iptables: Unknown error 4294967295

iptables: Unknown error 4294967295

[Samuel Díaz García]

With:
    iptables 1.3.5
    linux 2.6.16.1 and 2.6.16-git8
    today's pom-ng

I'm having problems with some matches:
    connlimit
    ipp2p 0.8.1_rc1

When compiling, I can see many "signed//unsigned comparision warnings" 
(don't remember exactly the warning).

In dmesg I see things as:

Mar 31 05:18:04 fraile kernel: [17180340.932000] ip_tables: connlimit 
match: invalid size 0 != 16
Mar 31 05:54:00 fraile kernel: [17182487.628000] ip_tables: ipp2p match: 
invalid size 0 != 8
Mar 31 05:54:00 fraile kernel: [17182487.668000] ip_tables: layer7 
match: invalid size 0 != 8452

Any help/patch/suggestion?

Thanks

-- 
    Samuel Díaz García

Re: iptables: Unknown error 4294967295

[Samuel Díaz García]

Any idea at least?

Samuel Díaz García escribió:
> With:
>    iptables 1.3.5
>    linux 2.6.16.1 and 2.6.16-git8
>    today's pom-ng
> 
> I'm having problems with some matches:
>    connlimit
>    ipp2p 0.8.1_rc1
> 
> When compiling, I can see many "signed//unsigned comparision warnings" 
> (don't remember exactly the warning).
> 
> In dmesg I see things as:
> 
> Mar 31 05:18:04 fraile kernel: [17180340.932000] ip_tables: connlimit 
> match: invalid size 0 != 16
> Mar 31 05:54:00 fraile kernel: [17182487.628000] ip_tables: ipp2p match: 
> invalid size 0 != 8
> Mar 31 05:54:00 fraile kernel: [17182487.668000] ip_tables: layer7 
> match: invalid size 0 != 8452
> 
> Any help/patch/suggestion?
> 
> Thanks
> 

-- 
    Samuel Díaz García

iptables: Unknown error 4294967295

[azeredo]

    Hi,


   I am using Centos for gateway in a small private net in my work. I  
SNAT all outgoing traffic to the internet from the computers in the  
local private net. Besides the usual routing services, i use it for  
two important things:

      PPTPD SERVER for outside VPN tunnels to the local net
      VPN connections coming from the private net to a VPN ( PPTPD)  
server in the internet going through NAT at the linux box.

   So i need the following modules:

      ppp_mppe
      ip_conntrack_pptp
      ip_conntrack_proto_gre
      ip_nat_pptp
      ip_nat_proto_gre

   So I took a kernel source from ( Centos 4.3:  
kernel-2.6.9-34.EL.src.rpm also from RHEL4 too)
   build the kernel source, patched with

   linux-2.6.9-mppe-mppc-1.2.patch.gz
   patch-o-matic-ng-20060510

   add iptables-1.3.5  from netfilter

   configured as it was from the distro plus the necessary modules to work
    (my config may be seen at the end of this email).

    Then I compiled the kernel and  iptables too, installed both, and  
everything goes well except when I try to start the firewall

  more especifically the rule

     /usr/local/sbin/iptables  -t nat -A POSTROUTING -o eth1 -j SNAT  
--to-source  my_gateway_ip

   and get the following error

    iptables: Unknown error 4294967295

   The same iptables work fine with the kernel from the distro.
    Any help would be much appreciated.  Thanks in advance.
   I also had tried to use the usual kernel   
(kernel-2.6.9-34.EL.i586.rpm) from    the distro plus the modules


kernel-module-ppp-1.0.2-2_2.6.9_34.EL.i586.rpm
kernel-module-pptp-conntrack-nat-2.0-1_2.6.9_34.EL.i586.rpm

   that were compiled for that kernel. Unfortunately when i load the  
mnodule ip_nat_pptp the connections from the net to my private net  
stop working, as if this module were interfering with ppp_mppe module.  
I cannot start any VPN connection unless I unload module ip_nat_pptp.

   My kernel works fine except that i do not have my firewall properly working.

