This is could be caused by a number of things: > - A rule cannot be inserted into the "PREROUTING" chain of the > iptables "raw" table > - The "NOTRACK" iptables target is not found > - Connection tracking rule manipulation does not work > > The first two are easily test by adding a dummy iptables rule, such as > "iptables -t nat -A PREROUTING -s 1.2.3.4 -j NOTRACK". Try to see if > this works. If it does, perhaps some modules are automatically > installed by doing this, so after this you would be able to use > mediaproxy (maybe you forgot "modprobe ip_tables" that is normally > performed by the init script?).
siptest:~# iptables -t nat -A PREROUTING -s 1.2.3.4 -j NOTRACK iptables: Invalid argument Jun 8 21:38:18 siptest kernel: ip_tables: NOTRACK target: only valid in raw table, not nat This could be the simple answer due to the fact we are on a hosted kvm virtual machine: siptest:~# modprobe ip_tables FATAL: Could not load /lib/modules/2.6.29.2-bytemark-kvm-tickless-2009-05-05/modules.dep: No such file or directory siptest:~# lsmod Opening /proc/modules: No such file or directory I don't think this will ever work, although I did raise this with the hosting company at the time and received this reply: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Can you help me here? > > siptest:~# modprobe nf-conntrack > FATAL: Could not load /lib/modules/2.6.29.2-bytemark-kvm-tickless- > 2009-05-05/modules.dep: No such file or directory Our kernels are not compiled with module support... > siptest:~# depmod > WARNING: Couldn't open directory /lib/modules/2.6.29.2-bytemark-kvm- > tickless-2009-05-05: No such file or directory So this fails. > siptest:~# ls /boot/ > config-2.6.27.4 grub initrd.img-2.6.27.4 initrd.img-2.6.27.4.bak > System.map-2.6.27.4 vmlinuz-2.6.27.4 Take a look at the config file, or /proc/config.gz and you'll see that NF_CONNTRACK is set: kvm1:~# zgrep CONNTRACK= /proc/config.gz CONFIG_NF_CONNTRACK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y kvm1:~# uname -r 2.6.29.4-bytemark-kvm-tickless-2009-05-20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Conntrack manipulation is a bit harder to check, but you can at least > see if you can read connection tracking entries by installing the > conntrack tool and doing "conntrack -L". siptest:~# conntrack -L Operation failed: invalid parameters > Please let me know what the results of these tests are. _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users