iptables: Protocol wrong type for socket.
Hi,
I guess if this is [OT] I will hear about it :-) Anyway, I installed Firehol on a sid system that runs a kernel that I have configured myself. However, I get lots of errors when Firehol tries to start, like: ... ERROR : # 1. WHAT : A runtime command failed to execute (returned error 1). SOURCE : line 31 of /etc/firehol/firehol.conf COMMAND : /sbin/iptables -t filter -A in_internet -p tcp -m state --state NEW ! --syn -j pr_internet_nosyn OUTPUT : iptables: Protocol wrong type for socket. ... I googled the error and there are lots of hits, but I see no clue as to what the message actually means. Obviously I have not configured the kernel correctly because with the Debian kernels there are no errors. But what kernel configuration parameter might be missing/wrong? Hugo -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/jvptds$ddf$1@dough.gmane.org |
iptables: Protocol wrong type for socket.
On Mon, 06 Aug 2012 21:10:03 -0500, hvw59601 wrote:
> I guess if this is [OT] I will hear about it :-) Nah, it's fine to me :-) > Anyway, I installed Firehol on a sid system that runs a kernel that I > have configured myself. > > However, I get lots of errors when Firehol tries to start, like: > > ... > ERROR : # 1. > WHAT : A runtime command failed to execute (returned error 1). > SOURCE : line 31 of /etc/firehol/firehol.conf > COMMAND : /sbin/iptables -t filter -A in_internet -p tcp -m state --state NEW ! --syn -j pr_internet_nosyn > OUTPUT : > > iptables: Protocol wrong type for socket. ... I understand the mesage comes from your kernel, I mean, nothing wrong in firehol. > I googled the error and there are lots of hits, but I see no clue as to > what the message actually means. > > Obviously I have not configured the kernel correctly because with the > Debian kernels there are no errors. > > But what kernel configuration parameter might be missing/wrong? Can't tell for the exact parameter/option that controls this but what I use to do when have to compile a new kernel is using the current ".config" file which comes along with Debian stock kernel to avoid missing/messing something. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/jvrcs5$6mk$9@dough.gmane.org |
iptables: Protocol wrong type for socket.
Camaleón wrote:
On Mon, 06 Aug 2012 21:10:03 -0500, hvw59601 wrote: I guess if this is [OT] I will hear about it :-) Nah, it's fine to me :-) Anyway, I installed Firehol on a sid system that runs a kernel that I have configured myself. However, I get lots of errors when Firehol tries to start, like: ... ERROR : # 1. WHAT : A runtime command failed to execute (returned error 1). SOURCE : line 31 of /etc/firehol/firehol.conf COMMAND : /sbin/iptables -t filter -A in_internet -p tcp -m state --state NEW ! --syn -j pr_internet_nosyn OUTPUT : iptables: Protocol wrong type for socket. ... I understand the mesage comes from your kernel, I mean, nothing wrong in firehol. I googled the error and there are lots of hits, but I see no clue as to what the message actually means. Obviously I have not configured the kernel correctly because with the Debian kernels there are no errors. But what kernel configuration parameter might be missing/wrong? Can't tell for the exact parameter/option that controls this but what I use to do when have to compile a new kernel is using the current ".config" file which comes along with Debian stock kernel to avoid missing/messing something. But the difference in kernel sizes between a kernel with the Debian .config and one with my own .config for this particular box is huge: 32MB vs. 4MB. But I figured it out: I compiled 3.4.7 from kernel.org with a .config from Debian's kernel in experimental, 3.5.0. I booted that and compared the lsmod from that with the one of 3.4.7 with my own .config and it turned out that there were 2 modules present in the former that were not in mine: nf_connttrack_ipv4 and nf_defrag_ipv4. I reconfigured and now it works like a charm. This is all for figuring out http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683768 and hibernate times for the various kernels that changed dramatically beginning with 3.2.21-1, from 10s. to 35s. Strange enough hibernate for 3.4.7 with Debian .config takes 24s. and with my own config 10s. Who knows what is going on. Thanks Camaleón. Hugo -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/jvrfrc$g15$1@dough.gmane.org |
iptables: Protocol wrong type for socket.
