Iptables problem on Xen
in [Slackware]
|
From: peter.fastre on 7 Mar 2007 17:27 Hello folks I've been using Slackware for many, many years now. But now I'm really frustrated. I have a small hosting company, and we have purchased a new server, which will be divided into several virtual machines. I planned using Xen, because the performance should be great, and I heard a lot of positive comments. So I tried setting it up on a test machine. First, I tried installing it on Slackware, as this is my premier choice. Probably it's because of my bad knowledge of Xen at that time, but I didn't succeed. Then I followed some tutorials to install Xen, tried several distro's, and finally got it to work on Ubuntu 6.06LTS 64bit. Great, I thought, because I got Slackware running on my guest domains, and everything seemed to work ok. The only thing I needed that Ubuntu for, was for the dom0 (the base system), which isn't supposed to do anything more than being the Xen host. The application servers are running slack, which I'm used to. There's only one problem, which I can not resolve: iptables v1.3.5: can't initialize iptables table `filter': Bad file descriptor. Perhaps iptables or your kernel needs to be upgraded. I learned this could be caused by an incompatibility between the (64- bit) kernel and the 32-bit Slackware system. Ok, but what can I do about it? I could use Ubuntu guests, but don't want to. I tried compiling iptables from source, to no avail. Tried copying a 64-bit iptables executable to my system, but that's not a very bright idea :) (32-bit libc systems can not run 64-bit executables). So I'm stuck here. I really hope someone can help! Regards Peter
From: Daniel de Kok on 8 Mar 2007 04:45 On Wed, 07 Mar 2007 14:27:16 -0800, peter.fastre(a)gmail.com wrote: > There's only one problem, which I can not resolve: > iptables v1.3.5: can't initialize iptables table `filter': Bad file > descriptor. Perhaps iptables or your kernel needs to be upgraded. It's a problem with the iptables utility, a x86 iptables can't modify rules on a x86_64 kernel. > compiling iptables from source, to no avail. Tried copying a 64-bit > iptables executable to my system, but that's not a very bright idea :) > (32-bit libc systems can not run 64-bit executables). Actually, it is a good idea, and it is how I worked around the problem. Though, the best way to do this is to build a small chroot environment. I downloaded these packages from SLAMD64: aaa_base-11.0.0-noarch-1.tgz aaa_elflibs-11.0.0-x86_64-7.tgz bash-3.1.017-x86_64-1.tgz glibc-solibs-2.3.6-x86_64-8.tgz iptables-1.3.5-x86_64-1.tgz Then a small chroot environment: mkdir -p /emul/x86_64 installpkg -root /emul/x86_64 slamd_packages/*.tgz chroot /emul/x86_64 ldconfig -v After that, you should be able to run iptables with: chroot /emul/x86_64 /usr/sbin/iptables <yourparams> -- Daniel
From: peter.fastre on 8 Mar 2007 07:50 > > compiling iptables from source, to no avail. Tried copying a 64-bit > > iptables executable to my system, but that's not a very bright idea :) > > (32-bit libc systems can not run 64-bit executables). > > Actually, it is a good idea, and it is how I worked around the problem. > Though, the best way to do this is to build a small chroot environment. I > downloaded these packages from SLAMD64: > > aaa_base-11.0.0-noarch-1.tgz > aaa_elflibs-11.0.0-x86_64-7.tgz > bash-3.1.017-x86_64-1.tgz > glibc-solibs-2.3.6-x86_64-8.tgz > iptables-1.3.5-x86_64-1.tgz > > Then a small chroot environment: > > mkdir -p /emul/x86_64 > installpkg -root /emul/x86_64 slamd_packages/*.tgz > chroot /emul/x86_64 ldconfig -v > > After that, you should be able to run iptables with: > > chroot /emul/x86_64 /usr/sbin/iptables <yourparams> Thanks for you reply, I'll try it, probably I'll get it to work. But is it good practice? Starting with 64-bit kernel, using 64-bit iptables version, but still compiling and using all other programs 32- bit? Is this good for production use? Or should I use slamd64 instead of slack32? Or should I try using the 32-bit slackware as the host OS too? Do you think this is possible?
From: Chick Tower on 8 Mar 2007 11:46 On Wed, 07 Mar 2007 14:27:16 -0800, peter.fastre(a)gmail.com wrote: > There's only one problem, which I can not resolve: iptables v1.3.5: can't > initialize iptables table `filter': Bad file descriptor. Perhaps iptables > or your kernel needs to be upgraded. > > I learned this could be caused by an incompatibility between the (64- bit) > kernel and the 32-bit Slackware system. Ok, but what can I do about it? This question may sound sarcastic, but it's not. Is there any reason you can't run a 32-bit version of the host OS instead of the 64-bit version? -- Chick Tower For e-mail: aols . sent . towerboy AT xoxy . net
From: peter.fastre on 8 Mar 2007 13:14
On Mar 8, 5:46 pm, Chick Tower <c.to...(a)deadspam.com> wrote: > This question may sound sarcastic, but it's not. Is there any reason you > can't run a 32-bit version of the host OS instead of the 64-bit version? No there isn't. At least I thought there was, because 32-bit systems can't address more than 4GB of RAM, but now I know Xen has a workaround for that. I think I'll go and try Slackware 11 + Xen. If it really doesn't work, maybe I have to start using 64-bit ubuntu. Peter |