pptp+masq fsckup! PLEASE help...

pptp+masq fsckup! PLEASE help...

[Roy Sigurd Karlsbakk]

hi all

still I can't make it

compiled in the patch at http://roeder.goe.net/~koepi/newnat.html, as Diego 
Sarasua pointed to, but getting the same ole crap as the only time I've ever 
managed to patch-o-maticize the kernel. As I try to add the following rule, I 
just get an 'invalid argument' message. The following shows an strace of 
iptables.

thanks

roy

nyfw:~# strace iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -d ! 
192.168.0.0/255.255.0.0 -j MASQUERADE
execve("/sbin/iptables", ["iptables", "-t", "nat", "-A", "POSTROUTING", "-s", 
"192.168.0.0/255.255.0.0", "-d", "!", "192.168.0.0/255.255.0.0", "-j", 
"MASQUERADE"], [/* 13 vars */]) = 0
uname({sys="Linux", node="nyfw", ...})  = 0
brk(0)                                  = 0x8056a5c
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or 
directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=11871, ...}) = 0
old_mmap(NULL, 11871, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000
close(3)                                = 0
open("/lib/libdl.so.2", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0T\27\0\000"..., 1024) 
= 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=8008, ...}) = 0
old_mmap(NULL, 11004, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40017000
mprotect(0x40019000, 2812, PROT_NONE)   = 0
old_mmap(0x40019000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 
0x1000) = 0x40019000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30\222"..., 1024) = 
1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=1153784, ...}) = 0
old_mmap(NULL, 1166560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001a000
mprotect(0x4012d000, 40160, PROT_NONE)  = 0
old_mmap(0x4012d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 
0x113000) = 0x4012d000
old_mmap(0x40133000, 15584, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40133000
close(3)                                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x40137000
munmap(0x40014000, 11871)               = 0
brk(0)                                  = 0x8056a5c
brk(0x8056a94)                          = 0x8056a94
brk(0x8057000)                          = 0x8057000
open("/lib/iptables/libipt_MASQUERADE.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\4\0"..., 1024) = 
1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=3276, ...}) = 0
old_mmap(NULL, 6720, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40014000
mprotect(0x40015000, 2624, PROT_NONE)   = 0
old_mmap(0x40015000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0) 
= 0x40015000
close(3)                                = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], [84]) = 0
brk(0x8058000)                          = 0x8058000
getsockopt(3, SOL_IP, 0x41 /* IP_??? */, [7627118], [656]) = 0
setsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], 876) = -1 EINVAL (Invalid 
argument)
write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
) = 27
_exit(1)                                = ?

-- 
Roy Sigurd Karlsbakk, Datavaktmester
ProntoTV AS - http://www.pronto.tv/
Tel: +47 9801 3356

Computers are like air conditioners.
They stop working when you open Windows.

Re: pptp+masq fsckup! PLEASE help...

[Ilguiz Latypov]

Roy,

I believe you may need to update the iptables package or download it from
netfilter.org's CVS repository.  The older iptables (before 1.2.7a) may
not communicate properly with the new NAT code in the 2.4.20 kernel.

Depending on the networking scenario, you may need to update the kernel
netfilter and PPTP kernel modules and/or the poptop PPTP server.  See

http://lists.netfilter.org/pipermail/netfilter-devel/2002-December/009913.html

http://sourceforge.net/tracker/index.php?func=detail&aid=648880&group_id=44827&atid=441003
http://sourceforge.net/tracker/index.php?func=detail&aid=654010&group_id=44827&atid=441005


Best regards,
Ilguiz

On Mon, 6 Jan 2003, Roy Sigurd Karlsbakk wrote:

> getting the same ole crap as the only time I've ever managed to
> patch-o-maticize the kernel.

> As I try to add the following rule, I just get an 'invalid argument'
> message. The following shows an strace of iptables.

Re: pptp+masq fsckup! PLEASE help...

[Ilguiz Latypov]

Roy,

I believe you may need to update the iptables package or download it from
netfilter.org's CVS repository.  The older iptables (before 1.2.7a) may
not communicate properly with the new NAT code in the 2.4.20 kernel.

Depending on the networking scenario, you may need to update the kernel
netfilter and PPTP kernel modules and/or the poptop PPTP server.  See

http://lists.netfilter.org/pipermail/netfilter-devel/2002-December/009913.html

http://sourceforge.net/tracker/index.php?func=detail&aid=648880&group_id=44827&atid=441003
http://sourceforge.net/tracker/index.php?func=detail&aid=654010&group_id=44827&atid=441005


Best regards,
Ilguiz

On Mon, 6 Jan 2003, Roy Sigurd Karlsbakk wrote:

> getting the same ole crap as the only time I've ever managed to
> patch-o-maticize the kernel.

> As I try to add the following rule, I just get an 'invalid argument'
> message. The following shows an strace of iptables.

Re: pptp+masq fsckup! PLEASE help...

