Re: Kernet panic with NAT

"Raciel Perez Hernandez" <racielprz@xxxxxxxxxxxxxxxxx> · Sun, 24 Sep 2006 10:52:46 -0400 (CDT)

Had you try to replace your kernel few days ago i install a new computer
and sometimes it give me a kernel panic the kernel version 2.6-15 on
debian
Etch then i replace it for 2.6.17 and it works just fine.

> Hi everybody,
> I use NAT since 2003 on a little home LAN. Recently after my old
> firewall died I replaced it. From time to time there is a kernel panic.
> The message is not always the same (and it is Chinese for me), but it
> always ends with "exception in interrupt" and speaks of "common-irq";
> when i can see the beginning it's about iptables-nat, and anyway it
> doesn't happen when iptables is stopped. Could there be an issue with
> SMP (I have two dual-core Xeons)
> Here is my /etc/sysconfig/iptables file:
> # Generated by iptables-save v1.2.9 on Thu Aug 19 18:12:27 2004
> *nat
> :PREROUTING ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A POSTROUTING -o eth0 -j SNAT --to-source 81.57.16.29
> COMMIT
> # Completed on Thu Aug 19 18:12:27 2004
> # Generated by iptables-save v1.2.9 on Thu Aug 19 18:12:27 2004
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :block - [0:0]
> -A INPUT -j block
> -A FORWARD -j block
> -A block -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A block -i eth0 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
> -A block -i eth0 -p udp -m state --state NEW -m udp --dport 21 -j ACCEPT
> -A block -i eth0 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
> -A block -i eth0 -p udp -m state --state NEW -m udp --dport 22 -j ACCEPT
> -A block -i eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
> -A block -i eth0 -p udp -m state --state NEW -m udp --dport 80 -j ACCEPT
> -A block -i eth0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
> -A block -i eth0 -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
> -A block -i eth0 -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
> -A block -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT
> -A block -p tcp -m state --state NEW -m tcp --dport 5801 -j ACCEPT
> -A block -p tcp -m state --state NEW -m tcp --dport 2009 -j ACCEPT
> -A block -p tcp -m state --state NEW -m tcp --dport 2106 -j ACCEPT
> -A block -p tcp -m state --state NEW -m tcp --dport 7777 -j ACCEPT
> -A block -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
> -A block -i ! eth0 -j ACCEPT
> -A block -j DROP
> COMMIT
> # Completed on Thu Aug 19 18:12:27 2004
> Can anybody help?
>                 Jacques Rodary (Sorry for my English)
>
>
>
>
>