Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: 'Race' between ip-up & ip-down : iptables rules flushed
« previous next »
Pages: [1]   Go Down

'Race' between ip-up & ip-down : iptables rules flushed

  • 2 Replies
  • 4165 Views

Offline RvLardin

  • ***
  • 82
  • +0/-0
    • http://sme.firewall-services.com
'Race' between ip-up & ip-down : iptables rules flushed
« on: September 15, 2004, 12:23:17 PM »
Hello to everybody here,

On one server, I have a PPPoE-DSL connexion that is re-initialized by the provider every 24 hours. This is not a problem usually, but this provider (NERIM) is very efficient and the re-connexion tooks much less than 1 sec.

So, we have the following problem :
Once the end of the connection is detected, the 'ip-down' script is launch.
At the same time, the pppd daemon restart the connexion and get an IP less than 0sec 02'' after.
And than the ip-up script begin.
When everything goes well, the ip-down finish just before the ip-up restart the masq script, but othertimes, ip-down flushes iptables rules just a little after the ip-up has set them.

And then you have a box that is unreacheable nor from inside, neither from outside. You have to go to your client office, plug a screen and a keyboard to issue a salvator : service masq restart. And that's all.

For thoses who are interrested by the processes, here are two samples of a good and a bad re-connection.
On the second sample, you can see that the ip-down 'S80conf-masq' occurs after the ip-up 'S55set-gateway-ip'.

The only fix I can imagine is a 'flag' indicating that the ip-down is finished, and a test of this flag at the beginning of the ip-up script, pausing 2 seconds if not.
Other ideas ? A good fix for that ?

