iptables - resource temporary unavailable

All of lore.kernel.org
 help / color / mirror / Atom feed

* iptables - resource temporary unavailable
@ 2006-06-07  7:54 robee
  2006-06-07  8:07 ` Sietse van Zanen
  2006-06-08  0:34 ` Philip Craig
  0 siblings, 2 replies; 10+ messages in thread
From: robee @ 2006-06-07  7:54 UTC (permalink / raw)
  To: netfilter

any time when i'm restarting my firewall rules (NAT mostly, about 500 users) 
i got this error -> iptables - resource temporary unavailable.
but, if i unplug users (main switch off) and restart firewall everyting is 
fine
my system is fedora core 4, iptables 1.3.5, kernel 2.6.16.18

anybody can help?

robee 

^ permalink raw reply	[flat|nested] 10+ messages in thread

* RE: iptables - resource temporary unavailable
  2006-06-07  7:54 iptables - resource temporary unavailable robee
@ 2006-06-07  8:07 ` Sietse van Zanen
  2006-06-07  8:46   ` robee
  2006-06-08  0:34 ` Philip Craig
  1 sibling, 1 reply; 10+ messages in thread
From: Sietse van Zanen @ 2006-06-07  8:07 UTC (permalink / raw)
  To: robee, netfilter

This is usually due to a lack of memory...

-Sietse

________________________________

From: netfilter-bounces@lists.netfilter.org on behalf of robee
Sent: Wed 07-Jun-06 9:54
To: netfilter@lists.netfilter.org
Subject: iptables - resource temporary unavailable

any time when i'm restarting my firewall rules (NAT mostly, about 500 users)
i got this error -> iptables - resource temporary unavailable.
but, if i unplug users (main switch off) and restart firewall everyting is
fine
my system is fedora core 4, iptables 1.3.5, kernel 2.6.16.18

anybody can help?

robee

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: iptables - resource temporary unavailable
  2006-06-07  8:07 ` Sietse van Zanen
@ 2006-06-07  8:46   ` robee
  2006-06-07  9:04     ` Sietse van Zanen
  0 siblings, 1 reply; 10+ messages in thread
From: robee @ 2006-06-07  8:46 UTC (permalink / raw)
  To: netfilter

----- Original Message ----- 
From: "Sietse van Zanen" <sietse@wizdom.nu>
To: "robee" <mlody@elpec.com>; <netfilter@lists.netfilter.org>
Sent: Wednesday, June 07, 2006 10:07 AM
Subject: RE: iptables - resource temporary unavailable

> This is usually due to a lack of memory...
> -Sietse
> ________________________________
> From: netfilter-bounces@lists.netfilter.org on behalf of robee
> Sent: Wed 07-Jun-06 9:54
> To: netfilter@lists.netfilter.org
> Subject: iptables - resource temporary unavailable
> any time when i'm restarting my firewall rules (NAT mostly, about 500
> users) i got this error -> iptables - resource temporary unavailable.
> but, if i unplug users (main switch off) and restart firewall everyting is
> fine
> my system is fedora core 4, iptables 1.3.5, kernel 2.6.16.18
> anybody can help?
> robee

so, what you suggest?


robee



^ permalink raw reply	[flat|nested] 10+ messages in thread

* RE: iptables - resource temporary unavailable
  2006-06-07  8:46   ` robee
@ 2006-06-07  9:04     ` Sietse van Zanen
  0 siblings, 0 replies; 10+ messages in thread
From: Sietse van Zanen @ 2006-06-07  9:04 UTC (permalink / raw)
  To: robee, netfilter

Duh, add memory?
 
But then again, you haven't included your system specs, neither a good view of the log entries. It's fairly impossible to draw a good conlsusion from the sparse info you supplied.
 
-Sietse

________________________________

From: netfilter-bounces@lists.netfilter.org on behalf of robee
Sent: Wed 07-Jun-06 10:46
To: netfilter@lists.netfilter.org
Subject: Re: iptables - resource temporary unavailable



----- Original Message -----
From: "Sietse van Zanen" <sietse@wizdom.nu>
To: "robee" <mlody@elpec.com>; <netfilter@lists.netfilter.org>
Sent: Wednesday, June 07, 2006 10:07 AM
Subject: RE: iptables - resource temporary unavailable

> This is usually due to a lack of memory...
> -Sietse
> ________________________________
> From: netfilter-bounces@lists.netfilter.org on behalf of robee
> Sent: Wed 07-Jun-06 9:54
> To: netfilter@lists.netfilter.org
> Subject: iptables - resource temporary unavailable
> any time when i'm restarting my firewall rules (NAT mostly, about 500
> users) i got this error -> iptables - resource temporary unavailable.
> but, if i unplug users (main switch off) and restart firewall everyting is
> fine
> my system is fedora core 4, iptables 1.3.5, kernel 2.6.16.18
> anybody can help?
> robee

so, what you suggest?


