[mdlug] Problems with new kernel and iptables
David Relson
relson at osagesoftware.com
Sat Mar 31 16:29:09 EDT 2007
On Sat, 31 Mar 2007 15:12:37 -0400 (EDT)
Carl T. Miller wrote:
> Mike wrote:
> > When I try and load my firewall, I get the error message:
> >
> > FATAL: Module ip_tables not found.
> >
> > Repeated several times. When I try to input lines like:
> >
> > iptables -A INPUT -i eth0 -p tcp -m tcp -m multiport --dports
> > 80,443 -m state --state NEW -j ACCEPT
> >
> > is when I the error message. I think it might be a problem using
> > the -m multiport flag?
> >
>
> One of the guys on lugwash had a similar problem, although
> I don't recall the details. He found that a newer version
> of iptables (the command) had been installed. He uninstalled
> it, reinstalled the previous version, and the firewall
> started working again.
>
> Out of curiousity, what distro are you using? I've been
> using iptables firewalls on Debian for both sarge and etch
> and haven't seen this issue.
>
> c
'Twas I with the iptables problem. In my case the problem was quite
different. I had installed a new version of iptables which used a new
version of glibc which was built for a newer version of the kernel than
I was running. The result was that the kernel was rejecting
setsockopt() calls because the new library used a differently sized
option buffer than the old kernel expected.. The fix was to downgrade
the iptables package (to use the older glibc which used a buffer of the
expected size).
Regards,
David
More information about the mdlug
mailing list