On Thu, 13 Nov 2003 12:50:30 +1100 [EMAIL PROTECTED] wrote: > Hello > > I recently discovered that iptables 1.2.8 nat command does not work fully in > 9.2 on i586 > > Something like this: > > iptables -t nat -A PREROUTING -i eth0 -d xx.xx.xx.xx -p tcp -m tcp --dport > 23 -j DNAT --to-destination yy.yy.yy.yy:23 > > wont work with "invalid" error message. I made this command up but the exact > command is not important, but DNAT to a different destination and even just > REDIRECT to a different port is giving the invalid error message.
It's because the mandrake kernel uses patches from patch-o-matic. In 9.1 this didn't give problems, but in 9.2 it apparently did (hum, it was even a netfilter faq). It was reported as a bug here: http://qa.mandrakesoft.com/show_bug.cgi?id=5454 The bugreport has links to rpms which are built on a vanilla kernel-source, and they should work on 2.4-vanilla and 2.6. This problem was first reported for just not working with 2.6, and therefore the solution was to make a iptables_kernel-2.6 package in contribs. This one should work on 2.4-vanilla as well. Should this be made into an Errata? What do people think? And there should come a package like iptables_vanilla, which has been built against a vanilla kernel-source. How should it be done, as an extra source package, or should it be built from the normal iptables package, where it has 2 buildprocesses, once against a mandrake kernel, and once against a vanilla kernel? What do you think Juan? If you don't reply I guess we should make a contrib package iptables_vanilla which is being kept in sync with the iptables package in main. -- Marcel Pol