[Shorewall-users] shorewall reinstall

chris wudda at hotmail.com
Tue Dec 30 11:23:05 PST 2003

Hmmm. Ok, I'll reinstall iptables and see what happens. 

-----Original Message-----
From: Tom Eastep [mailto:teastep at shorewall.net] 
Sent: Tuesday, December 30, 2003 11:21 AM
To: Mailing List for Experienced Shorewall Users; chris
Subject: Re: [Shorewall-users] shorewall reinstall

On Tuesday 30 December 2003 11:11 am, chris wrote:
> I decided after a year to update my firewall install. Going from
Redhat 7.2
> and shorewall 1.2.x to Mandrake 9.2 and shorewall 1.4.8. I've compiled
> new 2.4.23 kernel with the appropriate network options, but I keep
> an iptables error if I have anything in the masq file. If the masq
file is
> empty shorewall starts fine but I obviously cant do anything from my
> network.. I've even used the sample files from the two-interface
config on
> the shorewall site and it resulted in the same error..

> > output of trace
> + eval exists_nat_eth0_masq=Yes
> ++ exists_nat_eth0_masq=Yes
> + run_iptables2 -t nat -A eth0_masq -s -d -j
> + '[' 'x-t nat -A eth0_masq -s -d -j
> = 'x-t nat -A eth0_masq -s -d -j MASQUERADE'
> + run_iptables -t nat -A eth0_masq -s -d -j
> + iptables -t nat -A eth0_masq -s -d -j
> iptables: Invalid argument
> + '[' -z '' ']'
> + stop_firewall
> + set +x

This almost always means that iptables was compiled against a different 
version of the netfilter headers than are in the current kernel.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list