robee






^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: iptables - resource temporary unavailable
  2006-06-07  7:54 iptables - resource temporary unavailable robee
  2006-06-07  8:07 ` Sietse van Zanen
@ 2006-06-08  0:34 ` Philip Craig
  2006-06-08  5:23   ` Rob Sterenborg
  1 sibling, 1 reply; 10+ messages in thread
From: Philip Craig @ 2006-06-08  0:34 UTC (permalink / raw)
  To: robee; +Cc: netfilter

On 06/07/2006 05:54 PM, robee wrote:
> any time when i'm restarting my firewall rules (NAT mostly, about 500 users) 
> i got this error -> iptables - resource temporary unavailable.
> but, if i unplug users (main switch off) and restart firewall everyting is 
> fine
> my system is fedora core 4, iptables 1.3.5, kernel 2.6.16.18

I don't think it is lack of memory, the error message for that
includes the word memory.  Resource temporarily unavailable means
that something else is currently using the resource.  Is it
possible that another iptables instance is running at the same time?



^ permalink raw reply	[flat|nested] 10+ messages in thread

* RE: iptables - resource temporary unavailable
  2006-06-08  0:34 ` Philip Craig
@ 2006-06-08  5:23   ` Rob Sterenborg
  2006-06-08  6:18     ` robee
  0 siblings, 1 reply; 10+ messages in thread
From: Rob Sterenborg @ 2006-06-08  5:23 UTC (permalink / raw)
  To: netfilter

> On 06/07/2006 05:54 PM, robee wrote:
>> any time when i'm restarting my firewall rules (NAT mostly, about
>> 500 users) i got this error -> iptables - resource temporary
>> unavailable. but, if i unplug users (main switch off) and restart
>> firewall everyting is fine my system is fedora core 4, iptables
>> 1.3.5, kernel 2.6.16.18 
> 
> I don't think it is lack of memory, the error message for that
> includes the word memory.  Resource temporarily unavailable means
> that something else is currently using the resource.  Is it
> possible that another iptables instance is running at the same time?

(Not that I know the solution, but..) Iptables is a userspace utility to
setup rules. Once the rule is setup, iptables itself terminates and
Netfilter (kernelspace) will use the rule.
Although you could add the same rule multiple times (which is a bit
useless..), AFAICS there's no way to have Netfilter "running" multiple
times.

But you do have a point: is the OP flushing all rules/deleting all
user-chains when he is restarting the firewall script ?

Gr,
Rob

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: iptables - resource temporary unavailable
  2006-06-08  5:23   ` Rob Sterenborg
@ 2006-06-08  6:18     ` robee
  2006-06-08  7:39       ` Philip Craig
  0 siblings, 1 reply; 10+ messages in thread
From: robee @ 2006-06-08  6:18 UTC (permalink / raw)
  To: netfilter

----- Original Message ----- 
From: "Rob Sterenborg" <rob@sterenborg.info>
To: <netfilter@lists.netfilter.org>
Sent: Thursday, June 08, 2006 7:23 AM
Subject: RE: iptables - resource temporary unavailable

>> On 06/07/2006 05:54 PM, robee wrote:
>>> any time when i'm restarting my firewall rules (NAT mostly, about
>>> 500 users) i got this error -> iptables - resource temporary
>>> unavailable. but, if i unplug users (main switch off) and restart
>>> firewall everyting is fine my system is fedora core 4, iptables
>>> 1.3.5, kernel 2.6.16.18
>> I don't think it is lack of memory, the error message for that
>> includes the word memory.  Resource temporarily unavailable means
>> that something else is currently using the resource.  Is it
>> possible that another iptables instance is running at the same time?
> (Not that I know the solution, but..) Iptables is a userspace utility to
> setup rules. Once the rule is setup, iptables itself terminates and
> Netfilter (kernelspace) will use the rule.
> Although you could add the same rule multiple times (which is a bit
> useless..), AFAICS there's no way to have Netfilter "running" multiple
> times.
> But you do have a point: is the OP flushing all rules/deleting all
> user-chains when he is restarting the firewall script ?
> Gr,
> Rob

yes, the first rules are:

iptables -F
iptables -F -t nat
iptables -F -t mangle

but, the same time firewall is restarting there also pppoe server working. 
if-up.local file contain iptables rules also and it might be that iptables 
lines from firewall and from if-up.local script are running the same time.


