LinuxLists.cc - Kernel Panic 2.4.18 - 2.4.19-rc3 when using iptables

2002-07-22 04:25:33

Subject: Kernel Panic 2.4.18 - 2.4.19-rc3 when using iptables

Hi All,

I have posted this Q to both the linux-kernel and netfilter mailing
lists.

This box is a Dual Athlon 2000+ running 2.4.18 as well as 2.4.19-rc3,
the box is stable up until I run my iptables init script. Which looks
something like this:

#!/bin/bash

iptables -F
iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT

iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -s 134.7.1.0/24 -m record_rpc -j ACCEPT
iptables -A INPUT -s 134.7.2.0/24 -m record_rpc -j ACCEPT
iptables -A INPUT -s 134.7.3.0/24 -m record_rpc -j ACCEPT
iptables -A INPUT -s 134.7.7.0/24 -m record_rpc -j ACCEPT
iptables -A INPUT -s 134.7.5.0/24 -m record_rpc -j ACCEPT

iptables -A INPUT -p tcp -s 134.7.1.1/32 --dport 513:514 -j ACCEPT
iptables -A INPUT -p tcp -s 134.7.1.60/32 --dport 5555 -j ACCEPT

iptables -A INPUT -p tcp --syn -j REJECT

iptables -A INPUT -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -j LOG
iptables -P INPUT DROP

As you can see i'm using the RPC connection tracking module
that comes with the patch-o-matic stuff.

About 1-2 minutes after I run this script the box hangs, and prints out
a bunch of register and stack info which I couldn't be bothered to
type in :P

It does say "Code: Bad EIP value" though.

Does anyone know what this could be?

Cheers
Dave

/-----------------------------------
David Shirley
System's Administrator
Computer Science - Curtin University
(08) 9266 2986
-----------------------------------/

2002-07-22 11:30:11

by Harald Welte

[permalink] [raw]

Subject: Re: Kernel Panic 2.4.18 - 2.4.19-rc3 when using iptables

On Mon, Jul 22, 2002 at 12:27:01PM +0800, David Shirley wrote:
> As you can see i'm using the RPC connection tracking module
> that comes with the patch-o-matic stuff.

have you actually ever read the help message for the RPC conntrack module?

Author: "Marcelo Barbosa Lima" <[email protected]>
Status: This works now :-)
Status: Ported to 2.4.0-test9-pre2 by Rusty. May be broken.
Status: Fixed by Marc for 2.4.0.
Status: Ported to newnat by Harald. May still be broken.

> About 1-2 minutes after I run this script the box hangs, and prints out
> a bunch of register and stack info which I couldn't be bothered to
> type in :P

This is definitely bitrotten code, so don't be surprised if it breaks.

> Cheers
> Dave

--
Live long and prosper
- Harald Welte / [email protected] http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)

Attachments:

(No filename) (1.04 kB)
(No filename) (232.00 B)
Download all attachments