I really don't know how to track this problem to its source, so I was
hoping someone could enlighten me.
The problem illustrated here:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables: Invalid argument
This box is a gentoo running iptables-1.2.8-r1 and linux-2.5.70-mm3.
Config attached.
On Wed, Jun 04, 2003 at 12:26:38PM -0500, Shawn wrote:
> I really don't know how to track this problem to its source, so I was
> hoping someone could enlighten me.
Since this seems to be an iptables usage problem, please direct further
questions to [email protected] (see
http://www.netfilter.org/contact.html for more info)
> The problem illustrated here:
> # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> iptables: Invalid argument
>
> This box is a gentoo running iptables-1.2.8-r1 and linux-2.5.70-mm3.
> Config attached.
This sounds like your iptables userspace command was compiled for a
kernel with different headers. Please rebuild iptables and make sure it
actually uses the headers of your 2.5.70-mm3 kernel.
--
- Harald Welte <[email protected]> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
This would be great, except for iptables does not build against
linux-2.5.70-mm3 due to lack of IPT_PHYSDEV_OP_MATCH_IN and
IPT_PHYSDEV_OP_MATCH_OUT.
For that matter, there is no IPT_PHYSDEV_OP_MATCH* at all in the kernel
source.
On Wed, 2003-06-04 at 13:07, Harald Welte wrote:
> On Wed, Jun 04, 2003 at 12:26:38PM -0500, Shawn wrote:
> > The problem illustrated here:
> > # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > iptables: Invalid argument
> >
> > This box is a gentoo running iptables-1.2.8-r1 and linux-2.5.70-mm3.
> > Config attached.
>
> This sounds like your iptables userspace command was compiled for a
> kernel with different headers. Please rebuild iptables and make sure it
> actually uses the headers of your 2.5.70-mm3 kernel.
On Wed, 2003-06-04 at 20:22, Shawn wrote:
> This would be great, except for iptables does not build against
> linux-2.5.70-mm3 due to lack of IPT_PHYSDEV_OP_MATCH_IN and
> IPT_PHYSDEV_OP_MATCH_OUT.
>
> For that matter, there is no IPT_PHYSDEV_OP_MATCH* at all in the kernel
> source.
Use development iptables for a development kernel.
See http://netfilter.org/downloads.html#cvs
--
/Martin
Awesome, thanks.
On Wed, 2003-06-04 at 13:27, Martin Josefsson wrote:
> On Wed, 2003-06-04 at 20:22, Shawn wrote:
> > This would be great, except for iptables does not build against
> > linux-2.5.70-mm3 due to lack of IPT_PHYSDEV_OP_MATCH_IN and
> > IPT_PHYSDEV_OP_MATCH_OUT.
> >
> > For that matter, there is no IPT_PHYSDEV_OP_MATCH* at all in the kernel
> > source.
>
> Use development iptables for a development kernel.
>
> See http://netfilter.org/downloads.html#cvs