* Invalid argument in -j SNAT
@ 2003-12-02 18:50 Oleg Savostyanov
2003-12-02 20:18 ` Rob Sterenborg
2003-12-08 12:34 ` Oleg Savostyanov
0 siblings, 2 replies; 7+ messages in thread
From: Oleg Savostyanov @ 2003-12-02 18:50 UTC (permalink / raw)
To: netfilter
Hello All,
After N iterations of compiling kernel, installing iptables, applying
patch-o-matic...
the following command in a script from NAT HOWTO failed to execute
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source XXX.XXX.XXX.XXX
with an error "iptables: Invalid argument" I suspect, that an argument
is XXX.XXX.XXX.XXX
yesterday everything was fine (even more - it used to work with
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE but now
to the command -j MASQUERADE it says - "iptables: Invalid argument")
ok
I changed -j MASQUERADE to -j SNAT - it demanded --to-source
I issued the above and got stuck on that
Anybody has a clue on it?
Debian 3.0
iptables v1.2.9
kernel 2.4.22
I even tryed to reboot with an old kernel - the result is the same.
Please help
--
Oleg mailto:savostyanov@internetplustravel.ru
^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: Invalid argument in -j SNAT
2003-12-02 18:50 Invalid argument in -j SNAT Oleg Savostyanov
@ 2003-12-02 20:18 ` Rob Sterenborg
2003-12-03 13:40 ` Re[2]: " Oleg Savostyanov
2003-12-05 15:55 ` Oleg Savostyanov
2003-12-08 12:34 ` Oleg Savostyanov
1 sibling, 2 replies; 7+ messages in thread
From: Rob Sterenborg @ 2003-12-02 20:18 UTC (permalink / raw)
To: 'Oleg Savostyanov', netfilter
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
> XXX.XXX.XXX.XXX
> with an error "iptables: Invalid argument" I suspect, that an argument
> is XXX.XXX.XXX.XXX
Did you compile and load the module iptable_nat ?
Gr,
Rob
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re[2]: Invalid argument in -j SNAT
2003-12-02 20:18 ` Rob Sterenborg
@ 2003-12-03 13:40 ` Oleg Savostyanov
2003-12-03 14:03 ` Limit simultaneous connections with iptables Mauricio Portilho Cavalcanti
2003-12-03 14:16 ` Re[2]: Invalid argument in -j SNAT Rob Sterenborg
2003-12-05 15:55 ` Oleg Savostyanov
1 sibling, 2 replies; 7+ messages in thread
From: Oleg Savostyanov @ 2003-12-03 13:40 UTC (permalink / raw)
To: netfilter
Tuesday, December 2, 2003, 11:18:29 PM, you wrote:
>> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
>> XXX.XXX.XXX.XXX
>> with an error "iptables: Invalid argument" I suspect, that an argument
>> is XXX.XXX.XXX.XXX
RS> Did you compile and load the module iptable_nat ?
