Solved

IP masquerading in Rh 7.3

Posted on 2002-07-15
5
457 Views
Last Modified: 2010-04-20
I have RH 7.3 with my Xeon machine.
Everything goes fine, and I can use Ip masquerading excep for the ftp. As I can see that, I can not install loadable modules.

When I run a typical rc.firewall file within my box the
following outcome occurs.
In the script I have lines like
/sbin/insmod ip_tables
/sbin/insmod ip_nat_ftp
/sbin/insmod ip_conntrack
and so on.

/sbin/depmod -a works fine.

The problem is seen either in standard, standard smp and
compiled from source code kernels.

How I can solve such problems?

thx

-kasim
ip_tables, Using /lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_tables.o
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
ip_conntrack, Using /lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack.o
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
ip_conntrack_ftp, Using /lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o: unresolved symbol ip_conntrack_helper_unregister_Rsmp_40d1f34f
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o: unresolved symbol ip_conntrack_expect_related_Rsmp_aed0cb12
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o: unresolved symbol ip_conntrack_helper_register_Rsmp_1844eee6
ip_conntrack_irc, Using /lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack_irc.o
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack_irc.o: unresolved symbol ip_conntrack_helper_unregister_Rsmp_40d1f34f
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack_irc.o: unresolved symbol ip_conntrack_expect_related_Rsmp_aed0cb12
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack_irc.o: unresolved symbol ip_conntrack_helper_register_Rsmp_1844eee6
iptable_nat, Using /lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_ct_gather_frags_Rsmp_8e87e50f
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_destroyed_Rsmp_ef5b77f8
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ipt_unregister_table_Rsmp_a5aa35a8
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ipt_register_target_Rsmp_fee135d1
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_get_Rsmp_07dc77cd
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_alter_reply_Rsmp_85dc02e5
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ipt_register_table_Rsmp_89aaa07b
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ipt_unregister_target_Rsmp_1fd43bf7
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ipt_do_table_Rsmp_66f9aaea
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_tuple_taken_Rsmp_be57882b
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_module_Rsmp_b0361033
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_conntrack_htable_size_Rsmp_8ef8af4c
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol ip_ct_selective_cleanup_Rsmp_74c9972a
/lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/iptable_nat.o: unresolved symbol invert_tuplepr_Rsmp_5e68d8a9
ip_nat_ftp, Using /lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_nat_ftp.o
0
Comment
Question by:kasim
5 Comments
 
LVL 5

Expert Comment

by:vsamtani
ID: 7157076
Use lsmod to check whether you have the ipchains module loaded. If you do, then you can't load the ip_tables module; they are mutually exclusive.

If you do have ipchains loaded, then type (as root):

chkconfig --list ipchains
You should get output like this:

ipchains        0:off   1:off   2:on    3:off   4:off   5:off   6:off

If the settings for 3,4, and 5 are not "off", then do:

chkconfig --level 345 ipchains off

which will prevent ipchains starting at bootup. After a reboot, see what happens with your rc.firewall script.

Hint: RH7.3 by default uses the /etc/init.d/iptables script to control iptables firewalling. You can enable this as follows: first set up your iptables rules and enable them, and then execute

/sbin/iptables-save > /etc/sysconfig/iptables

Then

chkconfig --level 345 iptables on

and RH will start iptables on boot, reading the rules from /etc/sysconfig/iptables.

Vijay




0
 

Expert Comment

by:Loggytronic
ID: 7160918
I don't remember why but I don't think you can use the old ipchains stuff and have ftp working anymore. So do as vsamtani says and make sure you are using iptables. Then you want to

modprobe ip_conntrack_ftp

which should alledgedly solve the problem, although it has never worked for me.
0
 
LVL 5

Accepted Solution

by:
vsamtani earned 200 total points
ID: 7161708
Ack. Just reread my own post and spotted the goof:

>If the settings for 3,4, and 5 are not "off", then do:
>
>chkconfig --level 345 ipchains off
>
>which will prevent ipchains starting at bootup. After a reboot, see what happens with your rc.firewall script.

Of course, it should be

chkconfig --level 345 ipchains on


Doh. Sorry.

Vijay


0
 

Expert Comment

by:CleanupPing
ID: 9088955
kasim:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 2

Expert Comment

by:TheWeakestLink
ID: 9485111
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept comments from vsamtani as answer
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

TheWeakestLink
EE Cleanup Volunteer
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now