On Tue, 07 Aug 2012 11:30:36 -0500, hvw59601 wrote:
> Camaleón wrote: (...) >>> Obviously I have not configured the kernel correctly because with the >>> Debian kernels there are no errors. >>> >>> But what kernel configuration parameter might be missing/wrong? >> >> Can't tell for the exact parameter/option that controls this but what I >> use to do when have to compile a new kernel is using the current >> ".config" file which comes along with Debian stock kernel to avoid >> missing/messing >> something. >> >> > But the difference in kernel sizes between a kernel with the Debian > .config and one with my own .config for this particular box is huge: > 32MB vs. 4MB. 32 MiB for a kernel is not that huge O:-) Okay, point taken. > But I figured it out: I compiled 3.4.7 from kernel.org with a .config > from Debian's kernel in experimental, 3.5.0. I booted that and compared > the lsmod from that with the one of 3.4.7 with my own .config and it > turned out that there were 2 modules present in the former that were not > in mine: nf_connttrack_ipv4 and nf_defrag_ipv4. I reconfigured and now > it works like a charm. Ha, well done. Which reminds me another trick: the "localmodconfig" parameter for the "make" that suits perfect for these situations. > This is all for figuring out > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683768 and hibernate > times for the various kernels that changed dramatically beginning with > 3.2.21-1, from 10s. to 35s. > > Strange enough hibernate for 3.4.7 with Debian .config takes 24s. and > with my own config 10s. Who knows what is going on. You say it: who knows what's happening. Hibernating and suspension are two things I never use (neither on windows systems not netbooks, laptops, desktops...), mainly because I find them pretty useless but specially in linux also because they can break very easily -a simple kernel change, a problematic driver... and you're hosed- and doing a hard reset is something a would like to avoid as much as I can. > Thanks Camaleón. You're welcome and good luck with your debugging :-) Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/jvriik$6mk$11@dough.gmane.org |
iptables: Protocol wrong type for socket.
Camaleón wrote:
On Tue, 07 Aug 2012 11:30:36 -0500, hvw59601 wrote: Camaleón wrote: (...) Obviously I have not configured the kernel correctly because with the Debian kernels there are no errors. But what kernel configuration parameter might be missing/wrong? Can't tell for the exact parameter/option that controls this but what I use to do when have to compile a new kernel is using the current ".config" file which comes along with Debian stock kernel to avoid missing/messing something. But the difference in kernel sizes between a kernel with the Debian .config and one with my own .config for this particular box is huge: 32MB vs. 4MB. 32 MiB for a kernel is not that huge O:-) Okay, point taken. But I figured it out: I compiled 3.4.7 from kernel.org with a .config from Debian's kernel in experimental, 3.5.0. I booted that and compared the lsmod from that with the one of 3.4.7 with my own .config and it turned out that there were 2 modules present in the former that were not in mine: nf_connttrack_ipv4 and nf_defrag_ipv4. I reconfigured and now it works like a charm. Ha, well done. Which reminds me another trick: the "localmodconfig" parameter for the "make" that suits perfect for these situations. Right. That would have been easier. I just looked at streamline_config.pl, which is what that executes. Boot the kernel with the Debian .config and execute that perl script: it would have found those 2 modules and set them in the config that it generates. This is all for figuring out http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683768 and hibernate times for the various kernels that changed dramatically beginning with 3.2.21-1, from 10s. to 35s. Strange enough hibernate for 3.4.7 with Debian .config takes 24s. and with my own config 10s. Who knows what is going on. You say it: who knows what's happening. Hibernating and suspension are two things I never use (neither on windows systems not netbooks, laptops, desktops...), mainly because I find them pretty useless but specially in linux also because they can break very easily -a simple kernel change, a problematic driver... and you're hosed- and doing a hard reset is something a would like to avoid as much as I can. True, but having everything where you left off when you boot again is very tempting and powering off is enforced in this locality. But I average about 12 hibernates with this desktop before a hickup and I have to do a hard reset, without a clue of went wrong of course... Thanks Camaleón. You're welcome and good luck with your debugging :-) Hugo -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/jvrk74$mqn$1@dough.gmane.org |
| All times are GMT. The time now is 07:34 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.