Core Team                                                        
TCP bic registered                                                                                  
Initializing IPsec netlink socket                                                                   
NET: Registered protocol family 1                                                                   
NET: Registered protocol family 10                                                                  
lo: Disabled Privacy Extensions                                                                     
IPv6 over IPv4 tunneling driver                                                                     
ip6_tables: (C) 2000-2006 Netfilter Core Team                                                       
NET: Registered protocol family 17                                                                  
NET: Registered protocol family 15                                                                  
Bridge firewalling registered                                                                       
Ebtables v2.0 registered                                                                            
ebt_ulog: not logging via ulog since somebody else already registered for PF_BRIDGE                 
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>                                       
All bugs added by David S. Miller <davem@redhat.com>                                                
SCTP: Hash tables configured (established 65536 bind 65536)                                         
Using IPI Shortcut mode                                                                             
XENBUS: Device with no driver: device/console/0                                                     
md: Autodetecting RAID arrays.                                                                      
md: autorun ...                                                                                     
md: ... autorun DONE.                                                                               
kjournald starting.  Commit interval 5 seconds                                                      
EXT3-fs: mounted filesystem with ordered data mode.                                                 
VFS: Mounted root (ext3 filesystem) readonly.                                                       
Freeing unused kernel memory: 224k freed                                                            
Warning: unable to open an initial console.



The Kernel is Latest 2.6 Legacy (2.6.18.8-linode22)

CentOS 32 bit.

I did nothing except changing the kernel as mentioned in the other thread...:( :) :)
Author:  obs [ Tue Apr 19, 2011 10:49 am ]
Post subject: 
I believe the latest version of centos requires the paravirt kernel (not positive though), switch back and provide the contents of /etc/sysconfig/iptables at http://pastebin.linode.com/
Author:  kavisaku [ Tue Apr 19, 2011 11:01 am ]
Post subject: 
thank you! the pastebin link;

http://pastebin.linode.com/5181
Author:  obs [ Tue Apr 19, 2011 12:20 pm ]
Post subject: 
can you pastebin the contents of /etc/init.d/iptables as well (sorry forgot)
Author:  kavisaku [ Tue Apr 19, 2011 1:43 pm ]
Post subject: 
@ obs;

http://pastebin.linode.com/5184
Author:  kavisaku [ Wed Apr 20, 2011 6:53 am ]
Post subject: 
FYKI, I am trying to run openvpn and pptp...Everytime I start the server, the iptables settings are not executed.

I don't know if this is related, but

Code:
[root@*** etc]# modprobe ppp-compress-18 && echo ok
FATAL: Module ppp_mppe not found.
Author:  obs [ Wed Apr 20, 2011 5:14 pm ]
Post subject: 
copy this into a file http://pastebin.linode.com/5191 and run
Code:
patch -p1 < filename
if it asks for a file choose /etc/init.d/iptables (replace filename in the command with the name of the file you saved it to). That will patch your init script.
Author:  kavisaku [ Thu Apr 21, 2011 8:27 am ]
Post subject: 
@ obs...You are a genius..Thanks a lot. :)

Code:
[root@*** ~]# nano ipfix
[root@*** ~]# patch -p1 < ipfix
missing header for unified diff at line 3 of patch
can't find file to patch at input line 3
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|--- iptables.old   2011-04-20 17:08:49.000000000 -0400
|+++ iptables   2011-04-20 17:09:17.000000000 -0400
--------------------------
File to patch: /etc/init.d/iptables
patching file /etc/init.d/iptables
[root@*** ~]# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: security raw nat mangle fi[  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Author:  obs [ Thu Apr 21, 2011 8:59 am ]
Post subject: 
Np *goes and pokes linode to update their distro*
Author:  hoopycat [ Thu Apr 21, 2011 2:13 pm ]
Post subject: 
obs wrote:
*goes and pokes linode to update their distro*


Looks like it is a part of the iptables package in CentOS, so you probably want to poke either CentOS or Red Hat to fix it.
Author:  obs [ Thu Apr 21, 2011 2:18 pm ]
Post subject: 
I installed centos locally first and that doesn't suffer from the problem so it seems to be a linode only problem.
Page 1 of 4 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/