Bug#411663: linux-image-2.6.18-4-amd64: iptables do not work correctly with amd64 kernel
Package: linux-image-2.6.18-4-amd64
Version: 2.6.18.dfsg.1-10
Severity: normal
It seems that the 32bit iptables package do not work correctly together
with the (i386) amd64 kernel. After installing this kernel, shorewall do
not start anymore.
Here you can see snippets of the logs:
snippet of /var/log/shorewall-init.log:
...
Processing /etc/shorewall/continue ...
ip6tables v1.3.6: can't initialize ip6tables table `filter': Invalid
argument Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.3.6: can't initialize ip6tables table `filter': Bad file
descriptor Perhaps ip6tables or your kernel needs to be upgraded.
...
Setting up TC Rules...
iptables: Invalid argument
ERROR: Command "/sbin/iptables -t mangle -A tcpre -s 0.0.0.0/0 -d
0.0.0.0/0 -p icmp --icmp-type echo-request -j MARK --set-mark 1" Failed
...
snippet of /var/log/syslog:
...
Feb 20 11:14:24 uranus kernel: CSLIP: code copyright 1989 Regents of the
University of California
Feb 20 11:14:24 uranus kernel: PPP generic driver version 2.4.2
Feb 20 11:14:24 uranus kernel: NET: Registered protocol family 10
Feb 20 11:14:24 uranus kernel: lo: Disabled Privacy Extensions
Feb 20 11:14:24 uranus kernel: IPv6 over IPv4 tunneling driver
Feb 20 11:14:24 uranus kernel: ADDRCONF(NETDEV_UP): eth1: link is not
ready
Feb 20 11:14:24 uranus kernel: eth2: link up, 100Mbps, full-duplex, lpa
0x41E1
Feb 20 11:14:24 uranus kernel: ADDRCONF(NETDEV_UP): eth3: link is not
ready
Feb 20 11:14:24 uranus kernel: NET: Registered protocol family 24
Feb 20 11:14:24 uranus kernel: ip_tables: (C) 2000-2006 Netfilter Core
Team
Feb 20 11:14:24 uranus kernel: Netfilter messages via NETLINK v0.30.
Feb 20 11:14:24 uranus kernel: ip_conntrack version 2.4 (8192 buckets,
65536 max) - 304 bytes per conntrack
Feb 20 11:14:24 uranus kernel: Bridge firewalling registered
Feb 20 11:14:24 uranus kernel: ip_conntrack_pptp version 3.1 loaded
Feb 20 11:14:24 uranus kernel: ip_nat_pptp version 3.0 loaded
Feb 20 11:14:25 uranus kernel: e1000: eth3: e1000_watchdog: NIC Link is
Up 1000 Mbps Full Duplex
Feb 20 11:14:25 uranus kernel: ADDRCONF(NETDEV_CHANGE): eth3: link
becomes ready
Feb 20 11:14:25 uranus kernel: ClusterIP Version 0.8 loaded successfully
Feb 20 11:14:25 uranus kernel: ip_tables: conntrack match: invalid size
80 != 68
Feb 20 11:14:25 uranus kernel: ip_tables: connmark match: invalid size
24 != 12
Feb 20 11:14:25 uranus kernel: ip_tables: MARK target: invalid size 16 !=
8
Feb 20 11:14:25 uranus kernel: ip_tables: CONNMARK target: invalid size
24 != 12
Feb 20 11:14:25 uranus kernel: e1000: eth3: e1000_watchdog: NIC Link is
Down
Feb 20 11:14:25 uranus kernel: e1000: eth3: e1000_watchdog: NIC Link is
Up 1000 Mbps Full Duplex
Feb 20 11:14:25 uranus kernel: eth2: no IPv6 routers present
Feb 20 11:14:25 uranus kernel: eth0: no IPv6 routers present
Feb 20 11:14:25 uranus kernel: eth3: no IPv6 routers present
Feb 20 11:14:25 uranus kernel: ip6_tables: (C) 2000-2006 Netfilter Core
Team
Feb 20 11:14:25 uranus kernel: ip_tables: MARK target: invalid size 16 !=
8
Feb 20 11:14:25 uranus kernel: ip_tables: conntrack match: invalid size
80 != 68
Feb 20 11:14:25 uranus kernel: ip_tables: connmark match: invalid size
24 != 12
Feb 20 11:14:25 uranus kernel: ip_tables: MARK target: invalid size 16 !=
8
Feb 20 11:14:25 uranus kernel: ip_tables: CONNMARK target: invalid size
24 != 12
Feb 20 11:14:25 uranus kernel: ip_tables: conntrack match: invalid size
80 != 68
Feb 20 11:14:25 uranus kernel: ip_tables: connmark match: invalid size
24 != 12
Feb 20 11:14:25 uranus kernel: ip_tables: MARK target: invalid size 16 !=
8
Feb 20 11:14:25 uranus kernel: ip_tables: CONNMARK target: invalid size
24 != 12
...
Reply to: