[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fwbuilder iptables script, kernel 2.6.8-11-amd64-k8 and sarge

Matthias Wenthe <wenthe@ims.de> writes:

> On Tue, 9 Aug 2005, Goswin von Brederlow wrote:
>> Matthias Wenthe <wenthe@ims.de> writes:
>>> On Mon, 8 Aug 2005, Lennart Sorensen wrote:
>>>> Are you running an amd64 kernel with a 32bit i386 sarge install?  If so
>>>> that is your problem.  iptables has to be 64bit to talk to a 64bit
>>>> kernel due to an alignment issue in the kernel structures for iptables
>>>> or something like that.  So you do need at least the 64bit iptables
>>>> binary and associated libs.  a 64bit chroot is one option for install it
>>>> easily, after which you can call it from 32bit install just fine.
>>>> A pure 64bit install would of course just work.
>>>> Len Sorensen
>>> Thank you for clearing up what I suspected. In the chroot 64 bit
>>> installation an ldd /sbin/iptables shows
>>>          libdl.so.2 => /lib/libdl.so.2 (0x0000002a9566c000)
>>>          libnsl.so.1 => /lib/libnsl.so.1 (0x0000002a95770000)
>>>          libc.so.6 => /lib/libc.so.6 (0x0000002a95886000)
>>>          /lib64/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2
>>>          (0x0000002a95
>>> The last library is easy to integrate into the 32 bit i386 sarge. But
>>> what about the first three ones. How can I make the 64 bit iptables
>>> binary which I put to /usr/local/sbin in 32 bit sarge look for the
>>> libs in another place but /lib where the 32 bit libs with the same
>>> name are placed ?
>>> Regards
>>> Matthias Wenthe
>> apt-get install amd64-libs
>> That should have all required libs already.
> I did as recommended and copied the iptables and ip binaries from the
> chroot 64 bit installation to /usr/local/sbin in 32 bit sarge
> installation. I also installed the  amd64-libs and yes I was able to
> execute /usr/local/sbin/iptables and get the syntax help. Encouraged
> by that I changed the path in the fwbuilder fw script (/usr/local/sbin
> before /usr/sbin) and changed the variables for the binaries iptables
> and ip so that they pointed to the 64 bit versions. Unfortunately I
> forgot to remove
> the symlink /etc/rcS.d/S42{myfwscript} to the fw script and so I was
> hopelessly locked out at first try (stupid me). The error I got was:
> iptables v1.2.11: Couldn't load target
> `standard':/lib/iptables/libipt_standard.so: cannot open shared object
> file: No such file or directory

You have to copy or link the modules there.

It is much easier to "dpkg-reversion" the package. Change the
architecture in DEBIAN/control to i386 and add a Depends on

After that you can just dpkg -i the package.

> Try `iptables -h' or 'iptables --help' for more information.
> iptables: Can't delete chain with references left
> So I had to call the guys from the data processing center and asked for
> help at the console and subsequent reboot service.
> Since I have no testing system at hand I must admit that I for now am
> cured of further experiments of that kind.

Always keep a root ssh connect open and test in a second shell. :)

> But thanks anyway for your help
> Matthias Wenthe


Reply to: