fwbuilder iptables script, kernel 2.6.8-11-amd64-k8 and sarge
Dear List,
I hope this is not too off-topic since it it a question regarding sarge
with
kernel-image 2.6.8-11-amd64-k8 which to my understanding originates
from the amd-64 port.
I am running a Debian sarge installation on an Athlon 3200+ with an
fwbuilder generated
iptables paket filter skript which runs fine with kernel-image 2.6.8-2-686.
When I boot the kernel from sarge's kernel-image 2.6.8-11-amd64-k8
I get lots of messages like this one during execution of my iptables script:
iptables v1.2.11: can't initialize iptables table `filter': Module is
wrong version
Perhaps iptables or your kernel needs to be upgraded.
lsmod shows the following modules loaded:
ipt_REJECT 7616 8
ipt_multiport 2432 6
ipt_LOG 7040 8
ipt_state 2496 52
ip_conntrack_tftp 4464 0
ip_conntrack_irc 72368 0
ip_conntrack_ftp 73200 0
ip_conntrack_amanda 70368 0
ip_conntrack 37412 5
ipt_state,ip_conntrack_tftp,ip_conntrack_irc,ip_conntrack_ftp,ip_conntrack_amanda
iptable_filter 3392 1
ip_tables 18432 5
ipt_REJECT,ipt_multiport,ipt_LOG,ipt_state,iptable_filter
On another partitition I have an installation of the amd-64 port at hand
and when my server
has bootet I can mount this partiton, do a chroot and of course can
execute my iptables fwbuilder
script. Since this is a production mail server and I am eager to profit
from the benefits of the
better memory managment of the amd64 kernel this is my workaround after
any reboot for the time beeing.
Obviously the 32 bit iptables binary from sarge does not like the 64 bit
kernel. So what would
you suggest? Install the iptables package from the amd-64 port? But that
would obviously cause
a mess within the dependencies. Install just the binary in
/usr/sbin/local together with a hand full
of libraries? Or stick with the 32 bit 686 kernel?
Changing completely to the amd-64 port is currently unfortunately not an
option for several reasons
( no other amd64 servers available as backup hardware, no amd64 test
machines available for
compiling stuff before putting it on the production server, no 64bit CD
(like knoppix) available for
"exporting the offline booted server" via ssh to the admin for
maintainance purposes since direct access to
the console is limited to rare visits in the data processing center).
Since it is a production system and I have no other amd64 system around
my willingness for testing
adventures is reletavely small. But of course I would appreciate any
experiences or suggestions from
other users with a similar configuration. Maybe somebody has already
found an elegant way to solve this
dilemma.
Best regards
Matthias Wenthe
Reply to: