# Kernel Panic with iptables

## 69link

I want to know if anybody else seen this problem.

I get kernel Panic when I do SMTP (port 25) traffic from my internal network.

My Gentooserver is NATing the traffic, and on the inside i've tried to send mail (through smtp) with both Outlook Express and Pine. But IPTABLES crashes with Kernel Panic everytime.

I've tried to recompile kernel and iptables several times, but still the same. I think it has to do with ip_connection_tracking.

----------

## okuhl

Hi,

I read something about iptables and the kernel v2.4.20; there seems to be a problem with iptables. 2.4.19 should do.

Regards,

  Ollie.

----------

## Rroet

please use the search function.

There have been loads of threads like this...:

remerge iptables after upgrading to kernel 2.4.20...

----------

## 69link

I've searched everywhere for "kernel panic" and "aiee", but either its with sched.o (disks) or its about overclocking.

Anyway I have not found any solution there.

Also, I want to stay with 2.4.20 because iptables and htb is improved there (amongst other things) and also i'm in process of upgrading to gentoo instead of Mandrake (with vanilla 2.4.20) which I've been running on the same hardware several months, never seeing a kernel panic before.

----------

## Auka

Hello, 

Are you using pppoe? And does the pppoe process "generate" the oops? You said "Aiee" does you oops look similar to this one:

```

Oops: 0000

CPU: 0

EIP: 0010:[<d6b922a3>] Not tainted

EFLAGS: 00010202

eax: 00000000  ebc: 00000000  ecx: 00000000  edx: 00000000

esi: c6ff1828  eai: cbf4bac0  ebp: 00000001  esp: cbec9c68

ds: 0018       es: 0018       ss: 0018

Process: pppoe (pid: 2474, stackpage: cbec9000)

stack: c6ff1828  00000028  00000000  cbec9d04  cbec9cc4  cbec9d70  d31589a0

       c6ff1828  c6ff1810  c011dd41  b78ae3f0  00004c5d  00000000  60007100

       30be53d9  00000000  d3158a48  00000000  d6b97ca0  0000009c  ebec9d88

call trace: [<c011dd41>] [<d6b920ec>] [<c03aa521>] [<d6b58097>] [<d6b58640>]

 

[...] 

Code: 8b 4a 10 74 03 8b 5a 0c 0f b6 50 01 8d 74 24 2c c7 44 24 40

<0> Kernel panic: Aiee, Killing interrupt handler!

In Interrupt handler - not syncing.

```

Then it might be the same problem I am/was experiencing with gentoo-sources-r2. Got an oops after a few minutes, and at once when fetching files through ftp. (bugreport https://bugs.gentoo.org/show_bug.cgi?id=18496)

vanilla-sources and gs-sources work fine for me.

Now that you say htb...I also use the htb filter. As far as I remember I also deactivated htb, but maybe...Last edited by Auka on Sun Apr 20, 2003 7:30 am; edited 2 times in total

----------

## 69link

Yes, I get about the same oops as you do. But im not using pppoe. And also i've tried to run without any iproute-filtering (htb etc..), but i think it has to do with ip_conntrack.

Im also using Gentoo-sources R2.

----------

## Auka

Ok. So welcome to the club...   :Wink:   :Crying or Very sad:   (I really wonder why there are not much more people complaining...)

----------

## 69link

This one could be the problem i have: https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=22

I have 3 network interfaces in my gentoo machine.

How do you get back and forth between gentoo-source R1, R2 and R3 ???

----------

## Auka

Hm, interesting read. (actually had to read it twice until I fully understood this. *g*).  VPN Tunnelinterface or pppoe interface might be the same. 

And if I am not totally wrong, then IMHO, this could also be a solution why in my case certain ftp connections immediately lead to a kernel crash -> active ftp (server tries to open a tcp connection...)?  

Hmm, have to think about it more carefully but this might apply...

At the moment I am quite happy with gss_pre6 as it runs perfectly stable and provides everything I need.

Switching between kernel versions? Quite simple:

I have various kernel-sources emerged and put them in /boot like this:

```

lrwxrwxrwx    1 root     root           22 Mar 30 15:52 System.map -> System.map-2.4.20-r2

-rw-r--r--    1 root     root       729594 Mar 10 16:59 System.map-2.4.20

-rw-r--r--    1 root     root       677511 Apr  1 20:37 System.map-2.4.20-r2

-rw-r--r--    1 root     root       706165 Mar 30 11:10 System.map-2.4.20.vanilla

-rw-r--r--    1 root     root       692867 Mar 30 19:50 System.map-2.4.21_pre6-gss

-rw-r--r--    1 root     root      2194694 Mar 10 16:59 kernel-2.4.20-r1

-rw-r--r--    1 root     root      1887701 Apr  1 20:37 kernel-2.4.20-r2

-rw-r--r--    1 root     root      1761627 Mar 30 11:11 kernel-2.4.20_vanilla

-rw-r--r--    1 root     root      1690716 Mar 30 19:50 kernel-2.4.21_pre6-gss

lrwxrwxrwx    1 root     root           22 Mar 30 15:52 vmlinuz -> kernel-2.4.21_pre6-gss

```

As you can see System.map and vmlinuz are a link to the active kernel. But this is more "convenience" and not really necessary. I read (suppose it was ksymoops man page but not sure) that the System.map will also be searched for in e.g. /usr/src/linux. Which is a symlink that points to the "active" kernel source directory. For vmlinuz I also don't really use(need) that link, in my lilo config I simply have a menu entry for every kernel, just directly using the kernel-<version> file.

So when trying another kernel you don't even _have_ to relink or switch something but simply boot using another grub/lilo menu entry as the only thing that doesn't fit then might be system map (if neither the link in boot nor the "linux" one under /usr/src is set correctly) but AFAIK System.map/Symbols are only needed for Ooops debugging anyway... (and even then you can boot a kernel, change the Symlink and kill -HUP Syslog and that's it...)

my lilo.conf (using software raid devices and serial console for debugging...)

```

prompt

map = /boot/System.map

lba32

timeout=30

delay = 30

vga = normal    # Normal VGA console

serial = 0,9600

image=/boot/kernel-2.4.21_pre6-gss

        label=2.4.21-gss

        read-only

        root=/dev/md1

image=/boot/kernel-2.4.20_vanilla

        label=linux-2.4.20

        read-only

        root=/dev/md1

image=/boot/kernel-2.4.20-r2

        label=gentoo-2.4.20r2

        read-only

        root=/dev/md1

        append="console=ttyS0,9600"

#image=/boot/kernel-2.4.20-r3

#       label=gentoo-2.4.20r3

#       read-only

#       root=/dev/md1

#       append="console=ttyS0,9600"

```

----------

## slaterson

auka,

i checked out the bug report from above (the bug at gentoo, not netfilter).  the conclusion was to emerge the gentoo sources without the iptables patches.  doesn't this kill ip masquarading/natting?

i have the identical system crash that is described in the bug report.

----------

## Auka

Hi slaterson. (first of all sorry for the delay in the answer...  :Wink:  )

Yes, it kills iptables and everything.  :Sad: 

I suppose it was meant as some kind of workaround or at least to narrow down on the possible source for the crash. (I am the reporter not the one who suggested this *g*). If you also have this problem maybe you should add some kind of "me too" note to the bugreport as it seams as if nothing happens at the moment regarding this matzter, though it seems quite sure that the cause of the problem is some bad iptables (and co) patch...

----------

## 69link

I went for the gaming-sources which seems to work nicely. But 2.4.21 is probably out soon, and then  :Smile: 

----------

