Error in iptables script

Place to discuss Fedora and/or Red Hat
Post Reply
User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Error in iptables script

Post by Basher52 »

can someone tell me what the problem with this error is...:

/lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ip_nat_ftp.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters.
You may find more information in syslog or the output from dmesg
/lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ip_nat_ftp.o: insmod /lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ip_nat_ftp.o failed
/lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ip_nat_ftp.o: insmod ip_nat_ftp failed

the script of the nat_ftp looks like this...:
...
modprobe ip_tables
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe iptable_nat
modprobe ip_nat_ftp ports=1138
modprobe ip_nat_irc

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
...

B52

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

It looks like you must also pass the "ip_conntrack_ftp" the nonstandard port information as found in this document:

http://www.opennet.ru/docs/HOWTO/IP-Mas ... rders.html

Something like:

Code: Select all

modprobe ip_tables
modprobe ip_conntrack_irc
modprobe iptable_nat
modprobe ip_conntrack_ftp ports=21,1138
modprobe ip_nat_ftp ports=21,1138
modprobe ip_nat_irc
"should" do the trick.

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

well maybe but this Ive allready tried and the same result :(

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Basher52 wrote:well maybe but this Ive allready tried and the same result :(
Before posting I tested it on my system and got the error you got if I loaded the modules like you did, but I did not get the error if I loaded the modules like I posted. Try loading them on the command line, and make sure they are unloaded prior to trying (rmmod ip_nat_ftp; rmmod ip_conntrack_ftp, etc).

I just noticed you are not running the same kernel as I am, you're not running Fedora? If not I believe there may be a problem with RH8/9 in this area. You might be able to upgrade to the newer kernel and iptables versions if you don't want to upgrade the entire shebang.

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

Void Main wrote:Before posting I tested it on my system and got the error you got if I loaded the modules like you did, but I did not get the error if I loaded the modules like I posted.
well...i didnt rey to run them at the command lin but ive rearanged them:

modprobe ip_tables
modprobe ip_conntrack_irc
modprobe iptable_nat
modprobe ip_conntrack_ftp ports=21,1138
modprobe ip_nat_ftp ports=21,1138
modprobe ip_nat_irc

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

and i still get the same result...im starting to relize that ive never had this problem, maybe due to that ive never had a script exaclty like this, but anyways...

since it is SOME!! reinstalls later...i may have done something that differs from the others...donno :(



PS...Void... are you the only one in here that can answer questions...
if you are(u almost are)...you do one HE** of a job and i DO know its REALLY hard to know the true answer to the questions...belive me... i know...lol
DS.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I guess you didn't see my last paragraph about your Red Hat version and kernel version? I believe what you are trying to do is not supported in the kernel and iptables version you are using. I saw messages about it on a google search and that you have to apply a patch. It must have been resolved in Fedora and the kernel that Fedora ships with which is why I don't have the problem that you do.

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

yep...you're rite...im using kernel: 2.4.20-8 of RH9

i dont feel like upgrdaing to Fedore...not just yet...since ive heard alot that it aint even close to be as stable as RH9 or even RH8

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Basher52 wrote:yep...you're rite...im using kernel: 2.4.20-8 of RH9

i dont feel like upgrdaing to Fedore...not just yet...since ive heard alot that it aint even close to be as stable as RH9 or even RH8
Don't know where you heard that, certainly not here. I upgraded all 8 of my home machines to Fedora and it's *far* better than RH8 and somewhat better than RH9. Just to prove the point, you have this iptables problem, I don't. :)

See: http://voidmain.is-a-geek.net/forums/vi ... .php?t=700

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

im a user at: LinuxISO.org if uve heard of it(?) and have got some help from there too...for one guy...for my starting iptables problem, and i thank him.

but if u say fedore is somewhat better RH9...i think im gonna do the test...
as im a n00b...im gonna test it..lol, even if i run it as production :P

if it gets a "BlueScreen" so what...lol


B52

PS...thx again Void for your valuable input 8)
but its nt gonna happen in the near future..
PS2...it IS(?) possible to reinstall fedore from the beginning...not juts
upgrade...rite? since i wanna kno how the installwizard looks like,
and dont wanna upgrade the faults i already have, lol

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

You can install from scratch if you want to but the install process is much like RH8 and RH9 so if you can do them you can do Fedora. By the sounds of it you might be better off doing a fresh install. :) Most of my machines have only had "upgrades" from 6.x->7.x->8->9->FC1. Actually my firewall has been upgraded since 5.2 if memory serves (it's a P100). I think I did a fresh install of 5.2 over a 4.x install and that was a fresh install over a 3.x. I have *never* done a "reinstall" because something was messed up or broken in the 10+ years I've been using Linux. At least not that I can remember. And that is on hundreds of mahines. The only exception would have been a few catastrophic hard drive failures where the drives had to be replaced.

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

lol...ur lucky...

my GOD is Murphy..if u know this guy?
if something CAN!! go wrong...it will for me...lol

anyways...thx for all the input

Post Reply