* local NAT; reconfigured kernel, problems still
@ 2008-03-31 21:06 Noino
2008-03-31 21:14 ` Eljas Alakulppi
0 siblings, 1 reply; 5+ messages in thread
From: Noino @ 2008-03-31 21:06 UTC (permalink / raw)
To: netfilter
Dear List,
I recompiled my Linux 2.6.5 kernel, adding the option required for local NAT
.
Am still encountering problems nonetheless. I wonder whether I shouldn't
compile the iptables program itself from source, too.
Else why do I get "invalid argument" here ? (same without "-o lo") :
___________________________________________________________________________
# iptables -t nat -A OUTPUT -o lo -p udp --dport 53 -j DNAT --to-destination
:10053
iptables: Invalid argument
#
____________________________________________________________________________
--
Noino
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: local NAT; reconfigured kernel, problems still
2008-03-31 21:06 Noino
@ 2008-03-31 21:14 ` Eljas Alakulppi
0 siblings, 0 replies; 5+ messages in thread
From: Eljas Alakulppi @ 2008-03-31 21:14 UTC (permalink / raw)
To: Noino, netfilter
Hey.
1. Are you trying to redirect traffic directed to port 53 to port 10053?
Use REDIRECT target.
http://www.linuxtopia.org/Linux_Firewall_iptables/x4508.html
2. DNAT requires destination IP as well.
Noino <mg8c1zu02@sneakemail.com> kirjoitti Tue, 01 Apr 2008 00:06:08 +0300:
> Dear List, I recompiled my Linux 2.6.5 kernel, adding the option
> required for local NAT . Am still encountering problems nonetheless. I
> wonder whether I shouldn't compile the iptables program itself from
> source, too. Else why do I get "invalid argument" here ? (same without
> "-o lo") :
> ___________________________________________________________________________
> # iptables -t nat -A OUTPUT -o lo -p udp --dport 53 -j DNAT
> --to-destination :10053
> iptables: Invalid argument
> #
> ____________________________________________________________________________
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: local NAT; reconfigured kernel, problems still
@ 2008-04-01 9:40 Noino
2008-04-01 11:00 ` Georgi Georgiev
0 siblings, 1 reply; 5+ messages in thread
From: Noino @ 2008-04-01 9:40 UTC (permalink / raw)
To: netfilter
Eljas Alakulppi wrote :
> 1. Are you trying to redirect traffic directed to port 53 to port 10053?
> Use REDIRECT target.
This is overwhelming :-( would you (collective) be so kind as to write out
the needed rule(s) so I can leave you to rest at last ?
>> iptables -t nat -A OUTPUT -o lo -p udp --dport 53 -j DNAT
>> --to-destination :10053
>> iptables: Invalid argument
> 2. DNAT requires destination IP as well.
OK, if I replace an explicit --to-destination 127.0.0.1:10053 , still I'm
getting "Invalid argument" !
Is that diag what you would get ? I suspect my iptables may be out of sync
with my kernel, which is why I dare reiterate my question...
TYVM
--
Noino
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: local NAT; reconfigured kernel, problems still
2008-04-01 9:40 local NAT; reconfigured kernel, problems still Noino
@ 2008-04-01 11:00 ` Georgi Georgiev
2008-04-01 16:15 ` Noino
0 siblings, 1 reply; 5+ messages in thread
From: Georgi Georgiev @ 2008-04-01 11:00 UTC (permalink / raw)
To: netfilter
maillog: 01/04/2008-11:40:14(+0200): Noino types
> Eljas Alakulppi wrote :
>> 1. Are you trying to redirect traffic directed to port 53 to port 10053?
>> Use REDIRECT target.
>
> This is overwhelming :-( would you (collective) be so kind as to write out
> the needed rule(s) so I can leave you to rest at last ?
>>> iptables -t nat -A OUTPUT -o lo -p udp --dport 53 -j DNAT
>>> --to-destination :10053
>>> iptables: Invalid argument
>> 2. DNAT requires destination IP as well.
>
> OK, if I replace an explicit --to-destination 127.0.0.1:10053 , still I'm
> getting "Invalid argument" !
> Is that diag what you would get ? I suspect my iptables may be out of sync
> with my kernel, which is why I dare reiterate my question...
> TYVM
Maybe it is the "-p udp" that is causing the message. Does -j LOG
(instead of -j DNAT --to-destination) work? If it does not, then you
need to add "-m udp" in front of "-p udp".
--
(* Georgi Georgiev (* "If anything can go wrong, it will." -- (*
*) chutz@gg3.net *) Edsel Murphy *)
(* http://www.gg3.net/ (* (*
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: local NAT; reconfigured kernel, problems still
2008-04-01 11:00 ` Georgi Georgiev
@ 2008-04-01 16:15 ` Noino
0 siblings, 0 replies; 5+ messages in thread
From: Noino @ 2008-04-01 16:15 UTC (permalink / raw)
To: netfilter
Georgi Georgiev writes :
>>>> iptables -t nat -A OUTPUT -o lo -p udp --dport 53 -j DNAT
>>>> --to-destination :10053
>>>> iptables: Invalid argument
> Maybe it is the "-p udp" that is causing the message. Does -j LOG
> (instead of -j DNAT --to-destination) work? If it does not, then you
> need to add "-m udp" in front of "-p udp".
"-j LOG" does not yield an error message; the above rule, with the addition
of "-m udp" gives the same error as without it.
I think my last trial will be compiling a fresh iptables in replacement of
the version that came with my SUSE (originally kernel was 2.6.4, updated to
2.6.5. Maybe low level structures have changed, just a guess of course)
Again, what version number should I be getting from the iptables archive ?
--
Noino
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-04-01 16:15 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-04-01 9:40 local NAT; reconfigured kernel, problems still Noino
2008-04-01 11:00 ` Georgi Georgiev
2008-04-01 16:15 ` Noino
-- strict thread matches above, loose matches on Subject: below --
2008-03-31 21:06 Noino
2008-03-31 21:14 ` Eljas Alakulppi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox