RE: [gentoo-user] iptables 1.2.8 problem

[Jeffrey Smelser]

sounds to me like you got two versions of iptables running.. which iptables to find 
it. Hopefully its something you did and not a rootkit...

-Original Message-
From: downtime null [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 19, 2003 1:39 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [gentoo-user] iptables 1.2.8 problem


i emerged iptables again ('emerge -p iptabes' showed that it was't
installed), mv the new init script over and restarted it. i'm still
getting the same error.

then, on kind of a fluke, i added the path to the executable on the
command line, and it accepts the command.

go figure.

> I read this warning was a result of some patches placed on the 2.4.20-r6 
> kernel(saw this when I emerged the -r6 kernel), and the solution was to 
> re-emerge iptables.
> 
> Fred Clausen
> 
> 
> --
> [EMAIL PROTECTED] mailing list
> 

--
[EMAIL PROTECTED] mailing list


--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] iptables 1.2.8 problem

[downtime null]

i emerged iptables again ('emerge -p iptabes' showed that it was't
installed), mv the new init script over and restarted it. i'm still
getting the same error.

then, on kind of a fluke, i added the path to the executable on the
command line, and it accepts the command.

go figure.

> I read this warning was a result of some patches placed on the 2.4.20-r6 
> kernel(saw this when I emerged the -r6 kernel), and the solution was to 
> re-emerge iptables.
> 
> Fred Clausen
> 
> 
> --
> [EMAIL PROTECTED] mailing list
> 

--
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] iptables 1.2.8 problem

[Fred Clausen]

downtime null wrote:

apparently iptables was upgraded in my last 'emerge -u world' or
something. anyway, something has changed and a command that used to
work doesn't now. the command was :
# iptables -t nat -A POSTROUTING -j SNAT -o eth0 --to 10.1.0.27

now it says "iptables: Invalid argument"

so i discovered that '--to' is no longer valid (it's not in the man
page if it is). when i remove '--to 10.1.0.27' iptables says "iptables
v1.2.8: You must specify --to-source". i modified the command to be :
# iptables -vv -t nat -A POSTROUTING -j SNAT -o eth0 --to-source 10.1.0.27

i don't know what i'm doing wrong, but iptables replies with :

SNAT  all opt -- in * out eth0  0.0.0.0/0  -> 0.0.0.0/0  to:10.1.0.27
libiptc v1.2.8.  5 entries, 784 bytes.
Table `nat'
Hooks: pre/in/fwd/out/post = 0/0/0/460/148
Underflows: pre/in/fwd/out/post = 0/0/0/460/312
Entry 0 (0):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/to `'/
Protocol: 0
Flags: 00
Invflags: 00
Counters: 2735 packets, 356607 bytes
Cache: 
Target name: `' [36]
verdict=NF_ACCEPT
Entry 1 (148):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/to `eth0'/X...
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 4008 UNKNOWN IP_IF_OUT
Target name: `SNAT' [52]
Entry 2 (312):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/to `'/
Protocol: 0
Flags: 00
Invflags: 00
Counters: 5650 packets, 364518 bytes
Cache: 
Target name: `' [36]
verdict=NF_ACCEPT
Entry 3 (460):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/to `'/
Protocol: 0
Flags: 00
Invflags: 00
Counters: 5646 packets, 364237 bytes
Cache: 
Target name: `' [36]
verdict=NF_ACCEPT
Entry 4 (608):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/to `'/
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 
Target name: `ERROR' [64]
error=`ERROR'
iptables: Invalid argument

--
[EMAIL PROTECTED] mailing list
 

I read this warning was a result of some patches placed on the 2.4.20-r6 
kernel(saw this when I emerged the -r6 kernel), and the solution was to 
re-emerge iptables.

Fred Clausen

--
[EMAIL PROTECTED] mailing list