iptables: Protocol wrong type for socket.

[hvw59601]

Hi,

I guess if this is [OT] I will hear about it :-)

Anyway, I installed Firehol on a sid system that runs a kernel that I
have configured myself.

However, I get lots of errors when Firehol tries to start, like:

...
ERROR : # 1.
WHAT : A runtime command failed to execute (returned error 1).
SOURCE : line 31 of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_internet -p tcp -m state
--state NEW \! --syn -j pr_internet_nosyn
OUTPUT :

iptables: Protocol wrong type for socket.
...

I googled the error and there are lots of hits, but I see no clue as to
what the message actually means.

Obviously I have not configured the kernel correctly because with the
Debian kernels there are no errors.

But what kernel configuration parameter might be missing/wrong?

Hugo


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/jvptds$ddf$1...@dough.gmane.org

[Camaleón]

On Mon, 06 Aug 2012 21:10:03 -0500, hvw59601 wrote:

> I guess if this is [OT] I will hear about it :-)

Nah, it's fine to me :-)

> Anyway, I installed Firehol on a sid system that runs a kernel that I
> have configured myself.
>
> However, I get lots of errors when Firehol tries to start, like:
>
> ...
> ERROR : # 1.
> WHAT : A runtime command failed to execute (returned error 1).
> SOURCE : line 31 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A in_internet -p tcp -m state --state NEW \! --syn -j pr_internet_nosyn
> OUTPUT :
>
> iptables: Protocol wrong type for socket. ...

I understand the mesage comes from your kernel, I mean, nothing wrong
in firehol.

> I googled the error and there are lots of hits, but I see no clue as to
> what the message actually means.
>
> Obviously I have not configured the kernel correctly because with the
> Debian kernels there are no errors.
>
> But what kernel configuration parameter might be missing/wrong?

Can't tell for the exact parameter/option that controls this but what I
use to do when have to compile a new kernel is using the current ".config"
file which comes along with Debian stock kernel to avoid missing/messing
something.

Greetings,

--
Camaleón

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/jvrcs5$6mk$9...@dough.gmane.org

[hvw59601]

But the difference in kernel sizes between a kernel with the Debian
.config and one with my own .config for this particular box is huge:
32MB vs. 4MB.

But I figured it out: I compiled 3.4.7 from kernel.org with a .config
from Debian's kernel in experimental, 3.5.0. I booted that and compared
the lsmod from that with the one of 3.4.7 with my own .config and it
turned out that there were 2 modules present in the former that were not
in mine: nf_connttrack_ipv4 and nf_defrag_ipv4. I reconfigured and now
it works like a charm.

This is all for figuring out
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683768
and hibernate times for the various kernels that changed dramatically
beginning with 3.2.21-1, from 10s. to 35s.

Strange enough hibernate for 3.4.7 with Debian .config takes 24s. and
with my own config 10s. Who knows what is going on.

Thanks Camaleón.

Hugo

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/jvrfrc$g15$1...@dough.gmane.org

[Camaleón]

On Tue, 07 Aug 2012 11:30:36 -0500, hvw59601 wrote:

> Camaleón wrote:

(...)

>>> Obviously I have not configured the kernel correctly because with the
>>> Debian kernels there are no errors.
>>>
>>> But what kernel configuration parameter might be missing/wrong?
>>
>> Can't tell for the exact parameter/option that controls this but what I
>> use to do when have to compile a new kernel is using the current
>> ".config" file which comes along with Debian stock kernel to avoid
>> missing/messing
>> something.
>>
>>
> But the difference in kernel sizes between a kernel with the Debian
> .config and one with my own .config for this particular box is huge:
> 32MB vs. 4MB.

32 MiB for a kernel is not that huge O:-)

Okay, point taken.

> But I figured it out: I compiled 3.4.7 from kernel.org with a .config
> from Debian's kernel in experimental, 3.5.0. I booted that and compared
> the lsmod from that with the one of 3.4.7 with my own .config and it
> turned out that there were 2 modules present in the former that were not
> in mine: nf_connttrack_ipv4 and nf_defrag_ipv4. I reconfigured and now
> it works like a charm.

Ha, well done.

Which reminds me another trick: the "localmodconfig" parameter for the
"make" that suits perfect for these situations.

> This is all for figuring out
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683768 and hibernate
> times for the various kernels that changed dramatically beginning with
> 3.2.21-1, from 10s. to 35s.
>
> Strange enough hibernate for 3.4.7 with Debian .config takes 24s. and
> with my own config 10s. Who knows what is going on.

You say it: who knows what's happening.

Hibernating and suspension are two things I never use (neither on windows
systems not netbooks, laptops, desktops...), mainly because I find them
pretty useless but specially in linux also because they can break very
easily -a simple kernel change, a problematic driver... and you're hosed-
and doing a hard reset is something a would like to avoid as much as I
can.

> Thanks Camaleón.

You're welcome and good luck with your debugging :-)

Greetings,

--
Camaleón

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/jvriik$6mk$1...@dough.gmane.org

[hvw59601]

Right. That would have been easier. I just looked at
streamline_config.pl, which is what that executes. Boot the kernel with
the Debian .config and execute that perl script: it would have found
those 2 modules and set them in the config that it generates.

>> This is all for figuring out
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683768 and hibernate
>> times for the various kernels that changed dramatically beginning with
>> 3.2.21-1, from 10s. to 35s.
>>
>> Strange enough hibernate for 3.4.7 with Debian .config takes 24s. and
>> with my own config 10s. Who knows what is going on.
>
> You say it: who knows what's happening.
>
> Hibernating and suspension are two things I never use (neither on windows
> systems not netbooks, laptops, desktops...), mainly because I find them
> pretty useless but specially in linux also because they can break very
> easily -a simple kernel change, a problematic driver... and you're hosed-
> and doing a hard reset is something a would like to avoid as much as I
> can.
>

True, but having everything where you left off when you boot again is
very tempting and powering off is enforced in this locality. But I
average about 12 hibernates with this desktop before a hickup and I have
to do a hard reset, without a clue of went wrong of course...

>> Thanks Camaleón.
>
> You're welcome and good luck with your debugging :-)
>

Hugo

--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Archive: http://lists.debian.org/jvrk74$mqn$1...@dough.gmane.org