[isf-wifidog] Iptables command failed (related to bug ticket 519)
Menil Jean-Philippe
Jean-Philippe.Menil at univ-nantes.fr
Mar 27 Jan 03:13:32 EST 2009
Hello all,
related to bug ticket 519, i occur the same problems:
when i start wifidog daemon, it's produce me some errors.
Here is the output:
Starting Wifidog ...
Testing for iptables modules
Testing ipt_mac
ipt_mac module is working
Testing ipt_mark
ipt_mark module is working
Testing ipt_REDIRECT
ipt_REDIRECT module is working
OK
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t mangle -F WiFiDog_cr1_Trusted
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t mangle -F WiFiDog_cr1_Outgoing
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t mangle -F WiFiDog_cr1_Incoming
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t mangle -X WiFiDog_cr1_Trusted
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t mangle -X WiFiDog_cr1_Outgoing
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t mangle -X WiFiDog_cr1_Incoming
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -F WiFiDog_cr1_AuthServers
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -F WiFiDog_cr1_Outgoing
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -F WiFiDog_cr1_WIFI2Router
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -F WiFiDog_cr1_WIFI2Internet
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -F WiFiDog_cr1_Global
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -F WiFiDog_cr1_Unknown
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -X WiFiDog_cr1_AuthServers
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -X WiFiDog_cr1_Outgoing
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -X WiFiDog_cr1_WIFI2Router
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -X WiFiDog_cr1_WIFI2Internet
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -X WiFiDog_cr1_Global
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t nat -X WiFiDog_cr1_Unknown
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -F WiFiDog_cr1_WIFI2Internet
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -F WiFiDog_cr1_AuthServers
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -F WiFiDog_cr1_Locked
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -F WiFiDog_cr1_Global
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -F WiFiDog_cr1_Validate
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -F WiFiDog_cr1_Known
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -F WiFiDog_cr1_Unknown
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -X WiFiDog_cr1_WIFI2Internet
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -X WiFiDog_cr1_AuthServers
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -X WiFiDog_cr1_Locked
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -X WiFiDog_cr1_Global
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -X WiFiDog_cr1_Validate
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -X WiFiDog_cr1_Known
[3][Tue Jan 27 09:04:03 2009][7991](fw_iptables.c:116) iptables comand
failed(127): iptables -t filter -X WiFiDog_cr1_Unknown
However, the iptables rules are fully loaded:
wifidog:~# iptables -nvL
Chain INPUT (policy ACCEPT 1150K packets, 336M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy DROP 20 packets, 10580 bytes)
pkts bytes target prot opt in out source
destination
0 0 WiFiDog_cr1_WIFI2Internet all -- eth1 *
0.0.0.0/0 0.0.0.0/0
5264 6586K ACCEPT all -- eth0 eth1 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 1210K packets, 206M bytes)
pkts bytes target prot opt in out source
destination
Chain WiFiDog_cr1_AuthServers (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
193.52.107.5
Chain WiFiDog_cr1_Global (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0
80.74.64.23 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.101.35 tcp dpt:80
Chain WiFiDog_cr1_Known (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.101.145 tcp dpt:25
0 0 LOG tcp -- * * 0.0.0.0/0
193.52.101.145 tcp dpt:25 LOG flags 0 level 4 prefix `Smtp-Tls1 25 '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.101.145 tcp dpt:465
0 0 LOG tcp -- * * 0.0.0.0/0
193.52.101.145 tcp dpt:25 LOG flags 0 level 4 prefix `Smtp-Tls1 465 '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.101.33 tcp dpt:25
0 0 LOG tcp -- * * 0.0.0.0/0
193.52.101.33 tcp dpt:25 LOG flags 0 level 4 prefix `Smtp-tls.etu
25 '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.101.33 tcp dpt:465
0 0 LOG tcp -- * * 0.0.0.0/0
193.52.101.33 tcp dpt:465 LOG flags 0 level 4 prefix `Smtp-tls.etu
465 '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
172.20.12.240 tcp dpt:993
0 0 LOG tcp -- * * 0.0.0.0/0
172.20.12.240 tcp dpt:993 LOG flags 0 level 4 prefix
`Imaps.etu.prive 993 '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.101.240 tcp dpt:993
0 0 LOG tcp -- * * 0.0.0.0/0
193.52.101.240 tcp dpt:25 LOG flags 0 level 4 prefix `Imaps.etu 999 '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.101.32 tcp dpt:5222
0 0 LOG tcp -- * * 0.0.0.0/0
193.52.101.32 tcp dpt:5222 LOG flags 0 level 4 prefix `Jabber 5222 '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.101.34 tcp dpt:5222
0 0 LOG tcp -- * * 0.0.0.0/0
193.52.101.34 tcp dpt:5222 LOG flags 0 level 4 prefix `Jabber.etu
5222 '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.101.32 tcp dpt:5223
0 0 LOG tcp -- * * 0.0.0.0/0
193.52.101.32 tcp dpt:5223 LOG flags 0 level 4 prefix `Jabber 5223 '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.101.34 tcp dpt:5223
0 0 LOG tcp -- * * 0.0.0.0/0
193.52.101.34 tcp dpt:5223 LOG flags 0 level 4 prefix `Jabber.etu
5223 '
0 0 ACCEPT tcp -- * * 0.0.0.0/0
193.52.107.6 tcp dpt:3128
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `RESTE '
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
Chain WiFiDog_cr1_Locked (1 references)
pkts bytes target prot opt in out source
destination
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
Chain WiFiDog_cr1_Unknown (1 references)
pkts bytes target prot opt in out source
destination
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
Chain WiFiDog_cr1_Validate (1 references)
pkts bytes target prot opt in out source
destination
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
Chain WiFiDog_cr1_WIFI2Internet (1 references)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 TCPMSS tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 WiFiDog_cr1_AuthServers all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 WiFiDog_cr1_Locked all -- * * 0.0.0.0/0
0.0.0.0/0 mark match 0x254
0 0 WiFiDog_cr1_Global all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 WiFiDog_cr1_Validate all -- * * 0.0.0.0/0
0.0.0.0/0 mark match 0x1
0 0 WiFiDog_cr1_Known all -- * * 0.0.0.0/0
0.0.0.0/0 mark match 0x2
0 0 WiFiDog_cr1_Unknown all -- * * 0.0.0.0/0
0.0.0.0/0
When i start wifidog with the debug command (wifidog -f -d 7), i don't
see any errors related to the "iptables command failed".
My config:
Debian/Lenny
wifidog:~# uname -a
Linux wifidog 2.6.26-1-amd64 #1 SMP Wed Nov 26 18:26:02 UTC 2008 x86_64
GNU/Linux
wifidog:~# iptables -V
iptables v1.4.1.1
I've explore the fw_iptables.c file, but don't see any errors.
Maybe it's related to the fw_quiet? Don't know...
Thanks for the help.
--
Menil Jean-Philippe
DSI de l'Université de Nantes
tél: 02 51 12 53 92
Fax: 02 51 12 58 60
Jean-Philippe.Menil at univ-nantes.fr
Plus d'informations sur la liste de diffusion WiFiDog