| View previous topic :: View next topic |
| Author |
Message |
JaquesStrap
n00b
Joined: 01 Jul 2003
Posts: 47
|
 Posted: Sun Jan 25, 2004 10:35 pm Post subject: iptables: Invalid argument |
 |
|
With the 2.4.22 series of kernels the following command fails with the error "iptables: Invalid argument"
iptables -t nat -A POSTROUTING -o ppp0 -s 10.0.0.0/24 -j SNAT --to-source XXX.XXX.XXX.XXX
I can boot back to 2.4.20 and everything works fine.
Any suggestions are appreciated.
-JS
| Code: |
Linux Hades 2.4.22-gentoo-r5 #2 Sat Jan 24 12:42:10 EST 2004 i686 AMD Duron(tm) processor AuthenticAMD GNU/Linux
Module Size Used by Not tainted
ipt_TOS 1048 16 (autoclean)
ipt_REJECT 3512 1 (autoclean)
ipt_LOG 3384 113 (autoclean)
iptable_filter 1740 1 (autoclean)
iptable_mangle 2136 1
ipt_state 568 11
ipt_limit 888 114
ipt_tos 472 0 (unused)
ip_conntrack_ftp 3792 1 (autoclean)
ip_nat_ftp 2832 0 (unused)
ip_nat_irc 2192 0 (unused)
iptable_nat 17752 2 [ip_nat_ftp ip_nat_irc]
ip_tables 12000 11 [ipt_TOS ipt_REJECT ipt_LOG iptable_filter iptable_mangle ipt_state ipt_limit ipt_tos iptable_nat]
ip_conntrack_irc 2800 1
ip_conntrack 18216 4 [ipt_state ip_conntrack_ftp ip_nat_ftp ip_nat_irc iptable_nat ip_conntrack_irc]
ppp_synctty 5376 0 (unused)
ppp_async 6656 1
autofs 10420 0 (unused)
pppox 1176 0 (unused)
ppp_generic 19228 3 [ppp_synctty ppp_async pppox]
slhc 4976 0 [ppp_generic]
via-rhine 13552 1
crc32 2880 0 [via-rhine]
3c59x 26832 1
eth0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:224 errors:0 dropped:0 overruns:0 frame:0
TX packets:495 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:36254 (35.4 Kb) TX bytes:50827 (49.6 Kb)
Interrupt:10 Base address:0xd000
eth1 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:441 errors:0 dropped:0 overruns:0 frame:0
TX packets:322 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:46223 (45.1 Kb) TX bytes:44943 (43.8 Kb)
Interrupt:11 Base address:0xe800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:222 errors:0 dropped:0 overruns:0 frame:0
TX packets:222 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17817 (17.3 Kb) TX bytes:17817 (17.3 Kb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:XXX.XXX.XXX.XXX P-t-P:XXX.XXX.XXX.XXX Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:206 errors:0 dropped:0 overruns:0 frame:0
TX packets:476 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:30573 (29.8 Kb) TX bytes:39155 (38.2 Kb)
|
|
|
| Back to top |
|
 |
Baldzius
Apprentice
Joined: 17 Mar 2003
Posts: 154
Location: Lithuania
|
| Posted: Mon Jan 26, 2004 1:55 pm Post subject: |
|
|
Not sure , but you can try this:
iptables -t nat -A POSTROUTING -p ALL -o ppp0 -s 10.0.0.0/24 -j SNAT --to-source XXX.XXX.XXX.XXX |
|
| Back to top |
|
|
JaquesStrap
n00b
Joined: 01 Jul 2003
Posts: 47
|
| Posted: Mon Jan 26, 2004 8:02 pm Post subject: I tried that, same thing... |
|
|
I tried your suggestion and same error message.
Thanks for the reply.
-JS |
|
| Back to top |
|
|
dsd
Developer
Joined: 30 Mar 2003
Posts: 2162
Location: nr London
|
| Posted: Mon Jan 26, 2004 8:05 pm Post subject: |
|
|
hi,
recompile iptables under 2.4.22 and try again.
_________________
http://dev.gentoo.org/~dsd |
|
| Back to top |
|
|
oegat
n00b
Joined: 12 Apr 2003
Posts: 41
Location: Sweden
|
| Posted: Mon Jan 26, 2004 11:33 pm Post subject: |
|
|
| dsd wrote: | hi,
recompile iptables under 2.4.22 and try again. |
...and make sure the symlink /usr/src/linux points to the sources of the current kernel. I had the same problem and that little detail buggered me for a couple of days. |
|
| Back to top |
|
|
triwebb1
Tux's lil' helper
Joined: 19 Oct 2003
Posts: 87
|
| Posted: Tue Jan 27, 2004 1:06 am Post subject: |
|
|
| If it doesn't owrk after you recompile it, try dropping the subnet mask. I am pretty sure it defaults to a /24 subnet anyway, and I've found that the "/" doesn't always work. I did think that iptables accepts it though....... |
|
| Back to top |
|
|
triwebb1
Tux's lil' helper
Joined: 19 Oct 2003
Posts: 87
|
| Posted: Tue Jan 27, 2004 1:06 am Post subject: |
|
|
| If it doesn't work after you recompile it, try dropping the subnet mask. I am pretty sure it defaults to a /24 subnet anyway, and I've found that the "/" doesn't always work. I did think that iptables accepts it though....... |
|
| Back to top |
|
|
Baldzius
Apprentice
Joined: 17 Mar 2003
Posts: 154
Location: Lithuania
|
| Posted: Tue Jan 27, 2004 10:46 am Post subject: |
|
|
Try removing -s key:
iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source XXX.XXX.XXX.XXX
 |
|
| Back to top |
|
|
jmoeller
Tux's lil' helper
Joined: 07 Nov 2003
Posts: 114
Location: USA
|
| Posted: Sat Jan 31, 2004 9:18 am Post subject: |
|
|
| dsd wrote: | hi,
recompile iptables under 2.4.22 and try again. |
Thanks for the tip, dsd. That's what worked for me.
_________________
Cogito sumere potum alterum. |
|
| Back to top |
|
|
JaquesStrap
n00b
Joined: 01 Jul 2003
Posts: 47
|
| Posted: Mon Feb 09, 2004 3:49 am Post subject: |
|
|
I never did manage to resolve this issue. I always get the "invalid option" error. I just tried with a 2.6.1 kernel and its the same thing.
Thanks for the suggestions all, looks like Ill be stuck with the older kernel for a while longer. |
|
| Back to top |
|
|
masseya
Bodhisattva
Joined: 17 Apr 2002
Posts: 2602
Location: Baltimore, MD
|
| Posted: Mon Feb 09, 2004 5:41 pm Post subject: |
|
|
Moving from Networking and Security.
Please follow up to iptables invalid argument..
There are a great number of threads that are essentially dupes of this topic, so if you feel that something in this thread should go in the sticky thread, please re-post it there or provide a link back here. As always, please PM a moderator if you feel this thread is significantly different than any other thread and was inadvertently locked.
Thanks to nephros for pointing out the dupes.
_________________
if i never try anything, i never learn anything..
if i never take a risk, i stay where i am.. |
|
| Back to top |
|
|
|
Duplicate Threads
