Meelis Roos wrote: >> Then lets try something different. Please enable the >> DEBUG_IP_FIREWALL_USER define in net/ipv4/netfilter/ip_tables.c and >> post the results, if any. > > > On bootup I get this in dmesg (one Bad offset has been added): > > ip_tables: (C) 2000-2006 Netfilter Core Team > Netfilter messages via NETLINK v0.30. > ip_conntrack version 2.4 (1536 buckets, 12288 max) - 224 bytes per > conntrack > translate_table: size 632 > Bad offset cb437924 > ip_nat_init: can't setup rules. > > And on iptables -t nat -L > > translate_table: size 632 > Bad offset cb4368f4 > ip_nat_init: can't setup rules. > translate_table: size 632 > Bad offset cb4368f4 > ip_nat_init: can't setup rules. > > Seems iptable_nat does not load at all this time. > > Modprobe iptable_filter still fails, dmesg contains > translate_table: size 632 > Finished chain 1 > Finished chain 2 > Finished chain 3 > > Next modprobe iptable_nat gives > > translate_table: size 632 > Bad offset c8e01944 > ip_nat_init: can't setup rules.
Very strange, this means that the initial table data must somehow be wrong, but for some reason it still seems to get past the size and offset checks for the filter table. I can't see how loading the filter table could fail after the "Finished chain .." messages without another message. Which kernel version did you perform these test on? - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
