Problems with kernel 4.7.10-100.fc23

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have several machines still running Fedora 23 but otherwise kept 
current with all posted updates. The latest kernel, 4.7.10-100.fc23, is 
causing me several troubles.

1. On these machines, I run iptables but not firewalld. The only reason 
I need either is to provide a NAT service. With the latest kernel, 
iptables with NAT refuses to start. From syslog:

> (Date elided below for readability)
> systemd: Starting IPv4 firewall with iptables...
> iptables.init: iptables: Applying firewall rules: iptables-restore v1.4.21: iptables-restore: unable to initialize table 'nat'
> iptables.init: Error occurred at line: 1
> iptables.init: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
> iptables.init: [FAILED]
> systemd: iptables.service: Main process exited, code=exited, status=1/FAILURE
> audit: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=iptables comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
> systemd: Failed to start IPv4 firewall with iptables.
> systemd: iptables.service: Unit entered failed state.
> systemd: iptables.service: Failed with result 'exit-code'.

Downgrading to kernel 4.7.9-100.fc23 resolved this issue.

2. These machines have two network interfaces and act as a bridge 
between two networks, one public and the other RFC1918. That's why they 
need the NAT. When performing an SSH connection from one of these 
machines to one of the other machines on its own RFC1918 network, the 
source of the connection is reported as the machine's public address, 
not its RFC1918 address. That violates some of the SSHD rules used on 
the target machine and prevents the connection. With previous kernels, 
the reported source address was the machine's RFC1918 address.

Downgrading to kernel 4.7.9-100.fc23 did NOT resolve this issue. It may 
be (should be) possible to resolve it by re-installing with the earlier 
kernel but I haven't yet tried that.
-- 
Dave Close
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]
  Powered by Linux