Good :
******************************************************
Sep  6 09:04:26 sas pppoe[31639]: Session terminated -- received PADT from peer
Sep  6 09:04:26 sas pppd[31596]: rcvd [LCP TermReq id=0xb2]
Sep  6 09:04:26 sas pppd[31596]: LCP terminated by peer
Sep  6 09:04:26 sas pppd[31596]: Script /etc/ppp/ip-down started (pid 16590)
Sep  6 09:04:26 sas pppd[31596]: ioctl(PPPIOCSASYNCMAP): Inappropriate ioctl for device (line 1132)
Sep  6 09:04:26 sas pppd[31596]: Connect time 1440.0 minutes.
Sep  6 09:04:26 sas pppd[31596]: Sent 2856280 bytes, received 8404221 bytes.
Sep  6 09:04:26 sas pppd[31596]: tcflush failed: Input/output error
Sep  6 09:04:26 sas pppd[31596]: Exit.
Sep  6 09:04:26 sas kernel: divert: no divert_blk to free, ppp0 not ethernet
Sep  6 09:04:26 sas /etc/hotplug/net.agent: NET unregister event not supported
Sep  6 09:04:27 sas e-smith[16606]: Processing event: ip-down ppp0  38400 213.41.*.* 62.4.16.242 pppoe
Sep  6 09:04:27 sas e-smith[16606]: Running event handler: /etc/e-smith/events/ip-down/S50isdn-down-notify
Sep  6 09:04:27 sas pppd[16594]: pppd 2.4.2b1 started by root, uid 0
Sep  6 09:04:27 sas pppd[16594]: using channel 8
Sep  6 09:04:27 sas kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Sep  6 09:04:27 sas pppd[16594]: Using interface ppp0
Sep  6 09:04:27 sas pppd[16594]: Connect: ppp0 <--> /dev/pts/0
Sep  6 09:04:27 sas /etc/hotplug/net.agent: assuming ppp0 is already up
Sep  6 09:04:28 sas pppoe[16640]: PADS: Service-Name: ''
Sep  6 09:04:28 sas pppoe[16640]: PPP session is 1509
Sep  6 09:04:28 sas pppd[16594]: rcvd [LCP ConfReq id=0x2 <mru 1492> <auth chap MD5> <magic 0x70282a65>]
Sep  6 09:04:28 sas e-smith[16606]: S50isdn-down-notify=action|Event|ip-down|Action|S50isdn-down-notify|Start|1094454267 33543|End|1094454268 105091|Elapsed|1.071548
Sep  6 09:04:28 sas e-smith[16606]: Running event handler: /etc/e-smith/events/ip-down/S70pptp-interface-access
Sep  6 09:04:28 sas pppd[16594]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0x7fbe0a83>]
Sep  6 09:04:28 sas pppd[16594]: sent [LCP ConfAck id=0x2 <mru 1492> <auth chap MD5> <magic 0x70282a65>]
Sep  6 09:04:28 sas pppd[16594]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0x7fbe0a83>]
Sep  6 09:04:28 sas pppd[16594]: sent [LCP EchoReq id=0x0 magic=0x7fbe0a83]
Sep  6 09:04:28 sas pppd[16594]: rcvd [CHAP Challenge id=0x48 <a23761ba7eba89659f4e22e5f80add49>, name = "BSBOR204"]
Sep  6 09:04:28 sas pppd[16594]: sent [CHAP Response id=0x48 <1755299c56c04d9fb229c81976355d4e>, name = "**my_login**@net1.nerim.nerim"]
Sep  6 09:04:28 sas pppd[16594]: rcvd [LCP EchoRep id=0x0 magic=0x70282a65] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Sep  6 09:04:28 sas e-smith[16606]: Use of uninitialized value in split at /etc/e-smith/events/ip-down/S70pptp-interface-access line 37.
Sep  6 09:04:28 sas e-smith[16606]: S70pptp-interface-access=action|Event|ip-down|Action|S70pptp-interface-access|Start|1094454268 105319|End|1094454268 463546|Elapsed|0.358227
Sep  6 09:04:28 sas e-smith[16606]: Running event handler: /etc/e-smith/events/ip-down/S80conf-masq
