[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fwbuilder iptables script, kernel 2.6.8-11-amd64-k8 and sarge

On Tue, 9 Aug 2005, Goswin von Brederlow wrote:

Matthias Wenthe <wenthe@ims.de> writes:

On Mon, 8 Aug 2005, Lennart Sorensen wrote:

Are you running an amd64 kernel with a 32bit i386 sarge install?  If so
that is your problem.  iptables has to be 64bit to talk to a 64bit
kernel due to an alignment issue in the kernel structures for iptables
or something like that.  So you do need at least the 64bit iptables
binary and associated libs.  a 64bit chroot is one option for install it
easily, after which you can call it from 32bit install just fine.

A pure 64bit install would of course just work.

Len Sorensen

Thank you for clearing up what I suspected. In the chroot 64 bit
installation an ldd /sbin/iptables shows
         libdl.so.2 => /lib/libdl.so.2 (0x0000002a9566c000)
         libnsl.so.1 => /lib/libnsl.so.1 (0x0000002a95770000)
         libc.so.6 => /lib/libc.so.6 (0x0000002a95886000)
         /lib64/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2

The last library is easy to integrate into the 32 bit i386 sarge. But
what about the first three ones. How can I make the 64 bit iptables
binary which I put to /usr/local/sbin in 32 bit sarge look for the
libs in another place but /lib where the 32 bit libs with the same
name are placed ?


Matthias Wenthe

apt-get install amd64-libs

That should have all required libs already.

I did as recommended and copied the iptables and ip binaries from the chroot 64 bit installation to /usr/local/sbin in 32 bit sarge installation. I also installed the amd64-libs and yes I was able to execute /usr/local/sbin/iptables and get the syntax help. Encouraged by that I changed the path in the fwbuilder fw script (/usr/local/sbin before /usr/sbin) and changed the variables for the binaries iptables and ip so that they pointed to the 64 bit versions. Unfortunately I forgot to remove the symlink /etc/rcS.d/S42{myfwscript} to the fw script and so I was hopelessly locked out at first try (stupid me). The error I got was:

iptables v1.2.11: Couldn't load target `standard':/lib/iptables/libipt_standard.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: Can't delete chain with references left

So I had to call the guys from the data processing center and asked for
help at the console and subsequent reboot service.

Since I have no testing system at hand I must admit that I for now am cured of further experiments of that kind.

But thanks anyway for your help

Matthias Wenthe

Reply to: