~alpine/devel

1

[alpine-devel] iptables error on 2.6.26-vsgrsec

John Keith Hohm <john@hohm.net>
Details
Message ID
<20090827031308.237a156e@sneezy.prov.us>
Sender timestamp
1251360788
DKIM signature
missing
Download raw message
Alpine Linux is awesome, thanks so much to all the contributors.

This morning when I upgraded our Alpine Linux 1.7.27 firewall with
kernel 2.6.25-hardened-r10 to Alpine Linux 1.8.3 with kernel
2.6.26-vsgrsec I was unable to start shorewall; it complained like:

iptables: Memory allocation problem

Fortunately I was able to reboot into the upgraded system with the
older 2.6.25-hardened-r10 kernel and get the firewall working (well,
after some racoon.conf edits, but I digress).

How do I allow iptables to use more memory on the 2.6.26-vsgrsec kernel?
The server is not low on physical memory (it has 2 GB installed).  I
have a similar system with the same Alpine Linux 1.8.3 running the same
2.6.26-vsgrsec kernel and the same custom shorewall-4.2.10 packages but
a much simpler shorewall rule set, which starts up fine.

-- 
John Keith Hohm
<john@hohm.net>


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Details
Message ID
<95408c820908270337w56494e3en468936a62661be55@mail.gmail.com>
In-Reply-To
<20090827031308.237a156e@sneezy.prov.us> (view parent)
Sender timestamp
1251369434
DKIM signature
missing
Download raw message
On Thu, Aug 27, 2009 at 10:13 AM, John Keith Hohm <john@hohm.net> wrote:

> Alpine Linux is awesome, thanks so much to all the contributors.
>
> This morning when I upgraded our Alpine Linux 1.7.27 firewall with
> kernel 2.6.25-hardened-r10 to Alpine Linux 1.8.3 with kernel
> 2.6.26-vsgrsec I was unable to start shorewall; it complained like:
>
> iptables: Memory allocation problem


The 2.6.26-vsgrsec kernel have known issues. If you need a vserver host then
you'd probably need an older 2.6.22 based kernel (something like alpine
1.7.26 or earlier)


> Fortunately I was able to reboot into the upgraded system with the
> older 2.6.25-hardened-r10 kernel and get the firewall working (well,
> after some racoon.conf edits, but I digress).
>
> How do I allow iptables to use more memory on the 2.6.26-vsgrsec kernel?
> The server is not low on physical memory (it has 2 GB installed).  I
> have a similar system with the same Alpine Linux 1.8.3 running the same
> 2.6.26-vsgrsec kernel and the same custom shorewall-4.2.10 packages but
> a much simpler shorewall rule set, which starts up fine.


i would recommend try 1.9 beta4 if you need more recent kernel. (it does
have some issues with kernel modules that needs string parameters but i
think that was fixed in the update i did today -  i havent been able to test
it yet thoug). beta4 should also have the shorewall 4.x packages. If you
have problems with this, please let us know and we will fix asap. (im on
vacation right now so probabably next week)

-nc
Reply to thread Export thread (mbox)