robee



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: iptables - resource temporary unavailable
  2006-06-08  6:18     ` robee
@ 2006-06-08  7:39       ` Philip Craig
  2006-06-08  8:20         ` robee
  0 siblings, 1 reply; 10+ messages in thread
From: Philip Craig @ 2006-06-08  7:39 UTC (permalink / raw)
  To: robee; +Cc: netfilter

On 06/08/2006 04:18 PM, robee wrote:
>> (Not that I know the solution, but..) Iptables is a userspace utility to
>> setup rules. Once the rule is setup, iptables itself terminates and
>> Netfilter (kernelspace) will use the rule.
>> Although you could add the same rule multiple times (which is a bit
>> useless..), AFAICS there's no way to have Netfilter "running" multiple
>> times.
>> But you do have a point: is the OP flushing all rules/deleting all
>> user-chains when he is restarting the firewall script ?
>> Gr,
>> Rob
> 
> yes, the first rules are:
> 
> iptables -F
> iptables -F -t nat
> iptables -F -t mangle
> 
> but, the same time firewall is restarting there also pppoe server working. 
> if-up.local file contain iptables rules also and it might be that iptables 
> lines from firewall and from if-up.local script are running the same time.

Yes, that is what I meant... the iptables userspace program has to use
a kernel interface to install the rules.  If another instance of the
iptables userspace program is currently installing some rules already,
then the kernel interface will be in use, and you'll get this error.
Or something like that; I haven't looked at the source code in detail.

I've never seen this error myself, but I use locking around all calls
to iptables.  You should be doing this anyway if you are using iptables
rather than iptables-restore, since your script's operation isn't
atomic if it calls iptables multiple times.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: iptables - resource temporary unavailable
  2006-06-08  7:39       ` Philip Craig
@ 2006-06-08  8:20         ` robee
  2006-06-08  8:26           ` Philip Craig
  0 siblings, 1 reply; 10+ messages in thread
From: robee @ 2006-06-08  8:20 UTC (permalink / raw)
  To: netfilter

----- Original Message ----- 
From: "Philip Craig" <philipc@snapgear.com>
To: "robee" <mlody@elpec.com>
Cc: <netfilter@lists.netfilter.org>
Sent: Thursday, June 08, 2006 9:39 AM
Subject: Re: iptables - resource temporary unavailable

> On 06/08/2006 04:18 PM, robee wrote:
>>> (Not that I know the solution, but..) Iptables is a userspace utility to
>>> setup rules. Once the rule is setup, iptables itself terminates and
>>> Netfilter (kernelspace) will use the rule.
>>> Although you could add the same rule multiple times (which is a bit
>>> useless..), AFAICS there's no way to have Netfilter "running" multiple
>>> times.
>>> But you do have a point: is the OP flushing all rules/deleting all
>>> user-chains when he is restarting the firewall script ?
>>> Gr,
>>> Rob
>> yes, the first rules are:
>> iptables -F
>> iptables -F -t nat
>> iptables -F -t mangle
>> but, the same time firewall is restarting there also pppoe server
>> working.  if-up.local file contain iptables rules also and it might be
>> that iptables  lines from firewall and from if-up.local script are
>> running the same time.
> Yes, that is what I meant... the iptables userspace program has to use
> a kernel interface to install the rules.  If another instance of the
> iptables userspace program is currently installing some rules already,
> then the kernel interface will be in use, and you'll get this error.
> Or something like that; I haven't looked at the source code in detail.
> I've never seen this error myself, but I use locking around all calls
> to iptables.  You should be doing this anyway if you are using iptables
> rather than iptables-restore, since your script's operation isn't
> atomic if it calls iptables multiple times.

Could you tell me how do you lock around calls to iptables?


robee-admin 



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: iptables - resource temporary unavailable
  2006-06-08  8:20         ` robee
@ 2006-06-08  8:26           ` Philip Craig
  0 siblings, 0 replies; 10+ messages in thread
From: Philip Craig @ 2006-06-08  8:26 UTC (permalink / raw)
  To: robee; +Cc: netfilter

On 06/08/2006 06:20 PM, robee wrote:
> Could you tell me how do you lock around calls to iptables?

See 'man lockfile'.  It includes an example.



^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2006-06-08  8:26 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-06-07  7:54 iptables - resource temporary unavailable robee
2006-06-07  8:07 ` Sietse van Zanen
2006-06-07  8:46   ` robee
2006-06-07  9:04     ` Sietse van Zanen
2006-06-08  0:34 ` Philip Craig
2006-06-08  5:23   ` Rob Sterenborg
2006-06-08  6:18     ` robee
2006-06-08  7:39       ` Philip Craig
2006-06-08  8:20         ` robee
2006-06-08  8:26           ` Philip Craig

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.