Sep  6 09:04:29 sas e-smith[16606]: S80conf-masq=action|Event|ip-down|Action|S80conf-masq|Start|1094454268 463793|End|1094454269 290265|Elapsed|0.826472
Sep  6 09:04:29 sas e-smith[16606]: Running event handler: /etc/e-smith/events/ip-down/S85adjust-masq
Sep  6 09:04:30 sas e-smith[16606]: S85adjust-masq=action|Event|ip-down|Action|S85adjust-masq|Start|1094454269 290475|End|1094454270 210947|Elapsed|0.920472
Sep  6 09:04:30 sas pppd[16594]: rcvd [LCP ConfReq id=0x2 <auth chap MD5> <magic 0xc331e772>]
Sep  6 09:04:30 sas pppd[16594]: sent [LCP ConfReq id=0x2 <mru 1492> <magic 0xb41647ef>]
Sep  6 09:04:30 sas pppd[16594]: sent [LCP ConfAck id=0x2 <auth chap MD5> <magic 0xc331e772>]
Sep  6 09:04:30 sas pppd[16594]: rcvd [LCP ConfNak id=0x2 <mru 1500>]
Sep  6 09:04:30 sas pppd[16594]: sent [LCP ConfReq id=0x3 <magic 0xb41647ef>]
Sep  6 09:04:30 sas pppd[16594]: rcvd [LCP ConfAck id=0x3 <magic 0xb41647ef>]
Sep  6 09:04:30 sas pppd[16594]: sent [LCP EchoReq id=0x0 magic=0xb41647ef]
Sep  6 09:04:30 sas pppd[16594]: rcvd [CHAP Challenge id=0x49 <397bd91d5428f8ebf445ba22fb53d882>, name = "lns102-tip-voltaire"]
Sep  6 09:04:30 sas pppd[16594]: sent [CHAP Response id=0x49 <4ec40913094d573bf5c6dbb8d0505798>, name = "**my_login**@net1.nerim.nerim"]
Sep  6 09:04:30 sas pppd[16594]: rcvd [LCP EchoRep id=0x0 magic=0xc331e772]
Sep  6 09:04:30 sas pppd[16594]: rcvd [CHAP Success id=0x49 ""]
Sep  6 09:04:30 sas pppd[16594]: CHAP authentication succeeded
Sep  6 09:04:30 sas pppd[16594]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
Sep  6 09:04:30 sas pppd[16594]: rcvd [IPCP ConfReq id=0x1 <addr 62.4.16.251>]
Sep  6 09:04:30 sas pppd[16594]: sent [IPCP ConfAck id=0x1 <addr 62.4.16.251>]
Sep  6 09:04:30 sas pppd[16594]: rcvd [proto=0x8057] 01 01 00 0e 01 0a 02 07 0d ff fe f3 78 00
Sep  6 09:04:30 sas pppd[16594]: Unsupported protocol 0x8057 received
Sep  6 09:04:30 sas pppd[16594]: sent [LCP ProtRej id=0x4 80 57 01 01 00 0e 01 0a 02 07 0d ff fe f3 78 00]
Sep  6 09:04:30 sas pppd[16594]: rcvd [IPCP ConfNak id=0x1 <addr 213.41.*.*>]
Sep  6 09:04:30 sas pppd[16594]: sent [IPCP ConfReq id=0x2 <addr 213.41.*.*>]
Sep  6 09:04:30 sas pppd[16594]: rcvd [IPCP ConfAck id=0x2 <addr 213.41.*.*>]
Sep  6 09:04:30 sas pppd[16594]: local  IP address 213.41.*.*
Sep  6 09:04:30 sas pppd[16594]: remote IP address 62.4.16.251
Sep  6 09:04:30 sas pppd[16594]: Script /etc/ppp/ip-up started (pid 16826)
Sep  6 09:04:30 sas e-smith[16831]: Processing event: ip-up ppp0  38400 213.41.*.* 62.4.16.251 pppoe
Sep  6 09:04:30 sas e-smith[16831]: Running event handler: /etc/e-smith/events/ip-up/S20email-ipup
Sep  6 09:04:31 sas e-smith[16831]: S20email-ipup=action|Event|ip-up|Action|S20email-ipup|Start|1094454270 911745|End|1094454271 87179|Elapsed|0.175434
Sep  6 09:04:31 sas e-smith[16831]: Running event handler: /etc/e-smith/events/ip-up/S55set-gateway-ip
Sep  6 09:04:31 sas e-smith[16831]: S55set-gateway-ip=action|Event|ip-up|Action|S55set-gateway-ip|Start|1094454271 87417|End|1094454271 381442|Elapsed|0.294025
Sep  6 09:04:33 sas pppd[16594]: Script /etc/ppp/ip-up finished (pid 16826), status = 0x0
*****************************************************

