* -m physdev iptables: Invalid Argument
@ 2003-10-24 18:13 Dirk Morris
2003-10-24 23:41 ` Patrick McHardy
0 siblings, 1 reply; 10+ messages in thread
From: Dirk Morris @ 2003-10-24 18:13 UTC (permalink / raw)
To: netfilter-devel
I'm running 2.6.0-test8 using the -m physdev --physdev-in (or
--physdev-out) and I'm getting invalid argument.
This is with iptables 1.2.9-rc1.
This problem is referenced in a couple places on the web:
http://small.dropbear.id.au/docs/adslfirewall.html
Is this a bug? (if so I can do a formal bug report)
Or has this functionality been dropped?
If so, how can I filter based on the ethernet device of a bridged packet?
~/ # sudo /sbin/iptables -m physdev -t mangle -A FORWARD --physdev-in
eth0 -p udp --source 10.0.0.0/255.255.255.0 --destination-port 7:7 -j
DIVERT --to-port 20259
iptables: Invalid argument
~/ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING --physdev-in
eth0 -p tcp --source 10.0.0.0/255.255.255.0 --destination-port 7:7 -j
REDIRECT --to-port 20259
iptables: Invalid argument
-dmorris
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: -m physdev iptables: Invalid Argument
2003-10-24 18:13 -m physdev iptables: Invalid Argument Dirk Morris
@ 2003-10-24 23:41 ` Patrick McHardy
2003-10-25 0:02 ` Dirk Morris
0 siblings, 1 reply; 10+ messages in thread
From: Patrick McHardy @ 2003-10-24 23:41 UTC (permalink / raw)
To: Dirk Morris; +Cc: netfilter-devel
Dirk Morris wrote:
> ~/ # sudo /sbin/iptables -m physdev -t mangle -A FORWARD --physdev-in
> eth0 -p udp --source 10.0.0.0/255.255.255.0 --destination-port 7:7 -j
> DIVERT --to-port 20259
> iptables: Invalid argument
>
Try to order the arguments properly then you will have no problems.
Regards,
Patrick
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: -m physdev iptables: Invalid Argument
2003-10-24 23:41 ` Patrick McHardy
@ 2003-10-25 0:02 ` Dirk Morris
2003-10-25 0:12 ` Patrick McHardy
0 siblings, 1 reply; 10+ messages in thread
From: Dirk Morris @ 2003-10-25 0:02 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
>
>
>> ~/ # sudo /sbin/iptables -m physdev -t mangle -A FORWARD --physdev-in
>> eth0 -p udp --source 10.0.0.0/255.255.255.0 --destination-port 7:7
>> -j DIVERT --to-port 20259
>> iptables: Invalid argument
>>
> Try to order the arguments properly then you will have no problems.
>
I give up.
Care to enlighen us?
~ # sudo /sbin/iptables -m physdev -t nat --physdev-in eth0 -A
PREROUTING -p tcp --destination-port 7:7 -j REDIRECT --to-port 20257
iptables: Invalid argument
~ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING --physdev-in
eth0 -p tcp --destination-port 7:7 -j REDIRECT --to-port 20257
iptables: Invalid argument
~ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING -p tcp
--physdev-in eth0 --destination-port 7:7 -j REDIRECT --to-port 20257
iptables: Invalid argument
~ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING -p tcp
--destination-port 7:7 --physdev-in eth0 -j REDIRECT --to-port 20257
iptables: Invalid argument
~ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING -p tcp
--destination-port 7:7 -j REDIRECT --physdev-in eth0 --to-port 20257
iptables: Invalid argument
~ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING -p tcp
--destination-port 7:7 -j REDIRECT --to-port 20257 --physdev-in eth0
iptables: Invalid argument
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: -m physdev iptables: Invalid Argument
2003-10-25 0:02 ` Dirk Morris
@ 2003-10-25 0:12 ` Patrick McHardy
2003-10-25 0:26 ` Dirk Morris
0 siblings, 1 reply; 10+ messages in thread
From: Patrick McHardy @ 2003-10-25 0:12 UTC (permalink / raw)
To: Dirk Morris; +Cc: netfilter-devel
Dirk Morris wrote:
> I give up.
> Care to enlighen us?
