Bug#411663: marked as done (linux-image-2.6.18-4-amd64: iptables do not work correctly with amd64 kernel)
Your message dated Thu, 3 Jul 2008 19:28:03 +0200
with message-id <20080703172803.GD20796@stro.at>
and subject line Re: linux-image-2.6.18-4-amd64: iptables do not work correctly with amd64 kernel
has caused the Debian Bug report #411663,
regarding linux-image-2.6.18-4-amd64: iptables do not work correctly with amd64 kernel
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
411663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411663
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: linux-image-2.6.18-4-amd64: iptables do not work correctly with amd64 kernel
- From: debian@noemamedia.com
- Date: Tue, 20 Feb 2007 13:14:07 +0100
- Message-id: <20070220131407.63a65d92@pluto.sonne.nil>
Package: linux-image-2.6.18-4-amd64
Version: 2.6.18.dfsg.1-10
Severity: normal
It seems that the 32bit iptables package do not work correctly together
with the (i386) amd64 kernel. After installing this kernel, shorewall do
not start anymore.
Here you can see snippets of the logs:
snippet of /var/log/shorewall-init.log:
...
Processing /etc/shorewall/continue ...
ip6tables v1.3.6: can't initialize ip6tables table `filter': Invalid
argument Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.3.6: can't initialize ip6tables table `filter': Bad file
descriptor Perhaps ip6tables or your kernel needs to be upgraded.
...
Setting up TC Rules...
iptables: Invalid argument
ERROR: Command "/sbin/iptables -t mangle -A tcpre -s 0.0.0.0/0 -d
0.0.0.0/0 -p icmp --icmp-type echo-request -j MARK --set-mark 1" Failed
...
snippet of /var/log/syslog:
...
Feb 20 11:14:24 uranus kernel: CSLIP: code copyright 1989 Regents of the
University of California
Feb 20 11:14:24 uranus kernel: PPP generic driver version 2.4.2
Feb 20 11:14:24 uranus kernel: NET: Registered protocol family 10
Feb 20 11:14:24 uranus kernel: lo: Disabled Privacy Extensions
Feb 20 11:14:24 uranus kernel: IPv6 over IPv4 tunneling driver
Feb 20 11:14:24 uranus kernel: ADDRCONF(NETDEV_UP): eth1: link is not
ready
Feb 20 11:14:24 uranus kernel: eth2: link up, 100Mbps, full-duplex, lpa
0x41E1
Feb 20 11:14:24 uranus kernel: ADDRCONF(NETDEV_UP): eth3: link is not
ready
Feb 20 11:14:24 uranus kernel: NET: Registered protocol family 24
Feb 20 11:14:24 uranus kernel: ip_tables: (C) 2000-2006 Netfilter Core
Team
Feb 20 11:14:24 uranus kernel: Netfilter messages via NETLINK v0.30.
Feb 20 11:14:24 uranus kernel: ip_conntrack version 2.4 (8192 buckets,
65536 max) - 304 bytes per conntrack
Feb 20 11:14:24 uranus kernel: Bridge firewalling registered
Feb 20 11:14:24 uranus kernel: ip_conntrack_pptp version 3.1 loaded
Feb 20 11:14:24 uranus kernel: ip_nat_pptp version 3.0 loaded
Feb 20 11:14:25 uranus kernel: e1000: eth3: e1000_watchdog: NIC Link is
Up 1000 Mbps Full Duplex
Feb 20 11:14:25 uranus kernel: ADDRCONF(NETDEV_CHANGE): eth3: link
becomes ready
Feb 20 11:14:25 uranus kernel: ClusterIP Version 0.8 loaded successfully
Feb 20 11:14:25 uranus kernel: ip_tables: conntrack match: invalid size
80 != 68
Feb 20 11:14:25 uranus kernel: ip_tables: connmark match: invalid size
24 != 12
Feb 20 11:14:25 uranus kernel: ip_tables: MARK target: invalid size 16 !=
8
Feb 20 11:14:25 uranus kernel: ip_tables: CONNMARK target: invalid size
24 != 12
Feb 20 11:14:25 uranus kernel: e1000: eth3: e1000_watchdog: NIC Link is
Down
Feb 20 11:14:25 uranus kernel: e1000: eth3: e1000_watchdog: NIC Link is
Up 1000 Mbps Full Duplex
Feb 20 11:14:25 uranus kernel: eth2: no IPv6 routers present
Feb 20 11:14:25 uranus kernel: eth0: no IPv6 routers present
Feb 20 11:14:25 uranus kernel: eth3: no IPv6 routers present
Feb 20 11:14:25 uranus kernel: ip6_tables: (C) 2000-2006 Netfilter Core
Team
Feb 20 11:14:25 uranus kernel: ip_tables: MARK target: invalid size 16 !=
8
Feb 20 11:14:25 uranus kernel: ip_tables: conntrack match: invalid size
80 != 68
Feb 20 11:14:25 uranus kernel: ip_tables: connmark match: invalid size
24 != 12
Feb 20 11:14:25 uranus kernel: ip_tables: MARK target: invalid size 16 !=
8
Feb 20 11:14:25 uranus kernel: ip_tables: CONNMARK target: invalid size
24 != 12
Feb 20 11:14:25 uranus kernel: ip_tables: conntrack match: invalid size
80 != 68
Feb 20 11:14:25 uranus kernel: ip_tables: connmark match: invalid size
24 != 12
Feb 20 11:14:25 uranus kernel: ip_tables: MARK target: invalid size 16 !=
8
Feb 20 11:14:25 uranus kernel: ip_tables: CONNMARK target: invalid size
24 != 12
...
--- End Message ---
--- Begin Message ---
- To: 411663-done@bugs.debian.org
- Subject: Re: linux-image-2.6.18-4-amd64: iptables do not work correctly with amd64 kernel
- From: maximilian attems <max@stro.at>
- Date: Thu, 3 Jul 2008 19:28:03 +0200
- Message-id: <20080703172803.GD20796@stro.at>
Version: 2.6.24-1
fixed in newer linux images.
thanks for report.
--
maks
--- End Message ---
Reply to: