* Where libipt_MASQ.so (???)
@ 2003-08-04 16:48 Jesús García Crespo (aka Sevein)
2003-08-04 17:38 ` flaq
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Jesús García Crespo (aka Sevein) @ 2003-08-04 16:48 UTC (permalink / raw)
To: netfilter
Hi! Im tired because I have tryed to run iptables on my system too
times. The problem is that I dont have the dynamic library
/lib/iptables/libipt_MASQ.so, but anybody have it!
I use Gentoo Linux on kernel 2.4.20. I have compiled all netfilter
options as modules althoun I tried also installing it into the kernel
system.
I only want, by now, this rules for the iptables tool:
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -A FORWARD --match mac --mac-source 00:c0:49:c9:d3:f1 -j MASQ
iptables -A FORWARD --match mac --mac-source 00:c0:49:bc:9f:08 -j MASQ
iptables -A FORWARD --match mac --mac-source 00:02:8a:3a:77:b7 -j MASQ
iptables -A FORWARD --match mac --mac-source 00:90:d1:08:19:8d -j MASQ
But the problem is when iptables execute '-j MASQ', telling me that
libipt_MASQ.so doesn't exist. What should I do? I can't find an
explication.
Sorry, but I am from Spain and my English could be poor for you. Try
to understand me, :).
--
Jesús García Crespo (aka Sevein)
http://www.sevein.com
correo@sevein.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Where libipt_MASQ.so (???)
2003-08-04 16:48 Where libipt_MASQ.so (???) Jesús García Crespo (aka Sevein)
@ 2003-08-04 17:38 ` flaq
[not found] ` <1060017482.26856.40.camel@kermit>
2003-08-04 18:05 ` Ralf Spenneberg
2 siblings, 0 replies; 8+ messages in thread
From: flaq @ 2003-08-04 17:38 UTC (permalink / raw)
To: netfilter
Try -j MASQUERADE
Jesús García Crespo (aka Sevein) wrote:
>Hi! Im tired because I have tryed to run iptables on my system too
>times. The problem is that I dont have the dynamic library
>/lib/iptables/libipt_MASQ.so, but anybody have it!
>
>I use Gentoo Linux on kernel 2.4.20. I have compiled all netfilter
>options as modules althoun I tried also installing it into the kernel
>system.
>
>I only want, by now, this rules for the iptables tool:
>
> iptables -P INPUT ACCEPT
> iptables -F INPUT
> iptables -P OUTPUT ACCEPT
> iptables -F OUTPUT
> iptables -P FORWARD DROP
> iptables -F FORWARD
> iptables -A FORWARD --match mac --mac-source 00:c0:49:c9:d3:f1 -j MASQ
> iptables -A FORWARD --match mac --mac-source 00:c0:49:bc:9f:08 -j MASQ
> iptables -A FORWARD --match mac --mac-source 00:02:8a:3a:77:b7 -j MASQ
> iptables -A FORWARD --match mac --mac-source 00:90:d1:08:19:8d -j MASQ
>
>But the problem is when iptables execute '-j MASQ', telling me that
>libipt_MASQ.so doesn't exist. What should I do? I can't find an
>explication.
>
>Sorry, but I am from Spain and my English could be poor for you. Try
>to understand me, :).
>
>--
>Jesús García Crespo (aka Sevein)
>http://www.sevein.com
>correo@sevein.com
>
>
>
>--
>----
>Serwery wirtualne, konta e-mail. Oferta nie do odrzucenia.
>AlphaNet, http://www.cennik.alpha.pl
>----
>
>
>
--
----
Serwery wirtualne, konta e-mail. Oferta nie do odrzucenia.
AlphaNet, http://www.cennik.alpha.pl
----
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Where libipt_MASQ.so (???)
[not found] ` <1060017482.26856.40.camel@kermit>
@ 2003-08-04 17:56 ` Jesús García Crespo (aka Sevein)
2003-08-04 18:09 ` Cedric Blancher
0 siblings, 1 reply; 8+ messages in thread
From: Jesús García Crespo (aka Sevein) @ 2003-08-04 17:56 UTC (permalink / raw)
To: netfilter; +Cc: Ralf Spenneberg
Hola Ralf,
Monday, August 4, 2003 7:18:03 PM, you wrote:
RS> It is called MASQUERADE.
RS> Search and Replace any occurrence of MASQ by MASQUERADE and you are
RS> done.
But the problem is that it can't find libipt_MASQ.so. What I have to
rename or replace? I can't understand you. And... '-j MASQ'? or '-j
MASQUERADE'?
RS> Cheers,
RS> Ralf
--
Jesús García Crespo (aka Sevein)
http://www.sevein.com
correo@sevein.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Where libipt_MASQ.so (???)
2003-08-04 16:48 Where libipt_MASQ.so (???) Jesús García Crespo (aka Sevein)
2003-08-04 17:38 ` flaq
[not found] ` <1060017482.26856.40.camel@kermit>
@ 2003-08-04 18:05 ` Ralf Spenneberg
2003-08-04 18:12 ` Ralf Spenneberg
2 siblings, 1 reply; 8+ messages in thread
From: Ralf Spenneberg @ 2003-08-04 18:05 UTC (permalink / raw)
To: Jesús García Crespo (aka Sevein); +Cc: Netfilter
> iptables -A FORWARD --match mac --mac-source 00:c0:49:c9:d3:f1 -j MASQ
You need:iptables -A FORWARD --match mac --mac-source 00:c0:49:c9:d3:f1
-j MASQUERADE
Cheers,
Ralf
--
Ralf Spenneberg
RHCE, RHCX
Book: Intrusion Detection für Linux Server http://www.spenneberg.com
IPsec-Howto http://www.ipsec-howto.org
Honeynet Project Mirror: http://honeynet.spenneberg.org
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Where libipt_MASQ.so (???)
