Iptables complains about kernel after filesystem damage

Iptables complains about kernel after filesystem damage

[Vass Viktor]

Hello all.
I run a debian sarge system with a 2.6.16.19 grsec kernel and iptables v
1.2.11. (No module loading support, every needed module compiled in the
kernel.)
Things were working fine, until on a "fine day" power, and more hard drives
failed at the same time, breaking some raid arrays and taking the data in
/var with them.
Sadly, I wasn't the one who planned the system and it's so called backup.
Had a bad share of data loss and every kind of corruption a filesystem can
suffer under /var.
With a bit of work I managed to get everything up and running...except for
iptables.

It now says:
iptables v1.2.11: can't initialize iptables table `filter': iptables who?
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

It seems that everything outside /var survived the incident without any data
corruption or loss (I cannot be certain due to incomplete backups), but I'm
absolutely sure, that the kernel has not changed or been corrupted.
Reinstalled the iptables package and all it's dependencies to no avail.

Any suggestions, as to what could be causing this problem, or what I should
check for will be greatly appreciated.

Thanks in advance,
	Viktor Vass

Re: Iptables complains about kernel after filesystem damage

[KOVACS Krisztian]

Hi,

On k, okt 02, 2007 at 11:29:37 +0200, Vass Viktor wrote:
> iptables v1.2.11: can't initialize iptables table `filter': iptables who?
> (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.

Do you have the necessary kernel modules loaded? (ip_tables and friends)

-- 
KOVACS Krisztian

RE: Iptables complains about kernel after filesystem damage

[Vass Viktor]

KOVACS Krisztian wrote:
> On k, okt 02, 2007 at 11:29:37 +0200, Vass Viktor wrote:
> > iptables v1.2.11: can't initialize iptables table `filter': iptables
who?
> > (do you need to insmod?)
> > Perhaps iptables or your kernel needs to be upgraded.
> 
> Do you have the necessary kernel modules loaded? (ip_tables and friends)

They are compiled into the kernel, and it worked fine until now.

--
Viktor Vass

Re: Iptables complains about kernel after filesystem damage

[Gáspár Lajos]

Vass Viktor írta:
> KOVACS Krisztian wrote:
>   
>> Do you have the necessary kernel modules loaded? (ip_tables and friends)
>>     
>
> They are compiled into the kernel, and it worked fine until now.
>
>   
iptables v1.2.11 is rather old....
But the problem might be that you lost your /var directory.
What about a full reinstall ??? :D

Swifty

RE: Iptables complains about kernel after filesystem damage

[Vass Viktor]

Gáspár Lajos wrote:
> But the problem might be that you lost your /var directory.
What I would need to know is, that which file's loss could lead to this.
Or just a list of files that could have been stored there and are essential.

--
Viktor Vass

Re: Iptables complains about kernel after filesystem damage

[Gáspár Lajos]

Vass Viktor írta:
> Gáspár Lajos wrote:
>   
>> But the problem might be that you lost your /var directory.
>>     
> What I would need to know is, that which file's loss could lead to this.
> Or just a list of files that could have been stored there and are essential.
>   
Good question...
There is no reference to /var in the newest Debian version of iptables...
(Check in mc by hiting an enter on the iptables....deb)
So... As I wrote before: REINSTALL :D
> --
> Viktor Vass
>   

RE: Iptables complains about kernel after filesystem damage

[Vass Viktor]

Gáspár Lajos wrote:
> (Check in mc by hiting an enter on the iptables....deb) So... 
If it is a file in this package, reinstalling the package would have fixed
it.

> As I wrote before: REINSTALL :D
Well, it can be done, but it's not going to happen.
I'll look for another way to secure this box.
Thank you for your replies.

--
Viktor Vass

Re: Iptables complains about kernel after filesystem damage

[KOVACS Krisztian]

Hi,

On k, okt 02, 2007 at 11:42:10 +0200, Vass Viktor wrote:
> > (Check in mc by hiting an enter on the iptables....deb) So... 
> If it is a file in this package, reinstalling the package would have fixed
> it.

Have you tried stracing the iptables binary to find out where it goes
wrong?

-- 
KOVACS Krisztian

RE: Iptables complains about kernel after filesystem damage

[Vass Viktor]

KOVACS Krisztian wrote:
> Have you tried stracing the iptables binary to find out where 
> it goes wrong?

I've just made one (thought this would be an easier question...):

access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or
directory)
open("/lib/tls/libc.so.6", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`Z\1\000"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1254660, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x50ea6000
old_mmap(NULL, 1264972, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x50d71000
old_mmap(0x50e9b000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0x129000) = 0x50e9b000
old_mmap(0x50ea4000, 7500, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x50ea4000
close(3)                                = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0x50ea6900, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
seg_not_present:0, useable:1}) = 0
munmap(0x50ebe000, 15300)               = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, 0x5f873f30, 0x5f873f2c) = -1
ENOPROTOOPT (Protocol not available)
open("/proc/sys/kernel/modprobe", O_RDONLY) = -1 ENOENT (No such file or
directory)

So it fails at getsockopt. Does thid definitely mean, it is a kernel issue
somehow?

--
Viktor Vass

Re: Iptables complains about kernel after filesystem damage

[KOVACS Krisztian]

Hi,

On sze, okt 03, 2007 at 03:52:54 +0200, Vass Viktor wrote:
> KOVACS Krisztian wrote:
> > Have you tried stracing the iptables binary to find out where 
> > it goes wrong?
> 
> I've just made one (thought this would be an easier question...):
> 
> access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or
> directory)
> open("/lib/tls/libc.so.6", O_RDONLY)    = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`Z\1\000"..., 512) =
> 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1254660, ...}) = 0
> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> = 0x50ea6000
> old_mmap(NULL, 1264972, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x50d71000
> old_mmap(0x50e9b000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
> 0x129000) = 0x50e9b000
> old_mmap(0x50ea4000, 7500, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x50ea4000
> close(3)                                = 0
> set_thread_area({entry_number:-1 -> 6, base_addr:0x50ea6900, limit:1048575,
> seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
> seg_not_present:0, useable:1}) = 0
> munmap(0x50ebe000, 15300)               = 0
> socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> getsockopt(3, SOL_IP, 0x40 /* IP_??? */, 0x5f873f30, 0x5f873f2c) = -1
> ENOPROTOOPT (Protocol not available)
> open("/proc/sys/kernel/modprobe", O_RDONLY) = -1 ENOENT (No such file or
> directory)
> 
> So it fails at getsockopt. Does thid definitely mean, it is a kernel issue
> somehow?

It means that you have no iptables support in your kernel. (0x40 is
IPT_BASE_CTL.)

-- 
KOVACS Krisztian