Re: Can't run shorewall with kernel 2.6.20.2

To: debian-user@lists.debian.org
Subject: Re: Can't run shorewall with kernel 2.6.20.2
From: Micha Feigin <michf@post.tau.ac.il>
Date: Sun, 11 Mar 2007 01:50:47 +0200
Message-id: <[🔎] 20070311015047.7429c872@litshi.luna.local>
In-reply-to: <[🔎] 421cf0790703100553v4306bc76wb81cb049788790a9@mail.gmail.com>
References: <[🔎] 20070310050034.40f172e9@litshi.luna.local> <[🔎] 20070310034630.GA2536@santiago.connexer.com> <[🔎] 421cf0790703100553v4306bc76wb81cb049788790a9@mail.gmail.com>

On Sat, 10 Mar 2007 14:53:37 +0100
"Adrián Ebay" <achapela.rexistros@gmail.com> wrote:

> Seems to be a compilation error.
> 
> Have you all the iptables modules ?? Check if you have all the modules. The
> problem isn´t shorewall, it is the iptables.
> 

It seems that the command that is failing at the moment is:

/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

If try to run it by itself (with the -v option) I get the error:

ACCEPT  0 opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  state RELATED,ESTABLISHED 
iptables: Invalid argument

running just

/sbin/iptables -A FORWARD -j ACCEPT

works so it's something with the -m state option. Any idea what module is
needed?

I tried compiling xt_state, xt_conntrack and nf_conntrack which seemed related
but they didn't help. Nothing else that seems to fit from previous kernels. The
only modules that seem to be missing from this version of the kernel and I
can't find options to compile them are:

ipt_hashlimit.ko
ip_conntrack_ftp.ko
ip_conntrack.ko

Thanks

> 2007/3/10, Roberto C. Sanchez <roberto@connexer.com>:
> >
> > On Sat, Mar 10, 2007 at 05:00:34AM +0200, Micha Feigin wrote:
> > > I tried upgrading to kernel 2.6.20 and 2.6.20.2 but shorewall refuses to
> > start.
> > >
> > > The only error I get is: (from /var/log/shorewall-init.log)
> > >
> > > [...]
> > > Shorewall configuration compiled to /var/lib/shorewall/.start
> > > Starting Shorewall....
> > > Initializing...
> > > Clearing Traffic Control/QOS
> > > Deleting user chains...
> > > iptables: No chain/target/match by that name
> > >    ERROR: Command "/sbin/iptables -A FORWARD -m state --state
> > ESTABLISHED,RELATED -j ACCEPT" Failed
> > > iptables: No chain/target/match by that name
> > > iptables: No chain/target/match by that name
> > > /sbin/shorewall: line 531:  1991
> > Terminated              ${VARDIR}/.start $debugging start
> > >
> > Please provide the following:
> >
> > distribution of Debian
> > version of shorewall
> > version of iptables
> > method by which kernel was built
> >
> > Regards,
> >
> > -Roberto
> >
> > --
> > Roberto C. Sanchez
> > http://people.connexer.com/~roberto
> > http://www.connexer.com
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.1 (GNU/Linux)
> >
> > iD8DBQFF8ioW1snWssAFC08RAkBDAJ9GE/vrdnd/bfS4fmJUgvzP2sicgwCfd1ga
> > GQDT8dvra0E0B7hN+XN8+NU=
> > =VrAl
> > -----END PGP SIGNATURE-----
> >
> >

Reply to:

References:
- Can't run shorewall with kernel 2.6.20.2
  - From: Micha Feigin <michf@post.tau.ac.il>
- Re: Can't run shorewall with kernel 2.6.20.2
  - From: "Roberto C. Sanchez" <roberto@connexer.com>
- Re: Can't run shorewall with kernel 2.6.20.2
  - From: "Adrián Ebay" <achapela.rexistros@gmail.com>

Prev by Date: vmware complains about header file location (Debian Etch)
Next by Date: Sarge to Etch upgrade report
Previous by thread: Re: Can't run shorewall with kernel 2.6.20.2
Next by thread: Re: Can't run shorewall with kernel 2.6.20.2
Index(es):
- Date
- Thread