[Diego Sarasua]

Roy ! - i was trying to compile the kernel 2.4.20 and i have the same
problem that U have ..... really i don´t know why.
But , becuase i really need the solution quicly as U need too.I was trying
with another kernels , and i was surprised because the same thing that
happends on 2.4.20 dont happend on  2.4.17 , and now im using that kernel
and it works awesome.-
i know thath is not an correctly solution ok ?
but IT works Correctly .- Why ? really dont know , if U can givme an ftp or
something  i have a 2.4.17 already patched i can upload it to You.-


p/d : I know thats is not a right way , but i U need a solution now , that
help i can give U , as I say U before , i have a 2.4.20 kernel working , but
when i try to make the same compilation in another machine , i don't know
waths go wrong... and invalid arguments apears.....

Thats all
Please forgive my very bad english
Diego  : )
San Juan
Sol y buen Vino (Sun , and very good Wines)

----- Original Message -----
From: "Roy Sigurd Karlsbakk" <roy@karlsbakk.net>
To: "Netfilter mailinglist" <netfilter@lists.netfilter.org>
Sent: Monday, January 06, 2003 3:26 PM
Subject: pptp+masq fsckup! PLEASE help...


> hi all
>
> still I can't make it
>
> compiled in the patch at http://roeder.goe.net/~koepi/newnat.html, as
Diego
> Sarasua pointed to, but getting the same ole crap as the only time I've
ever
> managed to patch-o-maticize the kernel. As I try to add the following
rule, I
> just get an 'invalid argument' message. The following shows an strace of
> iptables.
>
> thanks
>
> roy
>
> nyfw:~# strace iptables -t nat -A POSTROUTING -s
192.168.0.0/255.255.0.0 -d !
> 192.168.0.0/255.255.0.0 -j MASQUERADE
> execve("/sbin/iptables", ["iptables", "-t", "nat", "-A", "POSTROUTING",
"-s",
> "192.168.0.0/255.255.0.0", "-d", "!", "192.168.0.0/255.255.0.0", "-j",
> "MASQUERADE"], [/* 13 vars */]) = 0
> uname({sys="Linux", node="nyfw", ...})  = 0
> brk(0)                                  = 0x8056a5c
> open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or
> directory)
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=11871, ...}) = 0
> old_mmap(NULL, 11871, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000
> close(3)                                = 0
> open("/lib/libdl.so.2", O_RDONLY)       = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0T\27\0\000"...,
1024)
> = 1024
> fstat64(3, {st_mode=S_IFREG|0644, st_size=8008, ...}) = 0
> old_mmap(NULL, 11004, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40017000
> mprotect(0x40019000, 2812, PROT_NONE)   = 0
> old_mmap(0x40019000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
> 0x1000) = 0x40019000
> close(3)                                = 0
> open("/lib/libc.so.6", O_RDONLY)        = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30\222"..., 1024)
=
> 1024
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1153784, ...}) = 0
> old_mmap(NULL, 1166560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
0x4001a000
> mprotect(0x4012d000, 40160, PROT_NONE)  = 0
> old_mmap(0x4012d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
3,
> 0x113000) = 0x4012d000
> old_mmap(0x40133000, 15584, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40133000
> close(3)                                = 0
> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) =
> 0x40137000
> munmap(0x40014000, 11871)               = 0
> brk(0)                                  = 0x8056a5c
> brk(0x8056a94)                          = 0x8056a94
> brk(0x8057000)                          = 0x8057000
> open("/lib/iptables/libipt_MASQUERADE.so", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\4\0"...,
1024) =
> 1024
> fstat64(3, {st_mode=S_IFREG|0644, st_size=3276, ...}) = 0
> old_mmap(NULL, 6720, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40014000
> mprotect(0x40015000, 2624, PROT_NONE)   = 0
> old_mmap(0x40015000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0)
> = 0x40015000
> close(3)                                = 0
> socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> getsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], [84]) = 0
> brk(0x8058000)                          = 0x8058000
> getsockopt(3, SOL_IP, 0x41 /* IP_??? */, [7627118], [656]) = 0
> setsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], 876) = -1 EINVAL
(Invalid
> argument)
> write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> ) = 27
> _exit(1)                                = ?
>
> --
> Roy Sigurd Karlsbakk, Datavaktmester
> ProntoTV AS - http://www.pronto.tv/
> Tel: +47 9801 3356
>
> Computers are like air conditioners.
> They stop working when you open Windows.
>
>

Re: pptp+masq fsckup! PLEASE help...

