| View previous topic :: View next topic |
| Author |
Message |
diebels
n00b
Joined: 29 Aug 2003
Posts: 67
Location: Arendal, Norge
|
 Posted: Fri Aug 29, 2003 12:28 am Post subject: iptables: Invalid argument |
 |
|
Never mind. I was stupid enough not to read /etc/conf.d/iptables until now.
Setting
ENABLE_FORWARDING_IPv4="yes"
solves the problem, and everything is fine  |
|
| Back to top |
|
 |
aja
l33t
Joined: 26 Aug 2002
Posts: 705
Location: Edmonton, Canada
|
| Posted: Wed Oct 15, 2003 8:53 pm Post subject: |
|
|
| In the future, could you leave the original problem text if you discover the solution yourself? That way, people searching who are having the same issue could benefit. |
|
| Back to top |
|
|
diebels
n00b
Joined: 29 Aug 2003
Posts: 67
Location: Arendal, Norge
|
| Posted: Tue Jan 13, 2004 8:32 pm Post subject: |
|
|
Oh, sorry. This was my first setup of network and i did not read the kernel help text below thourough enough. And i guess editing of the | Code: | | /etc/conf.d/iptables |
is the best way to do this. I thought this was a to stupid mistake that many others would experience the same. That's why I deleted most of the post to save the performance of the forums. Now there's a lot of searchable keywords here:
| Code: | CONFIG_IP_ADVANCED_ROUTER:
If you intend to run your Linux box mostly as a router, i.e. as a computer that forwards and redistributes network packets, say Y; you will then be presented with several options that allow more precise control about the routing process.
The answer to this question won't directly affect the kernel: answering N will just cause the configurator to skip all the questions about advanced routing.
Note that your box can only act as a router if you enable IP forwarding in your kernel; you can do that by saying Y to "/proc file system support" and "Sysctl support" below and executing the line
echo "1" > /proc/sys/net/ipv4/ip_forward
at boot time after the /proc file system has been mounted.
If you turn on IP forwarding, you will also get the rp_filter, which automatically rejects incoming packets if the routing table entry for their source address doesn't match the network interface they're arriving on. This has security advantages because it prevents the so-called IP spoofing, however it can pose problems if you use asymmetric routing (packets from you to a host take a different path than packets from that host to you) or if you operate a non-routing host which has several IP addresses on different interfaces. To turn rp_filter off use:
echo 0 > /proc/sys/net/ipv4/conf/<device>/rp_filter
or
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
If unsure, say N here. |
_________________
--
Anders
http://anders.arendal.no |
|
| Back to top |
|
|
aja
l33t
Joined: 26 Aug 2002
Posts: 705
Location: Edmonton, Canada
|
| Posted: Tue Jan 13, 2004 8:48 pm Post subject: |
|
|
ta.  |
|
| Back to top |
|
|
|
Networking & Security