Bad :
*****************************************************
Sep  7 09:04:25 sas pppoe[16640]: Session terminated -- received PADT from peer
Sep  7 09:04:25 sas pppd[16594]: rcvd [LCP TermReq id=0x3]
Sep  7 09:04:25 sas pppd[16594]: LCP terminated by peer
Sep  7 09:04:26 sas pppd[16594]: Script /etc/ppp/ip-down started (pid 7918)
Sep  7 09:04:26 sas pppd[16594]: ioctl(PPPIOCSASYNCMAP): Inappropriate ioctl for device (line 1132)
Sep  7 09:04:26 sas pppd[16594]: Connect time 1440.0 minutes.
Sep  7 09:04:26 sas pppd[16594]: Sent 10147709 bytes, received 45930828 bytes.
Sep  7 09:04:26 sas pppd[16594]: tcflush failed: Input/output error
Sep  7 09:04:26 sas kernel: divert: no divert_blk to free, ppp0 not ethernet
Sep  7 09:04:26 sas pppd[16594]: Exit.
Sep  7 09:04:26 sas /etc/hotplug/net.agent: NET unregister event not supported
Sep  7 09:04:27 sas e-smith[7966]: Processing event: ip-down ppp0  38400 213.41.*.* 62.4.16.251 pppoe
Sep  7 09:04:27 sas pppd[7925]: pppd 2.4.2b1 started by root, uid 0
Sep  7 09:04:27 sas pppd[7925]: using channel 9
Sep  7 09:04:27 sas kernel: divert: not allocating divert_blk for non-ethernet device ppp0
Sep  7 09:04:27 sas pppd[7925]: Using interface ppp0
Sep  7 09:04:27 sas pppd[7925]: Connect: ppp0 <--> /dev/pts/0
Sep  7 09:04:27 sas e-smith[7966]: Running event handler: /etc/e-smith/events/ip-down/S50isdn-down-notify
Sep  7 09:04:28 sas /etc/hotplug/net.agent: assuming ppp0 is already up
Sep  7 09:04:28 sas pppoe[7967]: PADS: Service-Name: ''
Sep  7 09:04:28 sas pppoe[7967]: PPP session is 6610
Sep  7 09:04:28 sas pppd[7925]: rcvd [LCP ConfReq id=0x49 <mru 1492> <auth chap MD5> <magic 0x2ee3a009>]
Sep  7 09:04:28 sas pppd[7925]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0x40d55897>]
Sep  7 09:04:28 sas pppd[7925]: sent [LCP ConfAck id=0x49 <mru 1492> <auth chap MD5> <magic 0x2ee3a009>]
Sep  7 09:04:28 sas pppd[7925]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0x40d55897>]
Sep  7 09:04:28 sas pppd[7925]: sent [LCP EchoReq id=0x0 magic=0x40d55897]
Sep  7 09:04:28 sas pppd[7925]: rcvd [CHAP Challenge id=0xe1 <5d0ed0474362afe7ba133505ef10ce6c>, name = "BSBOR204"]
Sep  7 09:04:28 sas pppd[7925]: sent [CHAP Response id=0xe1 <56e3be5269a704678814d80fce333178>, name = "**my_login**@net1.nerim.nerim"]
Sep  7 09:04:28 sas pppd[7925]: rcvd [LCP EchoRep id=0x0 magic=0x2ee3a009] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Sep  7 09:04:28 sas pppd[7925]: rcvd [LCP ConfReq id=0x1 <auth chap MD5> <magic 0x60620816>]
Sep  7 09:04:28 sas pppd[7925]: sent [LCP ConfReq id=0x2 <mru 1492> <magic 0x2d987e73>]
Sep  7 09:04:28 sas pppd[7925]: sent [LCP ConfAck id=0x1 <auth chap MD5> <magic 0x60620816>]
Sep  7 09:04:28 sas pppd[7925]: rcvd [LCP ConfNak id=0x2 <mru 1500>]
Sep  7 09:04:28 sas pppd[7925]: sent [LCP ConfReq id=0x3 <magic 0x2d987e73>]
Sep  7 09:04:28 sas pppd[7925]: rcvd [LCP ConfAck id=0x3 <magic 0x2d987e73>]
Sep  7 09:04:28 sas pppd[7925]: sent [LCP EchoReq id=0x0 magic=0x2d987e73]
Sep  7 09:04:28 sas pppd[7925]: rcvd [CHAP Challenge id=0xe2 <630f982c13c7045c575025da45ddfafc>, name = "lns101-tip-voltaire"]
Sep  7 09:04:28 sas pppd[7925]: sent [CHAP Response id=0xe2 <472ce4c4c1bb7b12ba5a30295a39a273>, name = "**my_login**@net1.nerim.nerim"]
Sep  7 09:04:28 sas pppd[7925]: rcvd [LCP EchoRep id=0x0 magic=0x60620816]
Sep  7 09:04:28 sas pppd[7925]: rcvd [CHAP Success id=0xe2 ""]
Sep  7 09:04:28 sas pppd[7925]: CHAP authentication succeeded
Sep  7 09:04:28 sas pppd[7925]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
Sep  7 09:04:28 sas pppd[7925]: rcvd [IPCP ConfReq id=0x1 <addr 62.4.16.248>]
Sep  7 09:04:28 sas pppd[7925]: sent [IPCP ConfAck id=0x1 <addr 62.4.16.248>]
Sep  7 09:04:28 sas pppd[7925]: rcvd [proto=0x8057] 01 01 00 0e 01 0a 02 07 0d ff fe f5 f8 00
Sep  7 09:04:28 sas pppd[7925]: Unsupported protocol 0x8057 received
Sep  7 09:04:29 sas pppd[7925]: sent [LCP ProtRej id=0x4 80 57 01 01 00 0e 01 0a 02 07 0d ff fe f5 f8 00]
Sep  7 09:04:29 sas pppd[7925]: rcvd [IPCP ConfNak id=0x1 <addr 213.41.*.*>]
Sep  7 09:04:29 sas pppd[7925]: sent [IPCP ConfReq id=0x2 <addr 213.41.*.*>]
Sep  7 09:04:29 sas pppd[7925]: rcvd [IPCP ConfAck id=0x2 <addr 213.41.*.*>]
Sep  7 09:04:29 sas pppd[7925]: local  IP address 213.41.*.*
Sep  7 09:04:29 sas pppd[7925]: remote IP address 62.4.16.248
Sep  7 09:04:29 sas pppd[7925]: Script /etc/ppp/ip-up started (pid 7977)
Sep  7 09:04:29 sas e-smith[7982]: Processing event: ip-up ppp0  38400 213.41.*.* 62.4.16.248 pppoe
Sep  7 09:04:29 sas e-smith[7982]: Running event handler: /etc/e-smith/events/ip-up/S20email-ipup
Sep  7 09:04:30 sas e-smith[7982]: S20email-ipup=action|Event|ip-up|Action|S20email-ipup|Start|1094540669 921611|End|1094540670 354258|Elapsed|0.432647
Sep  7 09:04:30 sas e-smith[7982]: Running event handler: /etc/e-smith/events/ip-up/S55set-gateway-ip
