NAT & iptables, contd.

OK mates,

I recompiled my kernel with iptables/NAT features as modules. The headers I
have are the latest I can get by emerging (Gentoo). Modprobing works:
> # lsmod
> Module Size Used by Tainted: P
> ipt_MASQUERADE 1368 0 (autoclean)
> iptable_nat 17240 0 (autoclean) [ipt_MASQUERADE]
> ip_conntrack 18216 1 (autoclean) [ipt_MASQUERADE iptable_nat]
> ip_tables 12000 4 [ipt_MASQUERADE iptable_nat]
> floppy 50908 0 (autoclean)
> [etc.]

> # iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE
> iptables: Invalid argument

Whatever sens the following makes:
> # iptables -A POSTROUTING -t nat -j MASQUERADE
> iptables: Invalid argument

So I don't think the bad argument is eth1. As I get better error messages
when I change -A and -j, I suppose "-t nat" is the problem. Is there
anything to do first, to create the nat table or something.

By dropping arguments, I sometimes manage to get no message, but then
"iptables -L" gives me no changes.


I am sorry, but I really don't know what to do...



--
Mickybadia [http://mickybadia.free.fr/]

To reply, please remove "SAY_HELLO_TO_" from address.
Veuillez supprimer "SAY_HELLO_TO_" de l'adresse pour me répondre.

On Sat, 24 Jan 2004 17:48:31 +0100, Mickybadia wrote:

> OK mates,
>
> I recompiled my kernel with iptables/NAT features as modules. The headers I
> have are the latest I can get by emerging (Gentoo). Modprobing works:
>> # lsmod
>> Module Size Used by Tainted: P
>> ipt_MASQUERADE 1368 0 (autoclean)
>> iptable_nat 17240 0 (autoclean) [ipt_MASQUERADE]
>> ip_conntrack 18216 1 (autoclean) [ipt_MASQUERADE iptable_nat]
>> ip_tables 12000 4 [ipt_MASQUERADE iptable_nat]
>> floppy 50908 0 (autoclean)
>> [etc.]
>
>> # iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE
>> iptables: Invalid argument
>
> Whatever sens the following makes:
>> # iptables -A POSTROUTING -t nat -j MASQUERADE
>> iptables: Invalid argument
>
> So I don't think the bad argument is eth1. As I get better error messages
> when I change -A and -j, I suppose "-t nat" is the problem. Is there
> anything to do first, to create the nat table or something.
>
> By dropping arguments, I sometimes manage to get no message, but then
> "iptables -L" gives me no changes.
>
>
> I am sorry, but I really don't know what to do...

Instead of floundering about trying to guess what's going on by
dropping arguments and second-guessing the resulting error messages,
man iptables reveals the following:

The packet-filtering-HOWTO details iptables usage for packet
filtering, the NAT-HOWTO details NAT, the netfilter-extensions-HOWTO
details the extensions that are not in the standard distribution,
and the netfilter-hacking-HOWTO details the netfilter internals.
See http://www.netfilter.org/.

It could just be worth taking a look.

B.
--
All computers wait at the same speed.