[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

fwbuilder iptables script, kernel 2.6.8-11-amd64-k8 and sarge

Dear List,
I hope this is not too off-topic since it it a question regarding sarge with 
kernel-image 2.6.8-11-amd64-k8 which to my understanding originates
from the amd-64 port.
I am running a Debian sarge installation on an Athlon 3200+ with an fwbuilder generated 
iptables paket filter skript which runs fine with kernel-image 2.6.8-2-686.

When I boot the  kernel from sarge's kernel-image 2.6.8-11-amd64-k8
I get lots of messages like this one during execution of my iptables script:
iptables v1.2.11: can't initialize iptables table `filter': Module is wrong version 
Perhaps iptables or your kernel needs to be upgraded.

lsmod shows the following modules loaded:

ipt_REJECT              7616  8
ipt_multiport           2432  6
ipt_LOG                 7040  8
ipt_state               2496  52
ip_conntrack_tftp       4464  0
ip_conntrack_irc       72368  0
ip_conntrack_ftp       73200  0
ip_conntrack_amanda    70368  0
ip_conntrack 37412 5 ipt_state,ip_conntrack_tftp,ip_conntrack_irc,ip_conntrack_ftp,ip_conntrack_amanda 
iptable_filter          3392  1
ip_tables 18432 5 ipt_REJECT,ipt_multiport,ipt_LOG,ipt_state,iptable_filter
On another partitition I have an installation of the amd-64 port at hand and when my server has bootet I can mount this partiton, do a chroot and of course can execute my iptables fwbuilder script. Since this is a production mail server and I am eager to profit from the benefits of the better memory managment of the amd64 kernel this is my workaround after any reboot for the time beeing.
Obviously the 32 bit iptables binary from sarge does not like the 64 bit kernel. So what would you suggest? Install the iptables package from the amd-64 port? But that would obviously cause a mess within the dependencies. Install just the binary in /usr/sbin/local together with a hand full 
of libraries? Or stick with the 32 bit 686 kernel?
Changing completely to the amd-64 port is currently unfortunately not an option for several reasons ( no other amd64 servers available as backup hardware, no amd64 test machines available for compiling stuff before putting it on the production server, no 64bit CD (like knoppix) available for "exporting the offline booted server" via ssh to the admin for maintainance purposes since direct access to 
the console is limited to rare visits in the data processing center).
Since it is a production system and I have no other amd64 system around my willingness for testing adventures is reletavely small. But of course I would appreciate any experiences or suggestions from other users with a similar configuration. Maybe somebody has already found an elegant way to solve this 
dilemma.

Best regards

Matthias Wenthe
Reply to: