| View previous topic :: View next topic |
| Author |
Message |
CinqueX
n00b
Joined: 26 Jan 2003
Posts: 58
|
 Posted: Sun Mar 23, 2003 7:32 pm Post subject: iptables broken in gentoo sources |
 |
|
Hi all,
I know about the re-emerge iptables fix, but this is a bug. This is not the case in any other distro I have ever used (Debian, Redhat, Suse?)
If you are running the latest gentoo-sources:linux-2.4.20-gentoo-r2
and have compiled netfilter/iptables with either modular or internal FULL NAT.
Please try the following commands as root :
| Code: |
iptables -A INPUT -p tcp --dport 9999 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 9999 -j REDIRECT --to-port 25
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
|
iptables -F INPUT
iptables -F OUTPUT
will flush those rules (and your own.. restart iptables script)
Please post your error result if any (you must of course have an eth0).
Both of these rules are valid rules, and have worked in the past on other distros. This is the exact characteristic of a poorly patched kernel source with the newnat patch of some time ago.
see: http://lists.netfilter.org/pipermail/netfilter-devel/2002-May/007878.html |
|
| Back to top |
|
 |
pfeifer
Retired Dev
Joined: 31 Aug 2002
Posts: 37
Location: 49 degrees north
|
| Posted: Mon Mar 24, 2003 3:29 am Post subject: |
|
|
Works fine for me on gentoo-sources-2.4.20-r2.
Are you just getting 'Invalid argument'?
And this is after a 'emerge -C iptables' & 'emerge iptables'?
Thanks,
Jay |
|
| Back to top |
|
|
Vanquirius
Retired Dev
Joined: 14 Jun 2002
Posts: 1297
Location: Ethereal plains
|
| Posted: Mon Mar 24, 2003 3:39 am Post subject: |
|
|
It works fine here after re-emerging iptables (gentoo-sources-2.4.20-rc2).
_________________
Hello. |
|
| Back to top |
|
|
phunkphorce
Tux's lil' helper
Joined: 22 Nov 2002
Posts: 145
|
| Posted: Mon Mar 24, 2003 10:58 pm Post subject: |
|
|
I was experiencing the same problem until I found this thread. For once in my life I was thinking that it was my own stupidity even though there was no apparent mistake in the iptables command I was using, and even though it was working fine with the previous kernel version.
Does anybody have more information about why this happened? Was it a bug in the kernel package? A bug in the iptables package? I really think that this information should have been spreaded around faster. Having seen this, or better, having believed in the first place that it wasn't me but that there was a real bug, it would have saved some time. I don't really depend on iptables (I only use it to give internet access to my Linux-enabled iPaq) but it was a bit annoying to see that all of a sudden it wasn't working...
Maybe next time.
_________________
O God, Thou art in Heaven...
...please stay there! |
|
| Back to top |
|
|
phong
Bodhisattva
Joined: 16 Jul 2002
Posts: 778
Location: Michigan - 15 & Ryan
|
| Posted: Thu Mar 27, 2003 11:33 pm Post subject: |
|
|
I had the same problem and thought I was suddenly on crack (didn't SEEM to happen immediately after the kernel upgrade). Re-emerging iptables fixed it for me.
_________________
"An empty head is not really empty; it is stuffed with rubbish. Hence the difficulty of forcing anything into an empty head."
-- Eric Hoffer |
|
| Back to top |
|
|
Auka
Tux's lil' helper
Joined: 01 Jul 2002
Posts: 110
Location: Germany
|
| Posted: Sun Mar 30, 2003 8:01 pm Post subject: |
|
|
aaaaah. And I was switching to vanilla-sources, to gs-sources, back to gentoo.sources and recompiling my kernel half a dozend times until I saw this thread - I thought my modules/NAT setup was somehow broken. Well could have thought of this earlier. *sigh* :-/ 
But as I also had frequent (reproducable) Kernel Oops in pppoe using gentoo-sources (which do not appear with vanilla sources and gs-sources) at least all this recompiling wasn't for nothing...  |
|
| Back to top |
|
|
|
Networking & Security