2003-08-04 17:56 ` Jesús García Crespo (aka Sevein)
@ 2003-08-04 18:09 ` Cedric Blancher
0 siblings, 0 replies; 8+ messages in thread
From: Cedric Blancher @ 2003-08-04 18:09 UTC (permalink / raw)
To: Jesús García Crespo (aka Sevein); +Cc: netfilter, Ralf Spenneberg
Le lun 04/08/2003 à 19:56, Jesús García Crespo (aka Sevein) a écrit :
> But the problem is that it can't find libipt_MASQ.so.
Yes, because you called MASQ target, that does not exist. That's why
iptables is looking for an extension it can't find.
> What I have to rename or replace? I can't understand you. And... '-j
> MASQ'? or '-j MASQUERADE'?
Use "-j MASQUERADE" just as written in the fine Netfilter documentation
(i.e. NAT HOWTO).
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Where libipt_MASQ.so (???)
2003-08-04 18:05 ` Ralf Spenneberg
@ 2003-08-04 18:12 ` Ralf Spenneberg
2003-08-04 18:21 ` Cedric Blancher
0 siblings, 1 reply; 8+ messages in thread
From: Ralf Spenneberg @ 2003-08-04 18:12 UTC (permalink / raw)
To: Jesús García Crespo (aka Sevein); +Cc: Netfilter
Am Mon, 2003-08-04 um 20.05 schrieb Ralf Spenneberg:
> > iptables -A FORWARD --match mac --mac-source 00:c0:49:c9:d3:f1 -j MASQ
> You need:iptables -A FORWARD --match mac --mac-source 00:c0:49:c9:d3:f1
> -j MASQUERADE
This is of course wrong. I take the opportunity to correct myself. I
guess I need more coffee.
Masquerading is done in the nat table in the POSTROUTING or OUTPUT
chain, therefore the line reads:
iptables -t nat -A POSTROUTING --match mac --mac-source \
00:c0:49:c9:d3:f1 -j MASQUERADE
>
> Cheers,
>
> Ralf
--
Ralf Spenneberg
RHCE, RHCX
Book: Intrusion Detection für Linux Server http://www.spenneberg.com
IPsec-Howto http://www.ipsec-howto.org
Honeynet Project Mirror: http://honeynet.spenneberg.org
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Where libipt_MASQ.so (???)
2003-08-04 18:12 ` Ralf Spenneberg
@ 2003-08-04 18:21 ` Cedric Blancher
2003-08-04 18:24 ` Ralf Spenneberg
0 siblings, 1 reply; 8+ messages in thread
From: Cedric Blancher @ 2003-08-04 18:21 UTC (permalink / raw)
To: Ralf Spenneberg; +Cc: Jesús García Crespo (aka Sevein), Netfilter
Le lun 04/08/2003 à 20:12, Ralf Spenneberg a écrit :
> This is of course wrong. I take the opportunity to correct myself. I
> guess I need more coffee.
I offer you another cup [_]D ;))) Or maybe something stronger :P~
> Masquerading is done in the nat table in the POSTROUTING or OUTPUT
> chain,
MASQUERADING and SNAT only occurs in POSTROUTING chain because they have
to be done _after_ last routing point. In OUTPUT chain, you can DNAT,
not SNAT or MASQUERADING :
cbr@elendil:~$ sudo iptables -t nat -A OUTPUT -j MASQUERADE
iptables: Invalid argument
> therefore the line reads:
> iptables -t nat -A POSTROUTING --match mac --mac-source \
> 00:c0:49:c9:d3:f1 -j MASQUERADE
Source MAC is no more available in POSTROUTING :
cbr@elendil:~$ sudo iptables -t nat -A POSTROUTING -m mac
--mac-source 00:c0:49:c9:d3:f1 -j MASQUERADE
iptables: Invalid argument
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Where libipt_MASQ.so (???)
2003-08-04 18:21 ` Cedric Blancher
@ 2003-08-04 18:24 ` Ralf Spenneberg
0 siblings, 0 replies; 8+ messages in thread
From: Ralf Spenneberg @ 2003-08-04 18:24 UTC (permalink / raw)
To: Cedric Blancher; +Cc: Netfilter
Am Mon, 2003-08-04 um 20.21 schrieb Cedric Blancher:
> Le lun 04/08/2003 à 20:12, Ralf Spenneberg a écrit :
> > This is of course wrong. I take the opportunity to correct myself. I
> > guess I need more coffee.
>
> I offer you another cup [_]D ;))) Or maybe something stronger :P~
I definitely need something stronger. Of course you are right in
pointing out my errors. I guess it is time to go to bed.
Cheers,
Ralf
--
Ralf Spenneberg
RHCE, RHCX
Book: Intrusion Detection für Linux Server http://www.spenneberg.com
IPsec-Howto http://www.ipsec-howto.org
Honeynet Project Mirror: http://honeynet.spenneberg.org
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2003-08-04 18:24 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-04 16:48 Where libipt_MASQ.so (???) Jesús García Crespo (aka Sevein)
2003-08-04 17:38 ` flaq
[not found] ` <1060017482.26856.40.camel@kermit>
2003-08-04 17:56 ` Jesús García Crespo (aka Sevein)
2003-08-04 18:09 ` Cedric Blancher
2003-08-04 18:05 ` Ralf Spenneberg
2003-08-04 18:12 ` Ralf Spenneberg
2003-08-04 18:21 ` Cedric Blancher
2003-08-04 18:24 ` Ralf Spenneberg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox