[CLUE-Tech] RedHat 8.0 upgrade problem 1.2.8

Friedman, Jason Jason.Friedman at xemkt.com
Tue Aug 26 10:42:28 MDT 2003 

I use RedHat and use the RedHat-provided RPMs for all my server maintenance,
including installation of new kernels, which I believe I am up-to-date with.

$ uname -a
Linux abigail 2.4.20-19.8 #1 Tue Jul 15 14:59:09 EDT 2003 i686 athlon i386
GNU/Linux

I downloaded the RPMs for iptables v.1.2.8 (one for iptables and one for
ip6tables) and entered:
$ rpm -Uvh <package names here>

The command executed without errors and I saw six new files in /sbin:

-rwxr-xr-x    1 root     root        58386 Jul 31 09:51 iptables-save
-rwxr-xr-x    1 root     root        60196 Jul 31 09:51 iptables-restore
-rwxr-xr-x    1 root     root        55410 Jul 31 09:51 iptables
-rwxr-xr-x    1 root     root        60192 Jul 31 09:51 ip6tables-save
-rwxr-xr-x    1 root     root        60400 Jul 31 09:51 ip6tables-restore
-rwxr-xr-x    1 root     root        55760 Jul 31 09:51 ip6tables

I then entered
$ service iptables restart

These three lines appeared quickly:
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: mangle nat filter         [  OK  ]
Unloading iptables modules:

and then nothing for five minutes.  My terminal would not respond to CTRL-C.
I opened another terminal and killed the job and saw this on the original
terminal:

/sbin/service: line 67: 21934 Terminated              env -i 
LANG=$LANG PATH=$PATH "${SERVICEDIR}/${SERVICE}" ${OPTIONS}

I tried executing my normal iptables shell script (the one that worked
without exception under 1.2.6a), below is a partial output:

+ iptables -t nat --flush
iptables v1.2.8: can't initialize iptables table `nat': Table 
does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ iptables -t mangle --flush
+ iptables -A INPUT -i lo -j ACCEPT
+ iptables -A OUTPUT -o lo -j ACCEPT
+ iptables --policy INPUT DROP
+ iptables --policy OUTPUT ACCEPT
+ iptables --policy FORWARD ACCEPT
+ iptables -t nat --policy PREROUTING ACCEPT
iptables v1.2.8: can't initialize iptables table `nat': Table 
does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
...
+ /sbin/insmod ip_tables
Using /lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/ip_tables.o
insmod: a module named ip_tables already exists
+ /sbin/insmod ip_conntrack
Using /lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/ip_conntrack.o
insmod: a module named ip_conntrack already exists
+ /sbin/insmod ip_conntrack_ftp
Using 
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/ip_conntrack
_ftp.o: unresolved symbol ip_conntrack_helper_unregister_Reea5a3fd
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/ip_conntrack
_ftp.o: unresolved symbol ip_conntrack_helper_register_Ra22d6eb5
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/ip_conntrack
_ftp.o: unresolved symbol ip_conntrack_expect_related_Rfc718b15
+ /sbin/insmod iptable_nat
Using /lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol ip_ct_find_helper_R2e1adde3
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol ip_conntrack_htable_size_R8ef8af4c
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol ip_ct_gather_frags_Rde4bd92c
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol invert_tuplepr_R5e68d8a9
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol ip_conntrack_module_Rb0361033
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol ip_ct_selective_cleanup_R37fa06eb
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol ip_conntrack_get_Rc412d48a
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol ip_conntrack_tuple_taken_R4001f92d
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol ip_conntrack_alter_reply_Rca0ced33
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol __ip_ct_find_proto_R9e4bc5ef
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/iptable_nat.
o: unresolved symbol ip_conntrack_destroyed_R35dd3854

The result is that my INPUT, OUTPUT, and FORWARD chains remain 
unchanged (good) but I have no NAT table (bad).

Then, I tried going back to 1.2.6a:
$ rpm --oldpackage -Uvh <old package names here>

Again, no RPM errors, but now my firewall shell script yields:

iptables v1.2.6a: can't initialize iptables table `nat': Table does not
exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Using /lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/ip_tables.o
insmod: a module named ip_tables already exists
Using /lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/ip_conntrack.o
insmod: a module named ip_conntrack already exists
Using /lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
/lib/modules/2.4.20-19.8/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o:
unresolved symbol ip_conntrack_helper_unregister_Reea5a3fd

My goal is to get either 1.2.6a or 1.2.8 iptables working.  I sure do wish I
understood what a kernel module was.

Thank you

More information about the clue-tech mailing list