NAT & iptables, contd.

NAT & iptables, contd.

Post by Mickybadi » Mon, 26 Jan 2004 01:48:31



OK mates,

I recompiled my kernel with iptables/NAT features as modules. The headers I
have are the latest I can get by emerging (Gentoo). Modprobing works:

Quote:> # lsmod
> Module                  Size  Used by    Tainted: P
> ipt_MASQUERADE          1368   0  (autoclean)
> iptable_nat            17240   0  (autoclean) [ipt_MASQUERADE]
> ip_conntrack           18216   1  (autoclean) [ipt_MASQUERADE iptable_nat]
> ip_tables              12000   4  [ipt_MASQUERADE iptable_nat]
> floppy                 50908   0  (autoclean)
> [etc.]
> # iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE
> iptables: Invalid argument

Whatever sens the following makes:

Quote:> # iptables -A POSTROUTING -t nat -j MASQUERADE
> iptables: Invalid argument

So I don't think the bad argument is eth1. As I get better error messages
when I change -A and -j, I suppose "-t nat" is the problem. Is there
anything to do first, to create the nat table or something.

By dropping arguments, I sometimes manage to get no message, but then
"iptables -L" gives me no changes.

I am sorry, but I really don't know what to do...

--
Mickybadia      [http://mickybadia.free.fr/]

To reply, please remove "SAY_HELLO_TO_" from address.
Veuillez supprimer "SAY_HELLO_TO_" de l'adresse pour me rpondre.

 
 
 

NAT & iptables, contd.

Post by Bria » Mon, 26 Jan 2004 02:26:44



> OK mates,

> I recompiled my kernel with iptables/NAT features as modules. The headers I
> have are the latest I can get by emerging (Gentoo). Modprobing works:
>> # lsmod
>> Module                  Size  Used by    Tainted: P
>> ipt_MASQUERADE          1368   0  (autoclean)
>> iptable_nat            17240   0  (autoclean) [ipt_MASQUERADE]
>> ip_conntrack           18216   1  (autoclean) [ipt_MASQUERADE iptable_nat]
>> ip_tables              12000   4  [ipt_MASQUERADE iptable_nat]
>> floppy                 50908   0  (autoclean)
>> [etc.]

>> # iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE
>> iptables: Invalid argument

> Whatever sens the following makes:
>> # iptables -A POSTROUTING -t nat -j MASQUERADE
>> iptables: Invalid argument

> So I don't think the bad argument is eth1. As I get better error messages
> when I change -A and -j, I suppose "-t nat" is the problem. Is there
> anything to do first, to create the nat table or something.

> By dropping arguments, I sometimes manage to get no message, but then
> "iptables -L" gives me no changes.

> I am sorry, but I really don't know what to do...

Instead of floundering about trying to guess what's going on by
dropping arguments and second-guessing the resulting error messages,
man iptables reveals the following:

 The  packet-filtering-HOWTO  details  iptables  usage for packet
 filtering, the NAT-HOWTO details NAT, the netfilter-extensions-HOWTO
 details  the  extensions that  are  not  in  the  standard distribution,
 and the netfilter-hacking-HOWTO details the netfilter internals.
 See http://www.netfilter.org/.

It could just be worth taking a look.  ;)

B.
--
All computers wait at the same speed.

 
 
 

1. iptables & NAT & IPSEC can ping but cannot telnet ?

Hi
   I had a linux box[A](with NAT but no IPSEC) setup ppp dial to ISP.
   And another linux box[B] used IPSEC behind box[A].
   I forward any input package from box[A] to box[B](192.168.1.10).

   # echo "1" > /proc/sys/net/ipv4/ip_forword
   # iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
   # iptables -t nat -A PREROUTING -p all -i ppp0 -j DNAT \
     --to-destination 192.168.1.10

   When box[A] got an IP for example (170.8.23.33) from ISP.
   I ping box[A] from Internet with other linux box[C]
   it also with IPSEC it's OK.
   But when I try to telnet to box[A] from box[C] the telnet
   show "Connection timed out" messages.
   Why ??
   How can I do to make the telnet work.
   Thanks.

2. Best way to perform a function as root

3. Secgo IPSEC & NAT & iptables

4. Can I reboot after shutdown?

5. iptables & Dynamic NAT?

6. System36 Emulator

7. iptables, s & d nat addresses

8. feedback on Fuji Super Eagle drive

9. IPTables/NAT & MSN Messenger Voice

10. NAT & iptables

11. NAT & iptables vs. ipchains?

12. NAT & iptables

13. Need Help with NAT & Static Routes with iptables under Slackware Linux