[Shorewall-users] shorewall reinstall

Tom Eastep teastep at shorewall.net
Tue Dec 30 11:21:10 PST 2003


On Tuesday 30 December 2003 11:11 am, chris wrote:
> I decided after a year to update my firewall install. Going from Redhat 7.2
> and shorewall 1.2.x to Mandrake 9.2 and shorewall 1.4.8. I've compiled a
> new 2.4.23 kernel with the appropriate network options, but I keep getting
> an iptables error if I have anything in the masq file. If the masq file is
> empty shorewall starts fine but I obviously cant do anything from my
> network.. I've even used the sample files from the two-interface config on
> the shorewall site and it resulted in the same error..
>

> > output of trace
>
> + eval exists_nat_eth0_masq=Yes
> ++ exists_nat_eth0_masq=Yes
> + run_iptables2 -t nat -A eth0_masq -s 192.168.1.0/24 -d 0.0.0.0/0 -j
> MASQUERADE
> + '[' 'x-t nat -A eth0_masq -s 192.168.1.0/24 -d 0.0.0.0/0 -j
> + MASQUERADE'
> = 'x-t nat -A eth0_masq -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASQUERADE' ']'
> + run_iptables -t nat -A eth0_masq -s 192.168.1.0/24 -d 0.0.0.0/0 -j
> MASQUERADE
> + iptables -t nat -A eth0_masq -s 192.168.1.0/24 -d 0.0.0.0/0 -j
> MASQUERADE
> iptables: Invalid argument
> + '[' -z '' ']'
> + stop_firewall
> + set +x

This almost always means that iptables was compiled against a different 
version of the netfilter headers than are in the current kernel.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list