[SOLVED] Netfilter Modules

Edward edward at tripled.iinet.net.au
Tue Aug 24 06:31:05 UTC 2004 

Sorry for the top post. Alexander's suggestions worked. Everything is 
fine now. Posting solution back for the archives.

Regards,
Ed.

Alexander Dalloz wrote:

> Am Di, den 24.08.2004 schrieb Edward um 4:46:
> 
> 
>>I have in my firewall script the following lines (amongst others which 
>>don't affect the problem):
>>
>>$DEPMOD -a
>>$INSMOD ip_tables
>>$INSMOD ip_conntrack
>>$INSMOD ip_conntrack_ftp
>>$INSMOD ip_conntrack_irc
>>$INSMOD iptable_nat
>>$INSMOD ip_nat_ftp
> 
> 
> Can you explain why you run depmod first and then insmod? Sorry, that
> makes no sense at all. The sense of running depmod is to have a list mof
> module dependencies (under /lib/modules/$(uname -r)/). This is done
> during boot up automatically and only has to be run after modules have
> been added or removed manually. To make use of the dependency list use
> modprobe and not insmod. insmod is some kind of pushing and not checking
> for dependencies. And exactly that is often making trouble and cause for
> things you see below. When another module is missing and not loaded yet
> and you run insmod $module you can have such unknown symbol messages.
> 
> 
>>(Ofcourse the $DEPMOD and $INSMOD variables are set earlier in the 
>>script). I've always needed to do it this way since as long as I can 
>>remember to get FTP and IRC to work properly.
> 
> 
> /etc/sysconfig/iptables-config
> 
> IPTABLES_MODULES=""
> 
> is the proper place to put the modules in which shall be loaded
> additional when the iptables service starts.
> 
> 
>>It looks like a module mismatch to me? Anybody have an idea? 
>>ip_conntrack seems OK, but why is it spewing at iptable_nat? Is it even 
>>needed?
> 
> 
> Which kernel do you use? This information is missing in your mail. I bet
> (a chicken) your problem comes from using insmod. Running the latest FC2
> kernel (see my signature) I just called
> 
> modprobe ip_tables
> modprobe iptable_nat
> 
> and got from lsmod:
> 
> iptable_nat            22885  0
> ip_conntrack           30929  1 iptable_nat
> iptable_filter          6209  0
> ip_tables              18497  2 iptable_nat,iptable_filter
> 
> and not any error message.
> 
> 
>>Ed.
> 
> 
> Alexander
> 
>

More information about the fedora-list mailing list