RS> Gr,
RS> Rob
Thank you for your answers
I compiled the kernel without modules
yes, NAT is on
this is my kernel .config
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
# CONFIG_NETLINK_DEV is not set
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_FILTER=y
CONFIG_UNIX=y
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_PNP=y
# CONFIG_IP_PNP_DHCP is not set
# CONFIG_IP_PNP_BOOTP is not set
# CONFIG_IP_PNP_RARP is not set
CONFIG_NET_IPIP=y
CONFIG_NET_IPGRE=y
CONFIG_NET_IPGRE_BROADCAST=y
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_ARPD=y
CONFIG_INET_ECN=y
# CONFIG_SYN_COOKIES is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
# CONFIG_IP_NF_AMANDA is not set
CONFIG_IP_NF_TFTP=y
CONFIG_IP_NF_IRC=y
CONFIG_IP_NF_CT_PROTO_GRE=y
CONFIG_IP_NF_PPTP=y
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_QUOTA=y
CONFIG_IP_NF_MATCH_MAC=y
# CONFIG_IP_NF_MATCH_PKTTYPE is not set
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_TIME=y
CONFIG_IP_NF_MATCH_PSD=y
# CONFIG_IP_NF_MATCH_NTH is not set
# CONFIG_IP_NF_MATCH_RECENT is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_DSCP is not set
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
CONFIG_IP_NF_MATCH_UNCLEAN=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_MIRROR=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_NAT_PPTP=y
CONFIG_IP_NF_NAT_PROTO_GRE=y
# CONFIG_IP_NF_NAT_LOCAL is not set
CONFIG_IP_NF_NAT_SNMP_BASIC=y
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
# CONFIG_IP_NF_TARGET_ECN is not set
# CONFIG_IP_NF_TARGET_DSCP is not set
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
# CONFIG_IPV6 is not set
CONFIG_XFRM=y
# CONFIG_XFRM_USER is not set
# CONFIG_KHTTPD is not set
# CONFIG_ATM is not set
# CONFIG_VLAN_8021Q is not set
--
Best regards,
Oleg mailto:savostyanov@internetplustravel.ru
^ permalink raw reply [flat|nested] 7+ messages in thread
* Limit simultaneous connections with iptables
2003-12-03 13:40 ` Re[2]: " Oleg Savostyanov
@ 2003-12-03 14:03 ` Mauricio Portilho Cavalcanti
2003-12-03 14:16 ` Re[2]: Invalid argument in -j SNAT Rob Sterenborg
1 sibling, 0 replies; 7+ messages in thread
From: Mauricio Portilho Cavalcanti @ 2003-12-03 14:03 UTC (permalink / raw)
To: netfilter
Hi,
i have a proxy configured to share internet access and i want to limit
simultaneous connections to 10 (for each ip address in my LAN). I made this
limitation in squid.conf and now a want to limit all connections to 10.
Anyone can help me to make it works?
Thanks any help,
Mauricio.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.547 / Virus Database: 340 - Release Date: 2/12/2003
^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: Re[2]: Invalid argument in -j SNAT
2003-12-03 13:40 ` Re[2]: " Oleg Savostyanov
2003-12-03 14:03 ` Limit simultaneous connections with iptables Mauricio Portilho Cavalcanti
@ 2003-12-03 14:16 ` Rob Sterenborg
1 sibling, 0 replies; 7+ messages in thread
From: Rob Sterenborg @ 2003-12-03 14:16 UTC (permalink / raw)
To: 'Oleg Savostyanov', netfilter
> >> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
> >> XXX.XXX.XXX.XXX with an error "iptables: Invalid argument"
> I suspect,
> >> that an argument is XXX.XXX.XXX.XXX
>
> RS> Did you compile and load the module iptable_nat ?
> RS> Gr,
> RS> Rob
> Thank you for your answers
>
> I compiled the kernel without modules
>
> yes, NAT is on
> this is my kernel .config
Yes, but did you also load iptable_nat (modprobe iptable_nat) ?
What is the output of "lsmod | grep nat" ?
Gr,
Rob
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re[2]: Invalid argument in -j SNAT
2003-12-02 20:18 ` Rob Sterenborg
2003-12-03 13:40 ` Re[2]: " Oleg Savostyanov
@ 2003-12-05 15:55 ` Oleg Savostyanov
1 sibling, 0 replies; 7+ messages in thread
From: Oleg Savostyanov @ 2003-12-05 15:55 UTC (permalink / raw)
To: netfilter
Hello Rob,
Yes sure
firewall:# lsmod Module Size Used by Not tainted
ipt_state 608 2 (autoclean)
ipt_REJECT 3424 1 (autoclean)
ipt_LOG 3296 1 (autoclean)
iptable_filter 1728 1 (autoclean)
ip_nat_pptp 2304 0 (unused)
ip_nat_ftp 3488 0 (unused)
ip_conntrack_pptp 2720 1 [ip_nat_pptp]
ip_conntrack_proto_gre 3168 0 [ip_nat_pptp ip_conntrack_pptp]
ip_conntrack_ftp 4192 1 [ip_nat_ftp]
iptable_nat 20756 2 (autoclean) [ip_nat_pptp ip_nat_ftp]
ip_conntrack 24852 5 (autoclean) [ipt_state ip_nat_pptp ip_nat_ftp ip_conntrack_pptp ip_conntrack_proto_gre ip_conntrack_ftp iptable_nat]
ip_tables 13504 7 [ipt_state ipt_REJECT ipt_LOG iptable_filter iptable_nat]
firewall:#
Tuesday, December 2, 2003, 11:18:29 PM, you wrote:
>> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
>> XXX.XXX.XXX.XXX
>> with an error "iptables: Invalid argument" I suspect, that an argument
>> is XXX.XXX.XXX.XXX
RS> Did you compile and load the module iptable_nat ?
