Re: Regarding Linux (RedHat v7.2/2.4.7-10 Kernel) and Echolink!

[Kelly Black <kelly.black@penguinpackets.com>]

On Wed, 2003-01-01 at 16:17, Bill Walton wrote:
> Hello Everyone - Happy New Year!
SNIP---
> base.  The "iptables" commands necessary to make Echolink work are:
> 
> Iptables -t nat -A PREROUTING -d (exit IP) -p udp --dport 5198 -i eth0 
> -j DNAT
> --to-destination (IP of machine where echolink resides)
> 
> The above command is repeated of course for udp port 5199.  IPtables has 
> been
> compiled into my kernel but when I try to enter the above "iptables" 
> command I
> get the following:
> 
> /lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: 
> init_module: device or
> resource busy.
> 

Bill, I did a google search for the error and found this suggestion that
the user that had the problem said worked for him.

------------------

service ipchains stop
chkconfig --level 345 ipchains off
rmmod ipchains

insmod ip_tables
chkconfig --level 345 iptables on

------------------

Looks like ipchains is fighting with iptables and can't be loaded at the
same time?  You probably have to remove the old to add ipchains service
to add the iptables service.

As to the PREROUTING rules.  The rules look ok for boxes connecting to
the echolink box from the outside, but you have to add a rule for the
internal boxes trying to get to the echolink box so your source and
desitination IP addresses are not the same after they are Masqueraded. 
You can make sure the internal boxes know about the echolink box by
adding a resolvable name to your hosts file on your 98 boxes that tells
the internal interface to talk to the echolink box with (so you don't do
a resolve to the external routeable IP and end up with the situation
that the source IP = destination IP after Masq operation).

Hope this makes sense, and or helps you.

Kelly
KB0GBJ