SNAT "invalid argument"

SNAT "invalid argument"

[Whit Blauvelt]

Hi,

I've been using SNAT for some time on several systems. However on a system I
just built I get the following response:

# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4
iptables: Invalid argument

That's with 1.2.3.4 replaced by a real IP (or not).

This is driving me up the wall since "Full NAT"  support is compiled into
the 2.4.21 kernel. The iptables version is 1.2.8. The only thing different
in the kernel options from what I've used before is that I also included
"NAT of local connections" - haven't tried to use that yet though. 

iptables is otherwise working fine. -j MASQUERADE (also compiled in) also
gives me an "Invalid argument" - so it does look like something's wrong in
the NAT section, but damned if I know what.

Whit

Re: SNAT "invalid argument"

[David Busby]

In this doc
http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-6.html#ss6.1 it says
use --to-source, not --to

/B
----- Original Message ----- 
From: "Whit Blauvelt" <whit@transpect.com>
To: <netfilter@lists.netfilter.org>
Sent: Monday, August 04, 2003 11:56
Subject: SNAT "invalid argument"


> Hi,
>
> I've been using SNAT for some time on several systems. However on a system
I
> just built I get the following response:
>
> # iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4
> iptables: Invalid argument
>
> That's with 1.2.3.4 replaced by a real IP (or not).
>
> This is driving me up the wall since "Full NAT"  support is compiled into
> the 2.4.21 kernel. The iptables version is 1.2.8. The only thing different
> in the kernel options from what I've used before is that I also included
> "NAT of local connections" - haven't tried to use that yet though.
>
> iptables is otherwise working fine. -j MASQUERADE (also compiled in) also
> gives me an "Invalid argument" - so it does look like something's wrong in
> the NAT section, but damned if I know what.
>
> Whit
>

Re: SNAT "invalid argument"

[Whit Blauvelt]

Hi David,

Interesting, since in this document:

http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-6.html#ss6.1

I read (and directly paste from there):

## Change source addresses to 1.2.3.4.
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4

But anyway:

# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 207.136.236.68
iptables: Invalid argument

And also:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables: Invalid argument

Now, that second failure has nothing to do with whether the current syntax
is --to (per the HOWTO I see) or --to-source (per the version you report).
The root of both problems is bound to be the same here.

How you're seeing different text in the same document on the official site
(and with Rusty's name on it) is curious. In any case the problem I'm seeing
has a different basis. ;(

Whit

On Mon, Aug 04, 2003 at 12:08:38PM -0700, David Busby wrote:
> In this doc
> http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-6.html#ss6.1 it says
> use --to-source, not --to
> 
> /B
> ----- Original Message ----- 
> From: "Whit Blauvelt" <whit@transpect.com>
> To: <netfilter@lists.netfilter.org>
> Sent: Monday, August 04, 2003 11:56
> Subject: SNAT "invalid argument"
> 
> 
> > Hi,
> >
> > I've been using SNAT for some time on several systems. However on a system
> I
> > just built I get the following response:
> >
> > # iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4
> > iptables: Invalid argument
> >
> > That's with 1.2.3.4 replaced by a real IP (or not).
> >
> > This is driving me up the wall since "Full NAT"  support is compiled into
> > the 2.4.21 kernel. The iptables version is 1.2.8. The only thing different
> > in the kernel options from what I've used before is that I also included
> > "NAT of local connections" - haven't tried to use that yet though.
> >
> > iptables is otherwise working fine. -j MASQUERADE (also compiled in) also
> > gives me an "Invalid argument" - so it does look like something's wrong in
> > the NAT section, but damned if I know what.
> >
> > Whit
> >

Re: SNAT "invalid argument"

[Martin Josefsson]

This has been asked several times on this list.
And I've answered it several time as well.

Recompile the iptables program against your new kernel.
Some major changes were made in the 2.4.21 kernel that requires this
recompile.

-- 
/Martin

Re: SNAT "invalid argument"

[Whit Blauvelt]

On Mon, Aug 04, 2003 at 11:45:49PM +0200, Martin Josefsson wrote:
> This has been asked several times on this list.
> And I've answered it several time as well.

Thanks Martin. I wasn't subscribed until today, and looking back a couple of
months in the archives didn't see any message titles that obviously
pertained.

> Recompile the iptables program against your new kernel.
> Some major changes were made in the 2.4.21 kernel that requires this
> recompile.

I'll do that presently. This seems to be a dependency that the Gentoo crew
aren't familiar with.

Whit

Re: SNAT "invalid argument"

[Whit Blauvelt]

On Mon, Aug 04, 2003 at 11:45:49PM +0200, Martin Josefsson wrote:

> recompile.

Fixed it! Thanks again.

Whit