iptables keeps telling me that whenever i run it although i got the latest
kernel, latest iptables and all modules required for iptables are loaded (it
also doesnt work when i compile them into the kernel)!
anyone got an idea how to fix this?
[root@HOST2 /]# iptables -L
iptables v1.2.3: can't initialize iptables table `filter': Module is wrong
version
Perhaps iptables or your kernel needs to be upgraded.
[root@HOST2 /]# cat /proc/version
Linux version 2.4.12 (root@HOST2) (gcc version 2.96 20000731 (Mandrake Linux
8.1 2.96-0.62mdk)) #1 Sat Oct 13 12:12:08 CEST 2001
[root@HOST2 /]# grep _NF_ /usr/src/linux/.config
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_MARK=m
# CONFIG_IP_NF_MATCH_MULTIPORT is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_TCPMSS is not set
CONFIG_IP_NF_MATCH_STATE=m
# CONFIG_IP_NF_MATCH_UNCLEAN is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
CONFIG_IP_NF_FILTER=m
# CONFIG_IP_NF_TARGET_REJECT is not set
# CONFIG_IP_NF_TARGET_MIRROR is not set
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
# CONFIG_IP_NF_TARGET_REDIRECT is not set
CONFIG_IP_NF_NAT_FTP=m
# CONFIG_IP_NF_MANGLE is not set
CONFIG_IP_NF_TARGET_LOG=m
# CONFIG_IP_NF_TARGET_TCPMSS is not set
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set
On Sat, Oct 13, 2001 at 01:05:33PM +0200, peter k. wrote:
> iptables keeps telling me that whenever i run it although i got the latest
> kernel, latest iptables and all modules required for iptables are loaded (it
> also doesnt work when i compile them into the kernel)!
> anyone got an idea how to fix this?
did you compile your iptables against the version/configuration of the
kernel you are trying to run?
On Sat, 13 Oct 2001, Aaron Lehmann wrote:
> On Sat, Oct 13, 2001 at 01:05:33PM +0200, peter k. wrote:
> > iptables keeps telling me that whenever i run it although i got the latest
> > kernel, latest iptables and all modules required for iptables are loaded (it
> > also doesnt work when i compile them into the kernel)!
> > anyone got an idea how to fix this?
>
> did you compile your iptables against the version/configuration of the
> kernel you are trying to run?
I am getting the same thing here. I am using iptables 1.2.2 SRPMS from
Mandrake 8.1, compiled against the latest 2.4 kernel. Same message as
in $subject. I poked through the source and found that "module is wrong
version" is the standard text message for the error code EINVAL, which
is rather silly and uninformative.
I built ipchains compatibility module, and am about to install ipchains
and see if I can get things working that way...
Jeff
Jeff Garzik wrote:
> On Sat, 13 Oct 2001, Aaron Lehmann wrote:
> > On Sat, Oct 13, 2001 at 01:05:33PM +0200, peter k. wrote:
> > > iptables keeps telling me that whenever i run it although i got the latest
> > > kernel, latest iptables and all modules required for iptables are loaded (it
> > > also doesnt work when i compile them into the kernel)!
> > > anyone got an idea how to fix this?
> >
> > did you compile your iptables against the version/configuration of the
> > kernel you are trying to run?
>
> I am getting the same thing here. I am using iptables 1.2.2 SRPMS from
> Mandrake 8.1, compiled against the latest 2.4 kernel. Same message as
> in $subject. I poked through the source and found that "module is wrong
> version" is the standard text message for the error code EINVAL, which
> is rather silly and uninformative.
>
> I built ipchains compatibility module, and am about to install ipchains
> and see if I can get things working that way...
Very odd - I have been running iptables since 2.3.xx.
I have never seen this error except on systems
where somebody was trying to activate iptables
rules with the ipchains module loaded...
currently using iptables 1.2.3, and have run each
kernel from 2.4.0-prerelease to 2.4.13-ac2 -
The system is Red Hat 7.1
Believe me, I'd know it in a hot second if iptables
had stopped working.
just my observations,
jjs
On Sat, Oct 13, 2001 at 04:06:18PM -0500, Jeff Garzik wrote:
> I am getting the same thing here. I am using iptables 1.2.2 SRPMS from
> Mandrake 8.1, compiled against the latest 2.4 kernel. Same message as
> in $subject. I poked through the source and found that "module is wrong
> version" is the standard text message for the error code EINVAL, which
> is rather silly and uninformative.
I had the problem until I build iptables against my kernel
configuration.
> On Sat, Oct 13, 2001 at 01:05:33PM +0200, peter k. wrote:
> > iptables keeps telling me that whenever i run it although i got the
latest
> > kernel, latest iptables and all modules required for iptables are loaded
(it
> > also doesnt work when i compile them into the kernel)!
> > anyone got an idea how to fix this?
>
> did you compile your iptables against the version/configuration of the
> kernel you are trying to run?
did that, now it works! :)
seems like it doesnt work if i use the iptables from the mandrake rpm
On Sat, Oct 13, 2001 at 11:44:14PM +0200, peter k. wrote:
> did that, now it works! :)
> seems like it doesnt work if i use the iptables from the mandrake rpm
I'm somewhat upset about this. Rusty, what's up? I have to recompile
the deb against my kernel configuration for it to not myseriously
complain.
ummmmh... I have a friend with similar problems, and I discovered
he was using iptables 1.2.2 with shared object from 1.2.1. But I do not
think this is your case. Unfortunatelly I lost the first post, so if you
are so kind to resend it to me, I could check.
iptables 1.2.3 has also another bug, when you are using the TOS shared
object (that is the on my box /usr/lib/iptables/libipt_tos.so), to
mangle TOS, you cannot use any decimal value or exadecimal value as
argument for the --set-tos option. I saw other people have this bug, but
there are also people that are not seeing this behaviour (??? I am
confused about this).
Anyway, there are also other details because of whom I would suggest to
stay with iptables 1.2.2 for now.
Luigi
On Sat, 13 Oct 2001, Jeff Garzik wrote:
> On Sat, 13 Oct 2001, Aaron Lehmann wrote:
> > On Sat, Oct 13, 2001 at 01:05:33PM +0200, peter k. wrote:
> > > iptables keeps telling me that whenever i run it although i got the latest
> > > kernel, latest iptables and all modules required for iptables are loaded (it
> > > also doesnt work when i compile them into the kernel)!
> > > anyone got an idea how to fix this?
> >
> > did you compile your iptables against the version/configuration of the
> > kernel you are trying to run?
>
> I am getting the same thing here. I am using iptables 1.2.2 SRPMS from
> Mandrake 8.1, compiled against the latest 2.4 kernel. Same message as
> in $subject. I poked through the source and found that "module is wrong
> version" is the standard text message for the error code EINVAL, which
> is rather silly and uninformative.
>
> I built ipchains compatibility module, and am about to install ipchains
> and see if I can get things working that way...
>
> Jeff
>
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
On Sat, Oct 13, 2001 at 03:52:59PM -0700, Aaron Lehmann wrote:
> On Sat, Oct 13, 2001 at 11:44:14PM +0200, peter k. wrote:
> > did that, now it works! :)
> > seems like it doesnt work if i use the iptables from the mandrake rpm
>
> I'm somewhat upset about this. Rusty, what's up? I have to recompile
> the deb against my kernel configuration for it to not myseriously
> complain.
I'm not absolutely sure about the exact cause of the problem.
It should never break (or have broken) against stock kernels. The problem
is known in the following scenario:
a) distributor adds dropped-table (from netfilter patch-o-matic) to kernel
b) distributor builds iptables against this patched kernel
c) distributor ships this iptables
d) user installs new, plain kernel
e) iptables no longer working because it was built against a patched kernel
f) user has to recompile iptables.
--
Live long and prosper
- Harald Welte / [email protected] http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)
On Mon, Oct 22, 2001 at 01:45:58PM +0200, Harald Welte wrote:
> a) distributor adds dropped-table (from netfilter patch-o-matic) to kernel
> b) distributor builds iptables against this patched kernel
> c) distributor ships this iptables
> d) user installs new, plain kernel
> e) iptables no longer working because it was built against a patched kernel
> f) user has to recompile iptables.
For me it was the other way around. I added dropped-table (for the IRC
nat patch) and had to recompile iptables as a result.