Sorry for the top post. Alexander's suggestions worked. Everything is
fine now. Posting solution back for the archives.
Regards,
Ed.
Alexander Dalloz wrote:
Am Di, den 24.08.2004 schrieb Edward um 4:46:
I have in my firewall script the following lines (amongst others which
don't affect the problem):
$DEPMOD -a
$INSMOD ip_tables
$INSMOD ip_conntrack
$INSMOD ip_conntrack_ftp
$INSMOD ip_conntrack_irc
$INSMOD iptable_nat
$INSMOD ip_nat_ftp
Can you explain why you run depmod first and then insmod? Sorry, that
makes no sense at all. The sense of running depmod is to have a list mof
module dependencies (under /lib/modules/$(uname -r)/). This is done
during boot up automatically and only has to be run after modules have
been added or removed manually. To make use of the dependency list use
modprobe and not insmod. insmod is some kind of pushing and not checking
for dependencies. And exactly that is often making trouble and cause for
things you see below. When another module is missing and not loaded yet
and you run insmod $module you can have such unknown symbol messages.
(Ofcourse the $DEPMOD and $INSMOD variables are set earlier in the
script). I've always needed to do it this way since as long as I can
remember to get FTP and IRC to work properly.
/etc/sysconfig/iptables-config
IPTABLES_MODULES=""
is the proper place to put the modules in which shall be loaded
additional when the iptables service starts.
It looks like a module mismatch to me? Anybody have an idea?
ip_conntrack seems OK, but why is it spewing at iptable_nat? Is it even
needed?
Which kernel do you use? This information is missing in your mail. I bet
(a chicken) your problem comes from using insmod. Running the latest FC2
kernel (see my signature) I just called
modprobe ip_tables
modprobe iptable_nat
and got from lsmod:
iptable_nat 22885 0
ip_conntrack 30929 1 iptable_nat
iptable_filter 6209 0
ip_tables 18497 2 iptable_nat,iptable_filter
and not any error message.
Ed.
Alexander
