* Invalid argument in -j SNAT @ 2003-12-02 18:50 Oleg Savostyanov 2003-12-02 20:18 ` Rob Sterenborg 2003-12-08 12:34 ` Oleg Savostyanov 0 siblings, 2 replies; 7+ messages in thread From: Oleg Savostyanov @ 2003-12-02 18:50 UTC (permalink / raw) To: netfilter Hello All, After N iterations of compiling kernel, installing iptables, applying patch-o-matic... the following command in a script from NAT HOWTO failed to execute iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source XXX.XXX.XXX.XXX with an error "iptables: Invalid argument" I suspect, that an argument is XXX.XXX.XXX.XXX yesterday everything was fine (even more - it used to work with iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE but now to the command -j MASQUERADE it says - "iptables: Invalid argument") ok I changed -j MASQUERADE to -j SNAT - it demanded --to-source I issued the above and got stuck on that Anybody has a clue on it? Debian 3.0 iptables v1.2.9 kernel 2.4.22 I even tryed to reboot with an old kernel - the result is the same. Please help -- Oleg mailto:savostyanov@internetplustravel.ru ^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: Invalid argument in -j SNAT 2003-12-02 18:50 Invalid argument in -j SNAT Oleg Savostyanov @ 2003-12-02 20:18 ` Rob Sterenborg 2003-12-03 13:40 ` Re[2]: " Oleg Savostyanov 2003-12-05 15:55 ` Oleg Savostyanov 2003-12-08 12:34 ` Oleg Savostyanov 1 sibling, 2 replies; 7+ messages in thread From: Rob Sterenborg @ 2003-12-02 20:18 UTC (permalink / raw) To: 'Oleg Savostyanov', netfilter > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source > XXX.XXX.XXX.XXX > with an error "iptables: Invalid argument" I suspect, that an argument > is XXX.XXX.XXX.XXX Did you compile and load the module iptable_nat ? Gr, Rob ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re[2]: Invalid argument in -j SNAT 2003-12-02 20:18 ` Rob Sterenborg @ 2003-12-03 13:40 ` Oleg Savostyanov 2003-12-03 14:03 ` Limit simultaneous connections with iptables Mauricio Portilho Cavalcanti 2003-12-03 14:16 ` Re[2]: Invalid argument in -j SNAT Rob Sterenborg 2003-12-05 15:55 ` Oleg Savostyanov 1 sibling, 2 replies; 7+ messages in thread From: Oleg Savostyanov @ 2003-12-03 13:40 UTC (permalink / raw) To: netfilter Tuesday, December 2, 2003, 11:18:29 PM, you wrote: >> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source >> XXX.XXX.XXX.XXX >> with an error "iptables: Invalid argument" I suspect, that an argument >> is XXX.XXX.XXX.XXX RS> Did you compile and load the module iptable_nat ? RS> Gr, RS> Rob Thank you for your answers I compiled the kernel without modules yes, NAT is on this is my kernel .config # Networking options # CONFIG_PACKET=y CONFIG_PACKET_MMAP=y # CONFIG_NETLINK_DEV is not set CONFIG_NETFILTER=y CONFIG_NETFILTER_DEBUG=y CONFIG_FILTER=y CONFIG_UNIX=y # CONFIG_NET_KEY is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_NAT=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_TOS=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_PNP=y # CONFIG_IP_PNP_DHCP is not set # CONFIG_IP_PNP_BOOTP is not set # CONFIG_IP_PNP_RARP is not set CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_ARPD=y CONFIG_INET_ECN=y # CONFIG_SYN_COOKIES is not set # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set # # IP: Netfilter Configuration # CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_FTP=y # CONFIG_IP_NF_AMANDA is not set CONFIG_IP_NF_TFTP=y CONFIG_IP_NF_IRC=y CONFIG_IP_NF_CT_PROTO_GRE=y CONFIG_IP_NF_PPTP=y CONFIG_IP_NF_QUEUE=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_LIMIT=y CONFIG_IP_NF_MATCH_QUOTA=y CONFIG_IP_NF_MATCH_MAC=y # CONFIG_IP_NF_MATCH_PKTTYPE is not set CONFIG_IP_NF_MATCH_MARK=y