[Shorewall-users] shorewall reinstall

chris wudda at hotmail.com
Tue Dec 30 11:23:05 PST 2003


Hmmm. Ok, I'll reinstall iptables and see what happens. 

-----Original Message-----
From: Tom Eastep [mailto:teastep at shorewall.net] 
Sent: Tuesday, December 30, 2003 11:21 AM
To: Mailing List for Experienced Shorewall Users; chris
Subject: Re: [Shorewall-users] shorewall reinstall

On Tuesday 30 December 2003 11:11 am, chris wrote:
> I decided after a year to update my firewall install. Going from
Redhat 7.2
> and shorewall 1.2.x to Mandrake 9.2 and shorewall 1.4.8. I've compiled
a
> new 2.4.23 kernel with the appropriate network options, but I keep
getting
> an iptables error if I have anything in the masq file. If the masq
file is
> empty shorewall starts fine but I obviously cant do anything from my
> network.. I've even used the sample files from the two-interface
config on
> the shorewall site and it resulted in the same error..
>

> > output of trace
>
> + eval exists_nat_eth0_masq=Yes
> ++ exists_nat_eth0_masq=Yes
> + run_iptables2 -t nat -A eth0_masq -s 192.168.1.0/24 -d 0.0.0.0/0 -j
> MASQUERADE
> + '[' 'x-t nat -A eth0_masq -s 192.168.1.0/24 -d 0.0.0.0/0 -j
> + MASQUERADE'
> = 'x-t nat -A eth0_masq -s 192.168.1.0/24 -d 0.0.0.0/0 -j MASQUERADE'
']'
> + run_iptables -t nat -A eth0_masq -s 192.168.1.0/24 -d 0.0.0.0/0 -j
> MASQUERADE
> + iptables -t nat -A eth0_masq -s 192.168.1.0/24 -d 0.0.0.0/0 -j
> MASQUERADE
> iptables: Invalid argument
> + '[' -z '' ']'
> + stop_firewall
> + set +x

This almost always means that iptables was compiled against a different 
version of the netfilter headers than are in the current kernel.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list