Sep  7 09:04:30 sas e-smith[7966]: S50isdn-down-notify=action|Event|ip-down|Action|S50isdn-down-notify|Start|1094540667 757268|End|1094540670 639383|Elapsed|2.882115
Sep  7 09:04:30 sas e-smith[7966]: Running event handler: /etc/e-smith/events/ip-down/S70pptp-interface-access
Sep  7 09:04:30 sas e-smith[7982]: S55set-gateway-ip=action|Event|ip-up|Action|S55set-gateway-ip|Start|1094540670 354475|End|1094540670 809268|Elapsed|0.454793
Sep  7 09:04:31 sas e-smith[7966]: Use of uninitialized value in split at /etc/e-smith/events/ip-down/S70pptp-interface-access line 37.
Sep  7 09:04:31 sas e-smith[7966]: S70pptp-interface-access=action|Event|ip-down|Action|S70pptp-interface-access|Start|1094540670 639602|End|1094540671 185024|Elapsed|0.545422
Sep  7 09:04:31 sas e-smith[7966]: Running event handler: /etc/e-smith/events/ip-down/S80conf-masq
Sep  7 09:04:32 sas e-smith[7966]: S80conf-masq=action|Event|ip-down|Action|S80conf-masq|Start|1094540671 185259|End|1094540672 361153|Elapsed|1.175894
Sep  7 09:04:32 sas e-smith[7966]: Running event handler: /etc/e-smith/events/ip-down/S85adjust-masq
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain ForwardedTCP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain ForwardedUDP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain ForwardedUDP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --new-chain'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --jump'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain InboundTCP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain InboundTCP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --new-chain'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Couldn't load target denylog':/lib/iptables/libipt_denylog.so: cannot open shared object file: No such file or directory
Sep  7 09:04:33 sas e-smith[7966]:
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument tcp'
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --jump'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain InboundUDP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain InboundUDP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --new-chain'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Couldn't load target denylog':/lib/iptables/libipt_denylog.so: cannot open shared object file: No such file or directory
Sep  7 09:04:33 sas e-smith[7966]:
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --jump'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: iptables: No chain/target/match by that name
Sep  7 09:04:33 sas last message repeated 3 times
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Couldn't load target denylog':/lib/iptables/libipt_denylog.so: cannot open shared object file: No such file or directory
Sep  7 09:04:33 sas e-smith[7966]:
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: iptables: No chain/target/match by that name
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain InboundICMP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain InboundICMP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --new-chain'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument denylog'
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --jump'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: iptables: No chain/target/match by that name
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain OutboundICMP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain OutboundICMP in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --new-chain'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument icmp'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: Bad argument denylog'
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --jump'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain local_chk in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables: Table does not exist (do you need to insmod?)
Sep  7 09:04:33 sas e-smith[7966]: ERROR: Cannot find chain local_chk in table filter
Sep  7 09:04:33 sas e-smith[7966]: iptables v1.2.5: Unknown arg --new-chain'
Sep  7 09:04:33 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:34 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:34 sas e-smith[7966]: Bad argument lo'
Sep  7 09:04:34 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:34 sas e-smith[7966]: Bad argument 192.168.150.0/255.255.255.0'
Sep  7 09:04:34 sas e-smith[7966]: iptables v1.2.5: Unknown arg --jump'
Sep  7 09:04:34 sas e-smith[7966]: Try iptables -h' or 'iptables --help' for more information.
Sep  7 09:04:34 sas e-smith[7966]: S85adjust-masq=action|Event|ip-down|Action|S85adjust-masq|Start|1094540672 361396|End|1094540674 33444|Elapsed|1.672048
Sep  7 09:04:34 sas pppd[7925]: Script /etc/ppp/ip-up finished (pid 7977), status = 0x0
*****************************************************