CONFIG_IP_NF_MATCH_MULTIPORT=y CONFIG_IP_NF_MATCH_TOS=y CONFIG_IP_NF_MATCH_TIME=y CONFIG_IP_NF_MATCH_PSD=y # CONFIG_IP_NF_MATCH_NTH is not set # CONFIG_IP_NF_MATCH_RECENT is not set # CONFIG_IP_NF_MATCH_ECN is not set # CONFIG_IP_NF_MATCH_DSCP is not set CONFIG_IP_NF_MATCH_AH_ESP=y CONFIG_IP_NF_MATCH_LENGTH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_TCPMSS=y CONFIG_IP_NF_MATCH_HELPER=y CONFIG_IP_NF_MATCH_STATE=y CONFIG_IP_NF_MATCH_CONNTRACK=y CONFIG_IP_NF_MATCH_UNCLEAN=y CONFIG_IP_NF_MATCH_OWNER=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_MIRROR=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_NAT_PPTP=y CONFIG_IP_NF_NAT_PROTO_GRE=y # CONFIG_IP_NF_NAT_LOCAL is not set CONFIG_IP_NF_NAT_SNMP_BASIC=y CONFIG_IP_NF_NAT_IRC=y CONFIG_IP_NF_NAT_FTP=y CONFIG_IP_NF_NAT_TFTP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_TOS=y # CONFIG_IP_NF_TARGET_ECN is not set # CONFIG_IP_NF_TARGET_DSCP is not set CONFIG_IP_NF_TARGET_MARK=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_IP_NF_TARGET_TCPMSS=y CONFIG_IP_NF_ARPTABLES=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # CONFIG_IPV6 is not set CONFIG_XFRM=y # CONFIG_XFRM_USER is not set # CONFIG_KHTTPD is not set # CONFIG_ATM is not set # CONFIG_VLAN_8021Q is not set -- Best regards, Oleg mailto:savostyanov@internetplustravel.ru ^ permalink raw reply [flat|nested] 7+ messages in thread
* Limit simultaneous connections with iptables 2003-12-03 13:40 ` Re[2]: " Oleg Savostyanov @ 2003-12-03 14:03 ` Mauricio Portilho Cavalcanti 2003-12-03 14:16 ` Re[2]: Invalid argument in -j SNAT Rob Sterenborg 1 sibling, 0 replies; 7+ messages in thread From: Mauricio Portilho Cavalcanti @ 2003-12-03 14:03 UTC (permalink / raw) To: netfilter Hi, i have a proxy configured to share internet access and i want to limit simultaneous connections to 10 (for each ip address in my LAN). I made this limitation in squid.conf and now a want to limit all connections to 10. Anyone can help me to make it works? Thanks any help, Mauricio. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.547 / Virus Database: 340 - Release Date: 2/12/2003 ^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: Re[2]: Invalid argument in -j SNAT 2003-12-03 13:40 ` Re[2]: " Oleg Savostyanov 2003-12-03 14:03 ` Limit simultaneous connections with iptables Mauricio Portilho Cavalcanti @ 2003-12-03 14:16 ` Rob Sterenborg 1 sibling, 0 replies; 7+ messages in thread From: Rob Sterenborg @ 2003-12-03 14:16 UTC (permalink / raw) To: 'Oleg Savostyanov', netfilter > >> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source > >> XXX.XXX.XXX.XXX with an error "iptables: Invalid argument" > I suspect, > >> that an argument is XXX.XXX.XXX.XXX > > RS> Did you compile and load the module iptable_nat ? > RS> Gr, > RS> Rob > Thank you for your answers > > I compiled the kernel without modules > > yes, NAT is on > this is my kernel .config Yes, but did you also load iptable_nat (modprobe iptable_nat) ? What is the output of "lsmod | grep nat" ? Gr, Rob ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re[2]: Invalid argument in -j SNAT 2003-12-02 20:18 ` Rob Sterenborg 2003-12-03 13:40 ` Re[2]: " Oleg Savostyanov @ 2003-12-05 15:55 ` Oleg Savostyanov 1 sibling, 0 replies; 7+ messages in thread From: Oleg Savostyanov @ 2003-12-05 15:55 UTC (permalink / raw) To: netfilter Hello Rob, Yes sure firewall:# lsmod Module Size Used by Not tainted ipt_state 608 2 (autoclean) ipt_REJECT 3424 1 (autoclean) ipt_LOG 3296 1 (autoclean) iptable_filter 1728 1 (autoclean) ip_nat_pptp 2304 0 (unused) ip_nat_ftp 3488 0 (unused) ip_conntrack_pptp 2720 1 [ip_nat_pptp] ip_conntrack_proto_gre 3168 0 [ip_nat_pptp