[Roy Sigurd Karlsbakk]

hi

it now works fine AFAICS with iptables-1.2.7a.
however - I have some intermittent errors with the 802.1q VLAN configuration. 
suddenly the machine is unreachable, and suddenly it's back there again. 
Dunno why, but it might be that #¤(/#!!$@£ D-Link switch

On Tuesday 07 January 2003 16:54, Diego Sarasua wrote:
> Roy ! - i was trying to compile the kernel 2.4.20 and i have the same
> problem that U have ..... really i don´t know why.
> But , becuase i really need the solution quicly as U need too.I was trying
> with another kernels , and i was surprised because the same thing that
> happends on 2.4.20 dont happend on  2.4.17 , and now im using that kernel
> and it works awesome.-
> i know thath is not an correctly solution ok ?
> but IT works Correctly .- Why ? really dont know , if U can givme an ftp or
> something  i have a 2.4.17 already patched i can upload it to You.-
>
>
> p/d : I know thats is not a right way , but i U need a solution now , that
> help i can give U , as I say U before , i have a 2.4.20 kernel working ,
> but when i try to make the same compilation in another machine , i don't
> know waths go wrong... and invalid arguments apears.....
>
> Thats all
> Please forgive my very bad english
> Diego  : )
> San Juan
> Sol y buen Vino (Sun , and very good Wines)
>
> ----- Original Message -----
> From: "Roy Sigurd Karlsbakk" <roy@karlsbakk.net>
> To: "Netfilter mailinglist" <netfilter@lists.netfilter.org>
> Sent: Monday, January 06, 2003 3:26 PM
> Subject: pptp+masq fsckup! PLEASE help...
>
> > hi all
> >
> > still I can't make it
> >
> > compiled in the patch at http://roeder.goe.net/~koepi/newnat.html, as
>
> Diego
>
> > Sarasua pointed to, but getting the same ole crap as the only time I've
>
> ever
>
> > managed to patch-o-maticize the kernel. As I try to add the following
>
> rule, I
>
> > just get an 'invalid argument' message. The following shows an strace of
> > iptables.
> >
> > thanks
> >
> > roy
> >
> > nyfw:~# strace iptables -t nat -A POSTROUTING -s
>
> 192.168.0.0/255.255.0.0 -d !
>
> > 192.168.0.0/255.255.0.0 -j MASQUERADE
> > execve("/sbin/iptables", ["iptables", "-t", "nat", "-A", "POSTROUTING",
>
> "-s",
>
> > "192.168.0.0/255.255.0.0", "-d", "!", "192.168.0.0/255.255.0.0", "-j",
> > "MASQUERADE"], [/* 13 vars */]) = 0
> > uname({sys="Linux", node="nyfw", ...})  = 0
> > brk(0)                                  = 0x8056a5c
> > open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or
> > directory)
> > open("/etc/ld.so.cache", O_RDONLY)      = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=11871, ...}) = 0
> > old_mmap(NULL, 11871, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000
> > close(3)                                = 0
> > open("/lib/libdl.so.2", O_RDONLY)       = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0T\27\0\000"...,
>
> 1024)
>
> > = 1024
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=8008, ...}) = 0
> > old_mmap(NULL, 11004, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
> > 0x40017000 mprotect(0x40019000, 2812, PROT_NONE)   = 0
> > old_mmap(0x40019000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
> > 3, 0x1000) = 0x40019000
> > close(3)                                = 0
> > open("/lib/libc.so.6", O_RDONLY)        = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\30\222"...,
> > 1024)
>
> =
>
> > 1024
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=1153784, ...}) = 0
> > old_mmap(NULL, 1166560, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) =
>
> 0x4001a000
>
> > mprotect(0x4012d000, 40160, PROT_NONE)  = 0
> > old_mmap(0x4012d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
>
> 3,
>
> > 0x113000) = 0x4012d000
> > old_mmap(0x40133000, 15584, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40133000
> > close(3)                                = 0
> > old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>
> 0) =
>
> > 0x40137000
> > munmap(0x40014000, 11871)               = 0
> > brk(0)                                  = 0x8056a5c
> > brk(0x8056a94)                          = 0x8056a94
> > brk(0x8057000)                          = 0x8057000
> > open("/lib/iptables/libipt_MASQUERADE.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\4\0"...,
>
> 1024) =
>
> > 1024
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=3276, ...}) = 0
> > old_mmap(NULL, 6720, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40014000
> > mprotect(0x40015000, 2624, PROT_NONE)   = 0
> > old_mmap(0x40015000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED,
> > 3,
>
> 0)
>
> > = 0x40015000
> > close(3)                                = 0
> > socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> > getsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], [84]) = 0
> > brk(0x8058000)                          = 0x8058000
> > getsockopt(3, SOL_IP, 0x41 /* IP_??? */, [7627118], [656]) = 0
> > setsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], 876) = -1 EINVAL
>
> (Invalid
>
> > argument)
> > write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> > ) = 27
> > _exit(1)                                = ?
> >
> > --
> > Roy Sigurd Karlsbakk, Datavaktmester
> > ProntoTV AS - http://www.pronto.tv/
> > Tel: +47 9801 3356
> >
> > Computers are like air conditioners.
> > They stop working when you open Windows.

-- 
Roy Sigurd Karlsbakk, Datavaktmester
ProntoTV AS - http://www.pronto.tv/
Tel: +47 9801 3356

Computers are like air conditioners.
They stop working when you open Windows.