I care to enlighten you ..
> ~ # sudo /sbin/iptables -m physdev -t nat --physdev-in eth0 -A
> PREROUTING -p tcp --destination-port 7:7 -j REDIRECT --to-port 20257
> iptables: Invalid argument
-m phydev --phsydev-in eth0
> ~ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING --physdev-in
> eth0 -p tcp --destination-port 7:7 -j REDIRECT --to-port 20257
> iptables: Invalid argument
same here
> ~ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING -p tcp
> --physdev-in eth0 --destination-port 7:7 -j REDIRECT --to-port 20257
> iptables: Invalid argument
same here, additionally -p tcp --destination-port
> ~ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING -p tcp
> --destination-port 7:7 --physdev-in eth0 -j REDIRECT --to-port 20257
> iptables: Invalid argument
same here
> ~ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING -p tcp
> --destination-port 7:7 -j REDIRECT --physdev-in eth0 --to-port 20257
> iptables: Invalid argument
same here, additionally REDIRECT --to-port
> ~ # sudo /sbin/iptables -m physdev -t nat -A PREROUTING -p tcp
> --destination-port 7:7 -j REDIRECT --to-port 20257 --physdev-in eth0
> iptables: Invalid argument
same here
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: -m physdev iptables: Invalid Argument
2003-10-25 0:12 ` Patrick McHardy
@ 2003-10-25 0:26 ` Dirk Morris
2003-10-25 0:40 ` Patrick McHardy
0 siblings, 1 reply; 10+ messages in thread
From: Dirk Morris @ 2003-10-25 0:26 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
Patrick McHardy wrote:
>> ~ # sudo /sbin/iptables -m physdev -t nat --physdev-in eth0 -A
>> PREROUTING -p tcp --destination-port 7:7 -j REDIRECT --to-port 20257
>> iptables: Invalid argument
>
> -m phydev --phsydev-in eth0
I assume you mean "-m physdev"
~ # sudo /sbin/iptables -m physdev --physdev-in eth0 -t nat -A
PREROUTING -p tcp --destination-port 7:7 -j REDIRECT --to-port
20257
iptables: Invalid argument
Could you please just state the command you are using in a clear manner?
(and a uname -a)
Thanks
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: -m physdev iptables: Invalid Argument
2003-10-25 0:26 ` Dirk Morris
@ 2003-10-25 0:40 ` Patrick McHardy
2003-10-25 1:01 ` Dirk Morris
0 siblings, 1 reply; 10+ messages in thread
From: Patrick McHardy @ 2003-10-25 0:40 UTC (permalink / raw)
To: Dirk Morris; +Cc: netfilter-devel
Dirk Morris wrote:
> I assume you mean "-m physdev"
>
> ~ # sudo /sbin/iptables -m physdev --physdev-in eth0 -t nat -A
> PREROUTING -p tcp --destination-port 7:7 -j REDIRECT --to-port
> 20257 iptables: Invalid
> argument
>
> Could you please just state the command you are using in a clear manner?
> (and a uname -a)
>
Yes I do. Just give the proper arguments to matches without òther
stuff in between (which means physdev arg to phydev match,
destination-port arg to tcp/udp protocol match, --to-port
arg to REDIRECT) and try again. If that doesn't work, try to find
out which of the matches doesn't work and if reordering
of matches+their arguments helps (I've seen matches only working
if they were last in command line).
Regards,
Patrick
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: -m physdev iptables: Invalid Argument
2003-10-25 0:40 ` Patrick McHardy
@ 2003-10-25 1:01 ` Dirk Morris
2003-10-25 9:21 ` Willy Tarreau
0 siblings, 1 reply; 10+ messages in thread
From: Dirk Morris @ 2003-10-25 1:01 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel
Patrick McHardy wrote:
>>
>>
>> ~ # sudo /sbin/iptables -m physdev --physdev-in eth0 -t nat -A
>> PREROUTING -p tcp --destination-port 7:7 -j REDIRECT --to-port
>> 20257 iptables: Invalid
>> argument
>>
>> Could you please just state the command you are using in a clear manner?
