Hi, yesterday I found a strange problem in one of my linuxes. It was found after a manual edit of /etc/sysconfig/iptables config file.
Linux: Fedora Core 2
Kernel: 2.6.5-1.358
Iptables: iptables-1.2.9-2.3.1
Now I'll write down what I'm checking and trying.
Code:
[root@server sysconfig]# service iptables start
Unloading iptables modules: [FAILED]
Applying iptables firewall rules: iptables-restore v1.2.9: iptables-restore: unable to initializetable 'nat'
Error occurred at line: 33
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
on line 33 I have this:
*nat
:PREROUTING ACCEPT [2108660:154940433]
:POSTROUTING ACCEPT [2123853:128100860]
:OUTPUT ACCEPT [2123853:128100860]
COMMIT
A clear sign that there's a problem with iptables and nat table.
Code:
[root@server sysconfig]# dmesg
ip_tables: (C) 2000-2002 Netfilter core team
iptable_nat: Unknown symbol ip_ct_selective_cleanup
iptable_nat: Unknown symbol invert_tuplepr
iptable_nat: Unknown symbol ip_ct_gather_frags
iptable_nat: Unknown symbol ip_conntrack_untracked
iptable_nat: Unknown symbol ip_conntrack_get
...
Moreover, modprobe is eating the whole CPU.
780:25 modprobe -r iptable_nat
I tried to kill this process. But I cannot! (killall -9 modprobe, kill -9 <process num>).
Code:
[root@server sysconfig]# modprobe iptable_nat
FATAL: Error inserting iptable_nat (/lib/modules/2.6.5-1.358/kernel/net/ipv4/netfilter/iptable_nat.ko): Unknown symbol in module, or unknown parameter (see dmesg)
Any ideas how to fix this problem and run iptables or atleas where exactly is it (the problem)? There were no problems with iptalbes untill yesterday, nighter any kernel upgrades have been made.
Code:
[root@server sysconfig]# uptime
15:26:14 up 116 days
