[Shorewall-users] shorewall reinstall

chris wudda at hotmail.com
Tue Dec 30 11:11:31 PST 2003

I decided after a year to update my firewall install. Going from Redhat 7.2
and shorewall 1.2.x to Mandrake 9.2 and shorewall 1.4.8. I've compiled a new
2.4.23 kernel with the appropriate network options, but I keep getting an
iptables error if I have anything in the masq file. If the masq file is
empty shorewall starts fine but I obviously cant do anything from my
network.. I've even used the sample files from the two-interface config on
the shorewall site and it resulted in the same error.. 

Heres some output for debugging:

> shorewall version

> ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet brd scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:a0:cc:56:b7:d6 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:90:27:a5:59:53 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth1

> ip route show dev eth1  scope link dev eth0  scope link dev lo  scope link 
default via dev eth0 

> output of trace
+ eval exists_nat_eth0_masq=Yes
++ exists_nat_eth0_masq=Yes
+ run_iptables2 -t nat -A eth0_masq -s -d -j
+ '[' 'x-t nat -A eth0_masq -s -d -j 
= 'x-t nat -A eth0_masq -s -d -j MASQUERADE' ']'
+ run_iptables -t nat -A eth0_masq -s -d -j
+ iptables -t nat -A eth0_masq -s -d -j
iptables: Invalid argument
+ '[' -z '' ']'
+ stop_firewall
+ set +x
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 4816 bytes
Desc: not available
Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20031230/908c53ff/winmail.bin

More information about the Shorewall-users mailing list