iptables - "invalid argument" error ?

Hello everyone,

Why does this entry below result in a iptables error message?

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE

Results in "iptables: invalid argument"

And where might I find any documentation on the error messages for iptables?

Thanks

Luther

martin02 wrote:
> Why does this entry below result in a iptables error message?
>
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
>
> Results in "iptables: invalid argument"
>
> And where might I find any documentation on the error messages for iptables?

One thing I can think of is that the nat table is not supported by Your
kernel. - In /var/log/messages, You might see a corresponding message.

Try lsmod and in Your kernel tree, see /net/ipv4/netfilter for the names
of the modules that You might need, especially all *nat* modules.

Then, You could try to insmod or modprobe these modules, where the ones
starting with "iptable_*" are the tables, "ipt_*" with capital letters
are Your targets and all others are matches.

This will also help with Your problem in the other thread You started.


Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

On Fri, 03 Oct 2003 15:02:44 -0400, martin02 <(E-Mail Removed)>
fought his way into comp.os.linux.networking, paused briefly and let forth
upon the unsuspecting patrons the following literary masterpiece:
:
:Hello everyone,
:
:Why does this entry below result in a iptables error message?
:
:iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
:
:Results in "iptables: invalid argument"
:
:And where might I find any documentation on the error messages for iptables?
:
:Thanks
:
:Luther

I'm not sure if this will cure your problem but you may find specifying the
output device works. Obviously replace $EXTIF with the appropriate device
(eg. eth0).

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o $EXTIF -j MASQUERADE
--
gpuk
E-mail? Remove the BLOCK to reply

jack wrote:

> martin02 wrote:
>> Why does this entry below result in a iptables error message?
>>
>> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
>>
>> Results in "iptables: invalid argument"
>>
>> And where might I find any documentation on the error messages for
>> iptables?
>
> One thing I can think of is that the nat table is not supported by Your
> kernel. - In /var/log/messages, You might see a corresponding message.
>
> Try lsmod and in Your kernel tree, see /net/ipv4/netfilter for the names
> of the modules that You might need, especially all *nat* modules.
>
> Then, You could try to insmod or modprobe these modules, where the ones
> starting with "iptable_*" are the tables, "ipt_*" with capital letters
> are Your targets and all others are matches.
>
> This will also help with Your problem in the other thread You started.
>
>
> Cheers, Jack.
>

Hi Jack,

Thanks again for trying to help out.

I am starting to think that the version of iptables I have installed is
important. I am running version 1.2.7a

No errors recorded in the log. These are the only references to iptables in
the log at the approx. time period of the errors.

Oct 5 14:29:45 lutherp11 kernel: device ppp0 entered promiscuous mode
Oct 5 14:46:09 lutherp11 kernel: ip_tables: (C) 2000-2002 Netfilter core
team
Oct 5 14:46:09 lutherp11 kernel: ip_conntrack version 2.1 (5887 buckets,
47096 max) - 300 bytes per conntrack

With verbose turned on I get the following if that is of any help:
"iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
--verbose"

MASQUERADE all opt -- in * out eth0 192.168.1.0/24 -> 0.0.0.0/0
iptables: Invalid argument

lsmod shows:
Module Size Used by Not tainted
ipt_MASQUERADE 1272 0 (autoclean)
iptable_nat 15224 0 (autoclean) [ipt_MASQUERADE]
ip_conntrack 18400 1 (autoclean) [ipt_MASQUERADE iptable_nat]
ip_tables 11672 4 [ipt_MASQUERADE iptable_nat]
I don't see any other references to ip* listed

I haven't been able to find "/net/ipv4/netfilter" yet. Probably because I
am running Mandi distro or perhaps I haven't gotten iptables running at
boot. The closest thing I can find is /proc/net and /proc/sys/net neither
of which pan out to a "netfiter". So will have to keep looking for the list
you mention.

I am not far from believing that this is a syntax error in iptables v1.2.7a
in the POSTROUTING/MASQ/SNAT section of the complile of iptables itself.

Luther

gpuk wrote:

> On Fri, 03 Oct 2003 15:02:44 -0400, martin02 <(E-Mail Removed)>
> fought his way into comp.os.linux.networking, paused briefly and let forth
> upon the unsuspecting patrons the following literary masterpiece:
> :
> :Hello everyone,
> :
> :Why does this entry below result in a iptables error message?
> :
> :iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
> :
> :Results in "iptables: invalid argument"
> :
> :And where might I find any documentation on the error messages for
> :iptables?
> :
> :Thanks
> :
> :Luther
>
> I'm not sure if this will cure your problem but you may find specifying
> the output device works. Obviously replace $EXTIF with the appropriate
> device (eg. eth0).
>
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o $EXTIF -j MASQUERADE

Nope. Still gives the same error.

"iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE"
I also tried:
"iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE"
"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"

Trying the command in 'verbose mode' gives slightly more information:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
--verbose
MASQUERADE all opt -- in * out eth0 192.168.1.0/24 -> 0.0.0.0/0
iptables: Invalid argument

I still have no clue what it is complaining about.

Luther