ip_conntrack_pptp] ip_conntrack_ftp 4192 1 [ip_nat_ftp] iptable_nat 20756 2 (autoclean) [ip_nat_pptp ip_nat_ftp] ip_conntrack 24852 5 (autoclean) [ipt_state ip_nat_pptp ip_nat_ftp ip_conntrack_pptp ip_conntrack_proto_gre ip_conntrack_ftp iptable_nat] ip_tables 13504 7 [ipt_state ipt_REJECT ipt_LOG iptable_filter iptable_nat] firewall:# Tuesday, December 2, 2003, 11:18:29 PM, you wrote: >> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source >> XXX.XXX.XXX.XXX >> with an error "iptables: Invalid argument" I suspect, that an argument >> is XXX.XXX.XXX.XXX RS> Did you compile and load the module iptable_nat ? RS> Gr, RS> Rob -- Best regards, Oleg mailto:savostyanov@internetplustravel.ru ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Invalid argument in -j SNAT 2003-12-02 18:50 Invalid argument in -j SNAT Oleg Savostyanov 2003-12-02 20:18 ` Rob Sterenborg @ 2003-12-08 12:34 ` Oleg Savostyanov 1 sibling, 0 replies; 7+ messages in thread From: Oleg Savostyanov @ 2003-12-08 12:34 UTC (permalink / raw) To: netfilter I noticed some problem in my dmesq NETIF_F_SG - what does it mean? And could my problem be because of that problem, whyle booting the kernel 00:09.0: 3Com PCI 3c905B Cyclone 100baseTx at 0xb000. Vers LK1.1.18-ac 00:01:02:72:20:83, IRQ 12 product code 4347 rev 00.12 date 07-11-00 Internal config register is 1800000, transceivers 0xa. 8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface. MII transceiver found at address 24, status 7849. Enabling bus-master transmits and whole-frame receives. 00:09.0: scatter/gather enabled. h/w checksums enabled PCI: Found IRQ 10 for device 00:0b.0 See Documentation/networking/vortex.txt 00:0b.0: 3Com PCI 3c905 Boomerang 100baseTx at 0xa800. Vers LK1.1.18-ac 00:60:08:ca:51:c4, IRQ 10 product code 4b4b rev 00.0 date 12-05-97 Internal config register is 16302d8, transceivers 0xe040. 8K word-wide RAM 3:5 Rx:Tx split, autoselect/MII interface. MII transceiver found at address 24, status 786d. Enabling bus-master transmits and whole-frame receives. 00:0b.0: scatter/gather enabled. h/w checksums disabled eth1: Dropping NETIF_F_SG since no checksum feature. Hello Oleg, Tuesday, December 2, 2003, 9:50:27 PM, you wrote: OS> Hello All, OS> After N iterations of compiling kernel, installing iptables, applying OS> patch-o-matic... OS> the following command in a script from NAT HOWTO failed to execute OS> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source XXX.XXX.XXX.XXX OS> with an error "iptables: Invalid argument" I suspect, that an argument OS> is XXX.XXX.XXX.XXX OS> yesterday everything was fine (even more - it used to work with OS> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE but now OS> to the command -j MASQUERADE it says - "iptables: Invalid argument") OS> ok OS> I changed -j MASQUERADE to -j SNAT - it demanded --to-source OS> I issued the above and got stuck on that OS> Anybody has a clue on it? OS> Debian 3.0 OS> iptables v1.2.9 OS> kernel 2.4.22 OS> I even tryed to reboot with an old kernel - the result is the same. OS> Please help -- Best regards, Oleg mailto:savostyanov@internetplustravel.ru ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2003-12-08 12:34 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2003-12-02 18:50 Invalid argument in -j SNAT Oleg Savostyanov 2003-12-02 20:18 ` Rob Sterenborg 2003-12-03 13:40 ` Re[2]: " Oleg Savostyanov 2003-12-03 14:03 ` Limit simultaneous connections with iptables Mauricio Portilho Cavalcanti 2003-12-03 14:16 ` Re[2]: Invalid argument in -j SNAT Rob Sterenborg 2003-12-05 15:55 ` Oleg Savostyanov 2003-12-08 12:34 ` Oleg Savostyanov
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.