From: Ray Leach <raymondl@knowledgefactory.co.za>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: an annoying question
Date: Thu, 12 Feb 2004 07:15:33 +0200 [thread overview]
Message-ID: <1076562932.2827.99.camel@raylinux.internal> (raw)
In-Reply-To: <1076541042.6725.54.camel@gb7tf.org.uk>
[-- Attachment #1: Type: text/plain, Size: 1787 bytes --]
On Thu, 2004-02-12 at 02:10, Richard Bown wrote:
> On Wed, 2004-02-11 at 22:14, Cedric Blancher wrote:
> > Le mer 11/02/2004 à 22:53, Richard Bown a écrit :
> > > I suspect from the results I've seen running 2.6.2 with iptables-1.2.9
> > > that the handling of DNAT & SNAT is very different.
> >
> > Afaik, from a user point of vue, there's no difference between 2.4 and
> > 2.6. I'm using a 2.6.1 kernel on which all the scripts I've written for
> > 2.4 kernels are working just the way they did before, for filtering,
> > mangling and nating...
> >
> > What kind of results makes you believe there are major differences on
> > NAT handling ?
> >
> Hi Cedric
> I'm using MDK 9.2 and iptables-1.2.9-4mdk plus shorewall 1.4.8-3mdk with
> kernel 2.4.22-26mddk
>
>
> when trying to run with kernel -2.6.2 shorewall stopped after an iptable
> invalid argument o n a rule starting DNAT.
> That rule was hashed out and all rules loaded , until the masq section
> which again halted shorewall.
Sounds like your kernel config doesn't have MASQ and/or NAT support. You
need to recompile the kernel with those options included.
> I tried an iptables -F to flush out all rules and allow networking but
> no avail.
> I really would like to knoqw whats happening so I understand what to do.
>
> Richard
> > One big difference is bridge interfaces handling, as physical interfaces
> > cannot get matched using -i/-o switches anymore (br0 is seen through
> > them) so you have to use physdev match.
--
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28
--
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-02-12 5:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-11 21:53 an annoying question Richard Bown
2004-02-11 22:14 ` Cedric Blancher
2004-02-12 0:10 ` Richard Bown
2004-02-12 5:15 ` Ray Leach [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-02-12 0:33 Carl Farrington
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1076562932.2827.99.camel@raylinux.internal \
--to=raymondl@knowledgefactory.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.