1 |
On 01/05/06, Toby Cubitt <tsc25@××××××.net> wrote: |
2 |
|
3 |
> I was confused because the error below is from the gentoo iptables |
4 |
> init script, not from your script. |
5 |
> |
6 |
> > ============================== |
7 |
> > # /etc/init.d/iptables restart |
8 |
> > * Loading iptables state and starting firewall ... |
9 |
> > iptables-restore v1.3.4: iptables-restore: unable to initializetable 'nat' |
10 |
> > |
11 |
> > Error occurred at line: 8 |
12 |
> > Try `iptables-restore -h' or 'iptables-restore --help' for more |
13 |
> > information. [ !! ] |
14 |
> > ============================== |
15 |
|
16 |
That's right. My script is not particularly verbose.. |
17 |
============================ |
18 |
# ./fw_script.sh start |
19 |
Starting firewall... |
20 |
============================ |
21 |
|
22 |
Checking if rules are initialised, everything looks OK as far as I can tell: |
23 |
============================ |
24 |
# iptables -L -v |
25 |
Chain INPUT (policy DROP 0 packets, 0 bytes) |
26 |
pkts bytes target prot opt in out source |
27 |
destination |
28 |
0 0 ACCEPT all -- !eth0 any anywhere |
29 |
anywhere |
30 |
0 0 ACCEPT all -- any any anywhere |
31 |
anywhere state RELATED,ESTABLISHED |
32 |
0 0 DROP tcp -- eth0 any anywhere |
33 |
anywhere |
34 |
1 229 DROP udp -- eth0 any anywhere |
35 |
anywhere |
36 |
|
37 |
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) |
38 |
pkts bytes target prot opt in out source |
39 |
destination |
40 |
|
41 |
Chain OUTPUT (policy ACCEPT 774 packets, 144K bytes) |
42 |
pkts bytes target prot opt in out source destination |
43 |
============================ |
44 |
|
45 |
> |
46 |
> It looks like it's trying to define NAT rules, even though you don't |
47 |
> use NAT. Maybe the old rules saved by gentoo's iptables init script |
48 |
> included some NAT rules? |
49 |
|
50 |
Hmm, I don't know. Where would it get its NAT rules from? My fw |
51 |
script? As Daniel guides us in his commented script I have entered |
52 |
NAT=" " (blank), to disable NATing. |
53 |
|
54 |
If, after I start the fw script I run /etc/init.d/iptables save, I get: |
55 |
============================ |
56 |
# /etc/init.d/iptables save |
57 |
* Saving iptables state ... |
58 |
============================ |
59 |
No errors here. |
60 |
|
61 |
When I run ./fw_script.sh stop it comes back with this error: |
62 |
============================ |
63 |
# ./fw_script.sh stop |
64 |
Stopping firewall... |
65 |
iptables v1.3.4: can't initialize iptables table `nat': Table does not |
66 |
exist (do you need to insmod?) |
67 |
Perhaps iptables or your kernel needs to be upgraded. |
68 |
============================ |
69 |
|
70 |
Despite this error message the fw is stopped because iptables -L -v |
71 |
shows that the chains are flushed. |
72 |
|
73 |
> Does running "/etc/init.d/iptables stop", then running your script, |
74 |
> then running "/etc/init.d/iptables save", then |
75 |
> "/etc/init.d/iptables start" help at all? |
76 |
|
77 |
Let's see: |
78 |
============================ |
79 |
# /etc/init.d/iptables stop |
80 |
* ERROR: "iptables" has not yet been started. |
81 |
# ./fw_script.sh start |
82 |
Starting firewall... |
83 |
# /etc/init.d/iptables save |
84 |
* Saving iptables state ... |
85 |
# /etc/init.d/iptables start |
86 |
* Loading iptables state and starting firewall ... |
87 |
============================ |
88 |
|
89 |
No problem. Rebooting thereafter comes up *without* the error. So |
90 |
the error is caused by the state in which the iptables are saved using |
91 |
the ./fw_script stop command. Something's amiss with the script then, |
92 |
given the latest kernel chages. |
93 |
|
94 |
Thanks for all your responses. I am getting there! :-) Any more ideas? |
95 |
-- |
96 |
Regards, |
97 |
Mick |
98 |
|
99 |
-- |
100 |
gentoo-user@g.o mailing list |