I have a debian firewall image that I have created. I just installed it on 2 different machines(they have the same type of nic) and only one gets this error. Any ideas? Kernel 2.4.21 shorewall 1.4.6b debian woody 8139too Fast Ethernet PC1: ReiserFS version 3.6.25 reiserfs: checking transaction log (device 03:04) ... Using r5 hash to sort names ReiserFS version 3.6.25 eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 41e1. ASSERT ip_conntrack_core.c:625 &ip_conntrack_lock not readlocked ASSERT ip_conntrack_core.c:625 &ip_conntrack_lock not readlocked PC2: Using r5 hash to sort names ReiserFS version 3.6.25 reiserfs: checking transaction log (device 03:04) ... Using r5 hash to sort names ReiserFS version 3.6.25 eth0: Setting half-duplex based on auto-negotiated partner ability 0000. eth0: Setting half-duplex based on auto-negotiated partner ability 0000. PS: They are on different networks as well. One is a 10.142.0.### and the other is a real ip 24.222.35.### Not sure if that matters or not. -- Joe *** I can only please one person a day. Today is not your day and tomorrow doesn''t look good either. ***
On Thu, 2003-08-14 at 10:25, Joe Gofton wrote:> I have a debian firewall image that I have created. I just installed it > on 2 different machines(they have the same type of nic) and only one gets > this error. Any ideas? >Please search the mailing list archives for ASSERT -- should tell you everything you wanted to know and more. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
I just tried commenting out all the lines in the /etc/shorewall/modules (since its all compiled into the kernel) and after a reboot I didn''t get the error. When I uncommented them it came back. Hmmmmmmmm.> On Thu, 2003-08-14 at 10:25, Joe Gofton wrote: >> I have a debian firewall image that I have created. I just installed it >> on 2 different machines(they have the same type of nic) and only one >> gets >> this error. Any ideas? >> > > Please search the mailing list archives for ASSERT -- should tell you > everything you wanted to know and more. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > http://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >-- Joe *** I can only please one person a day. Today is not your day and tomorrow doesn''t look good either. ***
On Thu, 2003-08-14 at 10:40, Joe Gofton wrote:> I just tried commenting out all the lines in the /etc/shorewall/modules > (since its all compiled into the kernel) and after a reboot I didn''t get > the error. When I uncommented them it came back. Hmmmmmmmm. >So what''s your point? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
No point really. Just happy the error is not there. Turns out it is the line: loadmodule ip_nat_ftp that caused this. Don''t need it so don''t care.> On Thu, 2003-08-14 at 10:40, Joe Gofton wrote: >> I just tried commenting out all the lines in the /etc/shorewall/modules >> (since its all compiled into the kernel) and after a reboot I didn''t get >> the error. When I uncommented them it came back. Hmmmmmmmm. >> > > So what''s your point? > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > http://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >-- Joe *** I can only please one person a day. Today is not your day and tomorrow doesn''t look good either. ***
On Thu, 2003-08-14 at 10:59, Joe Gofton wrote:> No point really. Just happy the error is not there. > > Turns out it is the line: > loadmodule ip_nat_ftp that caused this. Don''t need it so don''t care. >The point is that it''s just a debugging message anyway -- goes away if the kernel is compiled without netfilter debugging IIRC. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net