RS> Gr,
RS> Rob
--
Best regards,
Oleg mailto:savostyanov@internetplustravel.ru
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Invalid argument in -j SNAT
2003-12-02 18:50 Invalid argument in -j SNAT Oleg Savostyanov
2003-12-02 20:18 ` Rob Sterenborg
@ 2003-12-08 12:34 ` Oleg Savostyanov
1 sibling, 0 replies; 7+ messages in thread
From: Oleg Savostyanov @ 2003-12-08 12:34 UTC (permalink / raw)
To: netfilter
I noticed some problem in my dmesq
NETIF_F_SG - what does it mean?
And could my problem be because of that problem, whyle booting the
kernel
00:09.0: 3Com PCI 3c905B Cyclone 100baseTx at 0xb000. Vers LK1.1.18-ac
00:01:02:72:20:83, IRQ 12
product code 4347 rev 00.12 date 07-11-00
Internal config register is 1800000, transceivers 0xa.
8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface.
MII transceiver found at address 24, status 7849.
Enabling bus-master transmits and whole-frame receives.
00:09.0: scatter/gather enabled. h/w checksums enabled
PCI: Found IRQ 10 for device 00:0b.0
See Documentation/networking/vortex.txt
00:0b.0: 3Com PCI 3c905 Boomerang 100baseTx at 0xa800. Vers LK1.1.18-ac
00:60:08:ca:51:c4, IRQ 10
product code 4b4b rev 00.0 date 12-05-97
Internal config register is 16302d8, transceivers 0xe040.
8K word-wide RAM 3:5 Rx:Tx split, autoselect/MII interface.
MII transceiver found at address 24, status 786d.
Enabling bus-master transmits and whole-frame receives.
00:0b.0: scatter/gather enabled. h/w checksums disabled
eth1: Dropping NETIF_F_SG since no checksum feature.
Hello Oleg,
Tuesday, December 2, 2003, 9:50:27 PM, you wrote:
OS> Hello All,
OS> After N iterations of compiling kernel, installing iptables, applying
OS> patch-o-matic...
OS> the following command in a script from NAT HOWTO failed to execute
OS> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source XXX.XXX.XXX.XXX
OS> with an error "iptables: Invalid argument" I suspect, that an argument
OS> is XXX.XXX.XXX.XXX
OS> yesterday everything was fine (even more - it used to work with
OS> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE but now
OS> to the command -j MASQUERADE it says - "iptables: Invalid argument")
OS> ok
OS> I changed -j MASQUERADE to -j SNAT - it demanded --to-source
OS> I issued the above and got stuck on that
OS> Anybody has a clue on it?
OS> Debian 3.0
OS> iptables v1.2.9
OS> kernel 2.4.22
OS> I even tryed to reboot with an old kernel - the result is the same.
OS> Please help
--
Best regards,
Oleg mailto:savostyanov@internetplustravel.ru
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2003-12-08 12:34 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-12-02 18:50 Invalid argument in -j SNAT Oleg Savostyanov
2003-12-02 20:18 ` Rob Sterenborg
2003-12-03 13:40 ` Re[2]: " Oleg Savostyanov
2003-12-03 14:03 ` Limit simultaneous connections with iptables Mauricio Portilho Cavalcanti
2003-12-03 14:16 ` Re[2]: Invalid argument in -j SNAT Rob Sterenborg
2003-12-05 15:55 ` Oleg Savostyanov
2003-12-08 12:34 ` Oleg Savostyanov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.