iptables --to-source: Invalid argument
Ondrej Koala Vacha
koala na vju.cz
Čtvrtek Červenec 31 09:14:43 CEST 2003
Dobry den,
mam nasledujici potiz: snazim si prelozit jadro s podporou iptables
ne jako moduly, ale primo do jadra. Po nabootovani iptables pracuji,
jen neni mozne dat prikaz s --to-source, ev. -j MASQUERADE - pak napisou
Invalid argument. Jinak treba
iptables -L POSTROUTING -t nat
probehne.
Podporu pro redirect i masquerade ma zakompilovanou. Prislusnou cast
.config prikladam.
Dale prikladam konec vystupu s Invalid output po strace.
Jadro vanilla 2.4.20 s patchem pro freeswan.
s diky a s pozdravem
--
Ondrej Koala Vacha
.config:
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
# CONFIG_IP_NF_IRC is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
# CONFIG_IP_NF_MATCH_MAC is not set
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
# CONFIG_IP_NF_MATCH_UNCLEAN is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
# CONFIG_IP_NF_TARGET_MIRROR is not set
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_NAT_LOCAL=y
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_LOG=y
strace iptables -A POSTROUTING -t nat -j MASQUERADE
...
open("/lib/iptables/libipt_MASQUERADE.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\244\4\0"...,
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=4454, ...}) = 0
old_mmap(NULL, 6656, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40013000
mprotect(0x40014000, 2560, PROT_NONE) = 0
old_mmap(0x40014000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0) = 0x40014000
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], [84]) = 0
brk(0x8058000) = 0x8058000
getsockopt(3, SOL_IP, 0x41 /* IP_??? */, [7627118], [656]) = 0
setsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], 880) = -1 EINVAL
(Invalid argument)
write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
Další informace o konferenci Linux