| 1 |
On 01/05/06, Toby Cubitt <tsc25@××××××.net> wrote: |
| 2 |
|
| 3 |
> I was confused because the error below is from the gentoo iptables |
| 4 |
> init script, not from your script. |
| 5 |
> |
| 6 |
> > ============================== |
| 7 |
> > # /etc/init.d/iptables restart |
| 8 |
> > * Loading iptables state and starting firewall ... |
| 9 |
> > iptables-restore v1.3.4: iptables-restore: unable to initializetable 'nat' |
| 10 |
> > |
| 11 |
> > Error occurred at line: 8 |
| 12 |
> > Try `iptables-restore -h' or 'iptables-restore --help' for more |
| 13 |
> > information. [ !! ] |
| 14 |
> > ============================== |
| 15 |
|
| 16 |
That's right. My script is not particularly verbose.. |
| 17 |
============================ |
| 18 |
# ./fw_script.sh start |
| 19 |
Starting firewall... |
| 20 |
============================ |
| 21 |
|
| 22 |
Checking if rules are initialised, everything looks OK as far as I can tell: |
| 23 |
============================ |
| 24 |
# iptables -L -v |
| 25 |
Chain INPUT (policy DROP 0 packets, 0 bytes) |
| 26 |
pkts bytes target prot opt in out source |
| 27 |
destination |
| 28 |
0 0 ACCEPT all -- !eth0 any anywhere |
| 29 |
anywhere |
| 30 |
0 0 ACCEPT all -- any any anywhere |
| 31 |
anywhere state RELATED,ESTABLISHED |
| 32 |
0 0 DROP tcp -- eth0 any anywhere |
| 33 |
anywhere |
| 34 |
1 229 DROP udp -- eth0 any anywhere |
| 35 |
anywhere |
| 36 |
|
| 37 |
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) |
| 38 |
pkts bytes target prot opt in out source |
| 39 |
destination |
| 40 |
|
| 41 |
Chain OUTPUT (policy ACCEPT 774 packets, 144K bytes) |
| 42 |
pkts bytes target prot opt in out source destination |
| 43 |
============================ |
| 44 |
|
| 45 |
> |
| 46 |
> It looks like it's trying to define NAT rules, even though you don't |
| 47 |
> use NAT. Maybe the old rules saved by gentoo's iptables init script |
| 48 |
> included some NAT rules? |
| 49 |
|
| 50 |
Hmm, I don't know. Where would it get its NAT rules from? My fw |
| 51 |
script? As Daniel guides us in his commented script I have entered |
| 52 |
NAT=" " (blank), to disable NATing. |
| 53 |
|
| 54 |
If, after I start the fw script I run /etc/init.d/iptables save, I get: |
| 55 |
============================ |
| 56 |
# /etc/init.d/iptables save |
| 57 |
* Saving iptables state ... |
| 58 |
============================ |
| 59 |
No errors here. |
| 60 |
|
| 61 |
When I run ./fw_script.sh stop it comes back with this error: |
| 62 |
============================ |
| 63 |
# ./fw_script.sh stop |
| 64 |
Stopping firewall... |
| 65 |
iptables v1.3.4: can't initialize iptables table `nat': Table does not |
| 66 |
exist (do you need to insmod?) |
| 67 |
Perhaps iptables or your kernel needs to be upgraded. |
| 68 |
============================ |
| 69 |
|
| 70 |
Despite this error message the fw is stopped because iptables -L -v |
| 71 |
shows that the chains are flushed. |
| 72 |
|
| 73 |
> Does running "/etc/init.d/iptables stop", then running your script, |
| 74 |
> then running "/etc/init.d/iptables save", then |
| 75 |
> "/etc/init.d/iptables start" help at all? |
| 76 |
|
| 77 |
Let's see: |
| 78 |
============================ |
| 79 |
# /etc/init.d/iptables stop |
| 80 |
* ERROR: "iptables" has not yet been started. |
| 81 |
# ./fw_script.sh start |
| 82 |
Starting firewall... |
| 83 |
# /etc/init.d/iptables save |
| 84 |
* Saving iptables state ... |
| 85 |
# /etc/init.d/iptables start |
| 86 |
* Loading iptables state and starting firewall ... |
| 87 |
============================ |
| 88 |
|
| 89 |
No problem. Rebooting thereafter comes up *without* the error. So |
| 90 |
the error is caused by the state in which the iptables are saved using |
| 91 |
the ./fw_script stop command. Something's amiss with the script then, |
| 92 |
given the latest kernel chages. |
| 93 |
|
| 94 |
Thanks for all your responses. I am getting there! :-) Any more ideas? |
| 95 |
-- |
| 96 |
Regards, |
| 97 |
Mick |
| 98 |
|
| 99 |
-- |
| 100 |
gentoo-user@g.o mailing list |
Archives