Thanks for reading until here.
;-)

RV.
Logged
----
"Those who are willing to lose some of their essential liberties in favour of security deserve neither and will lose both."
- Thomas Jefferson .

guest22

'Race' between ip-up & ip-down : iptables rules flushed
« Reply #1 on: September 16, 2004, 11:25:47 PM »
Just a quick reply, will a 'pause' command help?
Logged

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: 'Race' between ip-up & ip-down : iptables rules flu
« Reply #2 on: October 15, 2004, 03:34:54 AM »
Quote from: "RvLardin"

So, we have the following problem :
Once the end of the connection is detected, the 'ip-down' script is launch.
At the same time, the pppd daemon restart the connexion and get an IP less than 0sec 02'' after.
And than the ip-up script begin.
When everything goes well, the ip-down finish just before the ip-up restart the masq script, but othertimes, ip-down flushes iptables rules just a little after the ip-up has set them.

And then you have a box that is unreacheable nor from inside, neither from outside. You have to go to your client office, plug a screen and a keyboard to issue a salvator : service masq restart. And that's all.


Looks like you are quite sure that you have found a bug, and have recorded lots of details of the problem. You really should take this to the bug tracker, so that the issue can be tracked to closure.

Quote

The only fix I can imagine is a 'flag' indicating that the ip-down is finished, and a test of this flag at the beginning of the ip-up script, pausing 2 seconds if not.
Other ideas ? A good fix for that ?


The first pppoe should not exit until pppd exits, and pppd should not exit until ip-down has completed. The new pppoe won't be started until the first one exits, so if all the above shoulds are satisfied, then the iptables rules shouldn't get confused. So someone needs to work out why pppoe exits before the ip-down stuff has all finished.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: 'Race' between ip-up & ip-down : iptables rules flushed