Re: iptables: Protocol wrong type for socket.

To: debian-user@lists.debian.org
Subject: Re: iptables: Protocol wrong type for socket.
From: hvw59601 <hvw59601@care2.com>
Date: Tue, 07 Aug 2012 11:30:36 -0500
Message-id: <[🔎] jvrfrc$g15$1@dough.gmane.org>
In-reply-to: <[🔎] jvrcs5$6mk$9@dough.gmane.org>
References: <[🔎] jvptds$ddf$1@dough.gmane.org> <[🔎] jvrcs5$6mk$9@dough.gmane.org>

Camaleón wrote:

On Mon, 06 Aug 2012 21:10:03 -0500, hvw59601 wrote:
I guess if this is [OT] I will hear about it :-)
Nah, it's fine to me :-)
Anyway, I installed Firehol on a sid system that runs a kernel that I
have configured myself.

However, I get lots of errors when Firehol tries to start, like:

...
ERROR   : # 1.
WHAT : A runtime command failed to execute (returned error 1).SOURCE : line 31 of /etc/firehol/firehol.confCOMMAND : /sbin/iptables -t filter -A in_internet -p tcp -m state --state NEW \! --syn -j pr_internet_nosynOUTPUT :
iptables: Protocol wrong type for socket. ...
I understand the mesage comes from your kernel, I mean, nothing wrongin firehol.
I googled the error and there are lots of hits, but I see no clue as to
what the message actually means.

Obviously I have not configured the kernel correctly because with the
Debian kernels there are no errors.

But what kernel configuration parameter might be missing/wrong?
Can't tell for the exact parameter/option that controls this but what Iuse to do when have to compile a new kernel is using the current ".config"file which comes along with Debian stock kernel to avoid missing/messing
 something.

But the difference in kernel sizes between a kernel with the Debian.config and one with my own .config for this particular box is huge:32MB vs. 4MB.

But I figured it out: I compiled 3.4.7 from kernel.org with a .configfrom Debian's kernel in experimental, 3.5.0. I booted that and comparedthe lsmod from that with the one of 3.4.7 with my own .config and itturned out that there were 2 modules present in the former that were notin mine: nf_connttrack_ipv4 and nf_defrag_ipv4. I reconfigured and nowit works like a charm.


This is all for figuring out
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683768

and hibernate times for the various kernels that changed dramaticallybeginning with 3.2.21-1, from 10s. to 35s.

Strange enough hibernate for 3.4.7 with Debian .config takes 24s. andwith my own config 10s. Who knows what is going on.


Thanks Camaleón.

Hugo

Reply to:

Follow-Ups:
- Re: iptables: Protocol wrong type for socket.
  - From: Camaleón <noelamac@gmail.com>

References:
- iptables: Protocol wrong type for socket.
  - From: hvw59601 <hvw59601@care2.com>
- Re: iptables: Protocol wrong type for socket.
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: [OT] Intelectual Property Law
Next by Date: Re: debian-user-digest Digest V2012 #1981
Previous by thread: Re: iptables: Protocol wrong type for socket.
Next by thread: Re: iptables: Protocol wrong type for socket.
Index(es):
- Date
- Thread