>> (and a uname -a)
>>
>
> Yes I do. Just give the proper arguments to matches without òther
> stuff in between (which means physdev arg to phydev match,
> destination-port arg to tcp/udp protocol match, --to-port
> arg to REDIRECT) and try again. If that doesn't work, try to find
> out which of the matches doesn't work and if reordering
> of matches+their arguments helps (I've seen matches only working
> if they were last in command line).
>
~/iptables-1.2.9rc1 # ./iptables
--version
iptables v1.2.9rc1
~/iptables-1.2.9rc1 # uname
-a
Linux timmy 2.6.0-test8 #2 Wed Oct 22 15:14:09 PDT 2003 i686 GNU/Linux
I don't know what else to try at this point.
~/iptables-1.2.9rc1 # sudo ./iptables -t nat -A PREROUTING -m physdev
--physdev-in eth0 -j REJECT
iptables: Invalid argument
~/iptables-1.2.9rc1 # sudo ./iptables -t nat -A PREROUTING -j REJECT -m
physdev --physdev-in eth0
iptables: Invalid argument
At this point, If it actually does work and is just this this hard to
use, I would consider it an interface bug.
Either way, after a quick google, its too hard for other people to get
working also.
But as far as i can tell its not a parsing bug, but iptc_append_entry
returns -1.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: -m physdev iptables: Invalid Argument
2003-10-25 1:01 ` Dirk Morris
@ 2003-10-25 9:21 ` Willy Tarreau
2003-10-25 9:38 ` Bart De Schuymer
0 siblings, 1 reply; 10+ messages in thread
From: Willy Tarreau @ 2003-10-25 9:21 UTC (permalink / raw)
To: Dirk Morris; +Cc: Patrick McHardy, netfilter-devel
On Fri, Oct 24, 2003 at 06:01:55PM -0700, Dirk Morris wrote:
> ~/iptables-1.2.9rc1 # ./iptables
> --version
> iptables v1.2.9rc1
> ~/iptables-1.2.9rc1 # uname
> -a
> Linux timmy 2.6.0-test8 #2 Wed Oct 22 15:14:09 PDT 2003 i686 GNU/Linux
>
> I don't know what else to try at this point.
>
> ~/iptables-1.2.9rc1 # sudo ./iptables -t nat -A PREROUTING -m physdev
> --physdev-in eth0 -j REJECT
> iptables: Invalid argument
> ~/iptables-1.2.9rc1 # sudo ./iptables -t nat -A PREROUTING -j REJECT -m
> physdev --physdev-in eth0
> iptables: Invalid argument
Just out of curiosity, are you sure it's not the REJECT which causes the
invalid argument ?
could you try :
- iptables -t nat -A PREROUTING -m physdev --physdev-in eth0 -j DROP
- iptables -t nat -A PREROUTING -j REJECT
and check which one returns an error ?
Was your iptables-1.2.9rc1 compiled with 2.6.0test8 headers or with 2.4
headers ? it might make a difference.
Regards,
Willy
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: -m physdev iptables: Invalid Argument
2003-10-25 9:21 ` Willy Tarreau
@ 2003-10-25 9:38 ` Bart De Schuymer
2003-10-25 18:12 ` dmorris
0 siblings, 1 reply; 10+ messages in thread
From: Bart De Schuymer @ 2003-10-25 9:38 UTC (permalink / raw)
To: Willy Tarreau, Dirk Morris; +Cc: Patrick McHardy, netfilter-devel
On Saturday 25 October 2003 11:21, Willy Tarreau wrote:
> Was your iptables-1.2.9rc1 compiled with 2.6.0test8 headers or with 2.4
> headers ? it might make a difference.
That's indeed the problem, I've just sent a patch on this list that resolves
this.
cheers,
Bart
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2003-10-25 18:12 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-10-24 18:13 -m physdev iptables: Invalid Argument Dirk Morris
2003-10-24 23:41 ` Patrick McHardy
2003-10-25 0:02 ` Dirk Morris
2003-10-25 0:12 ` Patrick McHardy
2003-10-25 0:26 ` Dirk Morris
2003-10-25 0:40 ` Patrick McHardy
2003-10-25 1:01 ` Dirk Morris
2003-10-25 9:21 ` Willy Tarreau
2003-10-25 9:38 ` Bart De Schuymer
2003-10-25 18:12 ` dmorris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.