Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Toby Cubitt <tsc25@××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Change in kernel netfilter config causes an error
Date: Mon, 01 May 2006 16:39:07
Message-Id: 20060501162806.GA16714@r2d2.localdomain
In Reply to: Re: [gentoo-user] Change in kernel netfilter config causes an error by Mick
1 On Mon, May 01, 2006 at 05:55:08PM +0200, Mick wrote:
2 > On 01/05/06, Toby Cubitt <tsc25@××××××.net> wrote:
3
4 [snip]
5
6 > >Does running "/etc/init.d/iptables stop", then running your script,
7 > >then running "/etc/init.d/iptables save", then
8 > >"/etc/init.d/iptables start" help at all?
9 >
10 > Let's see:
11 > ============================
12 > # /etc/init.d/iptables stop
13 > * ERROR: "iptables" has not yet been started.
14 > # ./fw_script.sh start
15 > Starting firewall...
16 > # /etc/init.d/iptables save
17 > * Saving iptables state ...
18 > # /etc/init.d/iptables start
19 > * Loading iptables state and starting firewall ...
20 > ============================
21 >
22 > No problem. Rebooting thereafter comes up *without* the error. So
23 > the error is caused by the state in which the iptables are saved using
24 > the ./fw_script stop command. Something's amiss with the script then,
25 > given the latest kernel chages.
26
27 Bingo! Your fw_script.sh contains (line 72):
28
29 iptables -t nat -F POSTROUTING
30
31 which fails because you haven't compiled NAT into your kernel. Comment
32 it out and hopefully your script will work.
33
34 You probably know this already, but once you've set up your rules
35 (using your script), and gentoo's init script has saved them, there's
36 no need to run your script again. The rules will be reloaded from the
37 saved file by the init script whenever it's restarted. However, the
38 init script also saves the rules when it's stopped, e.g. on reboot,
39 overwriting previously saved rules. It's easy while setting things up
40 to accidentally save the wrong rule set.
41
42 Toby
43 --
44 PhD Student
45 Quantum Information Theory group
46 Max Planck Institute for Quantum Optics
47 Garching, Germany
48
49 email: toby@××××××××.org
50 web: www.dr-qubit.org
51 --
52 gentoo-user@g.o mailing list

Replies

Subject Author
[gentoo-user] Re: Change in kernel netfilter config causes an error Mick <michaelkintzios@×××××.com>
Report Message
Find on MARC Find on Google Groups