iptables --to-source: Invalid argument

Ondrej Koala Vacha koala na vju.cz
Čtvrtek Červenec 31 09:14:43 CEST 2003 

Dobry den,

mam nasledujici potiz: snazim si prelozit jadro s podporou iptables 
ne jako moduly, ale primo do jadra. Po nabootovani iptables pracuji,
jen neni mozne dat prikaz s --to-source, ev. -j MASQUERADE - pak napisou 
Invalid argument. Jinak treba 
iptables -L POSTROUTING -t nat
probehne.

Podporu pro redirect i masquerade ma zakompilovanou. Prislusnou cast 
.config prikladam.

Dale prikladam konec vystupu s Invalid output po strace.

Jadro vanilla 2.4.20 s patchem pro freeswan.

s diky a s pozdravem

--
Ondrej Koala Vacha


.config:
#
#   IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
# CONFIG_IP_NF_IRC is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
# CONFIG_IP_NF_MATCH_MAC is not set
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
# CONFIG_IP_NF_MATCH_UNCLEAN is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
# CONFIG_IP_NF_TARGET_MIRROR is not set
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_NAT_LOCAL=y
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_LOG=y


strace iptables -A POSTROUTING -t nat -j MASQUERADE

...
open("/lib/iptables/libipt_MASQUERADE.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\244\4\0"..., 
1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=4454, ...}) = 0
old_mmap(NULL, 6656, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40013000
mprotect(0x40014000, 2560, PROT_NONE)   = 0
old_mmap(0x40014000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 
0) = 0x40014000
close(3)                                = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], [84]) = 0
brk(0x8058000)                          = 0x8058000
getsockopt(3, SOL_IP, 0x41 /* IP_??? */, [7627118], [656]) = 0
setsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], 880) = -1 EINVAL 
(Invalid argument)
write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument

Další informace o konferenci Linux