X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@lists.alpinelinux.org Received: from mail-ew0-f217.google.com (mail-ew0-f217.google.com [209.85.219.217]) by lists.alpinelinux.org (Postfix) with ESMTP id 1709820DBDC for ; Thu, 27 Aug 2009 10:37:15 +0000 (UTC) Received: by ewy17 with SMTP id 17so433043ewy.26 for ; Thu, 27 Aug 2009 03:37:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=XnZFJntu84dcMhRo1DVJxJ1mV4In1ru0AS0+c/sUtNc=; b=VV84iW7OJWv+q74j5+EAuNa0LIEd+eSPhhyZY3tVb1d0UpWucc1xtxlJESn7cvFH2h HEOCtZzWf5HXMeOu1Fod8elmQP6dEsKmYE20IKhgLrDAVJFi2pA6cIgm/q3/CjK5T0nl DF18hyji9AFTUBqkj3E8/xgdKvL9+a1UyUia4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=AB5N1aGIcRzPFkmZgeaglDUuKULFcNlBjDshPXgtVqKg9RqHGzHoPomehncRA0Zq3I YSry+UUceTtNSUwnFVpcrbr1EEH3KumAP4gbHjkdrXedvbGhZ7Gt+dr9kFZvPULYN7pP 9wkR9/tkG2ai5ux6Tuqn+2uSTZl2pwBeo93R8= X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Received: by 10.211.152.3 with SMTP id e3mr3240931ebo.83.1251369434625; Thu, 27 Aug 2009 03:37:14 -0700 (PDT) In-Reply-To: <20090827031308.237a156e@sneezy.prov.us> References: <20090827031308.237a156e@sneezy.prov.us> Date: Thu, 27 Aug 2009 12:37:14 +0200 Message-ID: <95408c820908270337w56494e3en468936a62661be55@mail.gmail.com> Subject: Re: [alpine-devel] iptables error on 2.6.26-vsgrsec From: Natanael Copa To: John Keith Hohm Cc: alpine Content-Type: multipart/alternative; boundary=0015174bea84a235ce04721d2634 --0015174bea84a235ce04721d2634 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On Thu, Aug 27, 2009 at 10:13 AM, John Keith Hohm wrote: > Alpine Linux is awesome, thanks so much to all the contributors. > > This morning when I upgraded our Alpine Linux 1.7.27 firewall with > kernel 2.6.25-hardened-r10 to Alpine Linux 1.8.3 with kernel > 2.6.26-vsgrsec I was unable to start shorewall; it complained like: > > iptables: Memory allocation problem The 2.6.26-vsgrsec kernel have known issues. If you need a vserver host then you'd probably need an older 2.6.22 based kernel (something like alpine 1.7.26 or earlier) > Fortunately I was able to reboot into the upgraded system with the > older 2.6.25-hardened-r10 kernel and get the firewall working (well, > after some racoon.conf edits, but I digress). > > How do I allow iptables to use more memory on the 2.6.26-vsgrsec kernel? > The server is not low on physical memory (it has 2 GB installed). I > have a similar system with the same Alpine Linux 1.8.3 running the same > 2.6.26-vsgrsec kernel and the same custom shorewall-4.2.10 packages but > a much simpler shorewall rule set, which starts up fine. i would recommend try 1.9 beta4 if you need more recent kernel. (it does have some issues with kernel modules that needs string parameters but i think that was fixed in the update i did today - i havent been able to test it yet thoug). beta4 should also have the shorewall 4.x packages. If you have problems with this, please let us know and we will fix asap. (im on vacation right now so probabably next week) -nc --0015174bea84a235ce04721d2634 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Thu, Aug 27, 2009 at 10:13 AM, John Keith Hoh= m <john@hohm.net&= gt; wrote:
Alpine Linux is awesome, thanks so much to all the contributors.

This morning when I upgraded our Alpine Linux 1.7.27 firewall with
kernel 2.6.25-hardened-r10 to Alpine Linux 1.8.3 with kernel
2.6.26-vsgrsec I was unable to start shorewall; it complained like:

iptables: Memory allocation problem

The 2.6.26-vsgrsec= kernel have known issues. If you need a vserver host then you'd probab= ly need an older 2.6.22 based kernel (something like alpine 1.7.26 or earli= er)
=A0
Fortunately I was able to reboot into the upgraded system with the
older 2.6.25-hardened-r10 kernel and get the firewall working (well,
after some racoon.conf edits, but I digress).

How do I allow iptables to use more memory on the 2.6.26-vsgrsec kernel? The server is not low on physical memory (it has 2 GB installed). =A0I
have a similar system with the same Alpine Linux 1.8.3 running the same
2.6.26-vsgrsec kernel and the same custom shorewall-4.2.10 packages but
a much simpler shorewall rule set, which starts up fine.
<= br>i would recommend try 1.9 beta4 if you need more recent kernel. (it does= have some issues with kernel modules that needs string parameters but i th= ink that was fixed in the update i did today -=A0 i havent been able to tes= t it yet thoug). beta4 should also have the shorewall 4.x packages. If you = have problems with this, please let us know and we will fix asap. (im on va= cation right now so probabably next week)

-nc

--0015174bea84a235ce04721d2634-- --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---