I am having a similar problem as in the following post: >On Thu, 4 Jul 2002, Luigi Capriotti wrote:
>> I'm trying to configure Bering with masqueraded subnets (by means of >> shorewall), but as soon as I put a line in the masq file I receive this: >> >> iptables: invalid arguments >> >> By stepping into the shorewall file I've realised that the offending >> command is the following: >> >> iptables -t nat -A POSTROUTING -s 192.168.1.128/25 -d 0.0.0.0/0 -o eth0 >> -j MASQUERADE >> >> (where 192.168.1.128/25 is my local net on eth1) >> >> and specifically the problematic argument is -j MASQUERADE. >> >> Given the fact that all iptables modules are included in the kernel by >> design, what's the clue, please? >> > >Hmmm -- sure looks like your kernel doesn't have nat support. Does "grep >ip_nat_protocol_register /proc/ksyms" return anything? > >-Tom >-- >Tom Eastep \ Shorewall - iptables made easy >AIM: tmeastep \ http://www.shorewall.net >ICQ: #60745924 \ [EMAIL PROTECTED] My problematic line is: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE Which gives me the same error message: iptables: Invalid argument I have looked in /proc/ksyms, and ip_nat_protocol_register is not there. I have built my own kernel using a vanila 2.4.18 kernel tree. On the other hand, I am certain that I have not missed any NAT related kernel configuration options. The output of a "grep ip_nat /proc/ksyms" gives me: c022d070 ip_nat_setup_info_Rf24f02af c022c73c ip_nat_helper_register_R6f4a7751 c022c844 ip_nat_helper_unregister_R5498c7d6 c022c17c ip_nat_expect_register_R94552a50 c022c1b4 ip_nat_expect_unregister_R6ff63254 c022c944 ip_nat_cheat_check_R1e4e73a8 c022c220 ip_nat_mangle_tcp_packet_R69b3a8b1 c022c5ec ip_nat_seq_adjust_Rb5b764fc c022c698 ip_nat_delete_sack_Rab840625 At the end of this message is a sample from my kernel config file. Which kernel option is supposed to provide the ip_nat_protocol_register function?? I am obviously missing something, because the kernel that is bundled with the Bering 1.0_rc3 package does not have this problem, and yet I cannot see any significant differences between the config files (assuming that the Bering_1.0-rc1_kernel_2.4.18.bz2 file contains the latest one, since that seems to be the only one available for download). Curiously, on a perhaps unrelated note, my pppd seems to be complaining that PPP is not supported by my kernel either, and yet I have included that as well. This system is essentially an upgrade from a 2.2.19 kernel, which I had no problems with. Thank you Patrick # # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y CONFIG_NETLINK_DEV=y CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_FILTER=y CONFIG_UNIX=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_NAT=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_TOS=y # CONFIG_IP_ROUTE_VERBOSE is not set # CONFIG_IP_ROUTE_LARGE_TABLES is not set # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y # CONFIG_ARPD is not set # CONFIG_INET_ECN is not set CONFIG_SYN_COOKIES=y # # IP: Netfilter Configuration # CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_FTP=y CONFIG_IP_NF_IRC=y # CONFIG_IP_NF_QUEUE is not set CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_LIMIT=y CONFIG_IP_NF_MATCH_MAC=y CONFIG_IP_NF_MATCH_MARK=y CONFIG_IP_NF_MATCH_MULTIPORT=y CONFIG_IP_NF_MATCH_TOS=y CONFIG_IP_NF_MATCH_AH_ESP=y CONFIG_IP_NF_MATCH_LENGTH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_TCPMSS=y CONFIG_IP_NF_MATCH_STATE=y # CONFIG_IP_NF_MATCH_UNCLEAN is not set # CONFIG_IP_NF_MATCH_OWNER is not set CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y # CONFIG_IP_NF_TARGET_MIRROR is not set CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y # CONFIG_IP_NF_NAT_SNMP_BASIC is not set CONFIG_IP_NF_NAT_IRC=y CONFIG_IP_NF_NAT_FTP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_TOS=y CONFIG_IP_NF_TARGET_MARK=y CONFIG_IP_NF_TARGET_LOG=y # CONFIG_IP_NF_TARGET_ULOG is not set # CONFIG_IP_NF_TARGET_TCPMSS is not set CONFIG_IPV6=m ... ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html