IPTables Problem - help wanted

Discussion in 'Linux Networking' started by MustangV10, Jun 14, 2012.

  1. MustangV10

    MustangV10 New Member

    Messages:
    87
    Likes Received:
    3
    Trophy Points:
    0
    Hi,

    IPTables is giving an error (FAILED) when restarting. I'm not sure why.

    [root@vps /]# service iptables restart
    iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
    iptables: Flushing firewall rules: [ OK ]
    iptables: Setting chains to policy ACCEPT: nat mangle filte[ OK ]
    iptables: Unloading modules: iptable_filter iptable_filter[FAILED]es
    iptables: Applying firewall rules: [ OK ]
    iptables: Loading additional modules: ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_owner ipt[ OK ]T
    [root@vps /]#


    Any ideas?

    Thanks.
  2. Akendo

    Akendo New Member

    Messages:
    136
    Likes Received:
    7
    Trophy Points:
    0
    Can you show me what your trying to load? As well some VPS have limits on they allowed iptables rules. lsmod can show us a bit more.

    so far
    Akendo
  3. nubbix

    nubbix New Member

    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    Have you used sslstrip lately? Can u elaborate a bit on what you did prior to this issue?
  4. MustangV10

    MustangV10 New Member

    Messages:
    87
    Likes Received:
    3
    Trophy Points:
    0
    Not too sure what you guys mean. I don't think I've used 'sslstrip', however, I can't say for sure. I don't know when it started happening, I just tried to restart IPTables the other day and got this.

    Here's the result of lsmod if it helps:

    A few things have been changed since I posted this. Now get this:
    So it's just the iptable_filter that is failing by the looks of it.
  5. nubbix

    nubbix New Member

    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    If you edit /etc/rc.d/init.d/iptables and change:

    modprobe -r $mod > /dev/null 2>&1

    to

    modprobe -r $mod

    you will see which module failed to unload. I would guess it is a connection tracking module which was "busy".

    You can avoid the "FAILED" messages by putting IPTABLES_MODULES_UNLOAD=no into /etc/sysconfig/iptables-config.
  6. MustangV10

    MustangV10 New Member

    Messages:
    87
    Likes Received:
    3
    Trophy Points:
    0
    So I'm guessing I would have to stop all the VPS' with vzctl so they weren't in use to get rid of the errors. However, it's a VPS node so that isn't the answer.
  7. nubbix

    nubbix New Member

    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    Guess not
  8. Akendo

    Akendo New Member

    Messages:
    136
    Likes Received:
    7
    Trophy Points:
    0
    The Problem you have is: Some open connection depending on the iptables modles. Mean,(this i what i think, not so sure) there is some open connection that is route via iptables. Disabling iptables would mean to interrupt this connection.

    I'm sure the kernel is not wanting this. But you could unload the module by hand with modprobe -r.
    But be careful about this!

    so far
    Akendo

Share This Page