   It follows part of my .config file ( at least what really is  
important i guess:if needed i will mail the whole file)



#
# Networking support
#
CONFIG_NET=y

#
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
CONFIG_NETLINK_DEV=y
CONFIG_UNIX=y
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPGRE_BROADCAST=y
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
# CONFIG_ARPD is not set
CONFIG_SYN_COOKIES=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m

#
# IP: Virtual Server Configuration
#
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12

#
# IPVS transport protocol load balancing support
#
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y

#
# IPVS scheduler
#
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m

#
# IPVS application helper
#
CONFIG_IP_VS_FTP=m
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_INET6_TUNNEL=m
CONFIG_IPV6_TUNNEL=m
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_BRIDGE_NETFILTER=y

#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_CT_ACCT=y
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_PHYSDEV=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_REALM=m
CONFIG_IP_NF_MATCH_SCTP=m
CONFIG_IP_NF_MATCH_COMMENT=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_LOCAL=y
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_TARGET_NOTRACK=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set
CONFIG_IP_NF_CT_PROTO_GRE=m
CONFIG_IP_NF_PPTP=m
CONFIG_IP_NF_NAT_PPTP=m
CONFIG_IP_NF_NAT_PROTO_GRE=m

#
# IPv6: Netfilter Configuration
#
# CONFIG_IP6_NF_QUEUE is not set
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_LIMIT=m
CONFIG_IP6_NF_MATCH_MAC=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_MULTIPORT=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_MARK=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AHESP=m
CONFIG_IP6_NF_MATCH_LENGTH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_MATCH_PHYSDEV=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_MARK=m
CONFIG_IP6_NF_RAW=m

#
# Bridge: Netfilter Configuration
#
CONFIG_BRIDGE_NF_EBTABLES=m
CONFIG_BRIDGE_EBT_BROUTE=m
CONFIG_BRIDGE_EBT_T_FILTER=m
CONFIG_BRIDGE_EBT_T_NAT=m
CONFIG_BRIDGE_EBT_802_3=m
CONFIG_BRIDGE_EBT_AMONG=m
CONFIG_BRIDGE_EBT_ARP=m
CONFIG_BRIDGE_EBT_IP=m
CONFIG_BRIDGE_EBT_LIMIT=m
CONFIG_BRIDGE_EBT_MARK=m
CONFIG_BRIDGE_EBT_PKTTYPE=m
CONFIG_BRIDGE_EBT_STP=m
CONFIG_BRIDGE_EBT_VLAN=m
CONFIG_BRIDGE_EBT_ARPREPLY=m
CONFIG_BRIDGE_EBT_DNAT=m
CONFIG_BRIDGE_EBT_MARK_T=m
CONFIG_BRIDGE_EBT_REDIRECT=m
CONFIG_BRIDGE_EBT_SNAT=m
CONFIG_BRIDGE_EBT_LOG=m
CONFIG_XFRM=y
CONFIG_XFRM_USER=y

#
# SCTP Configuration (EXPERIMENTAL)
#
CONFIG_IP_SCTP=m
# CONFIG_SCTP_DBG_MSG is not set
# CONFIG_SCTP_DBG_OBJCNT is not set
# CONFIG_SCTP_HMAC_NONE is not set
# CONFIG_SCTP_HMAC_SHA1 is not set
CONFIG_SCTP_HMAC_MD5=y
CONFIG_ATM=m
CONFIG_ATM_CLIP=m
# CONFIG_ATM_CLIP_NO_ICMP is not set
CONFIG_ATM_LANE=m
# CONFIG_ATM_MPOA is not set
CONFIG_ATM_BR2684=m
# CONFIG_ATM_BR2684_IPFILTER is not set
CONFIG_BRIDGE=m
CONFIG_VLAN_8021Q=m
# CONFIG_DECNET is not set
CONFIG_LLC=y
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
CONFIG_NET_DIVERT=y
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set

#
# QoS and/or fair queueing
#
CONFIG_NET_SCHED=y
CONFIG_NET_SCH_CLK_JIFFIES=y
# CONFIG_NET_SCH_CLK_GETTIMEOFDAY is not set
# CONFIG_NET_SCH_CLK_CPU is not set
CONFIG_NET_SCH_CBQ=m
CONFIG_NET_SCH_HTB=m
CONFIG_NET_SCH_HFSC=m
CONFIG_NET_SCH_ATM=m
CONFIG_NET_SCH_PRIO=m
CONFIG_NET_SCH_RED=m
CONFIG_NET_SCH_SFQ=m
CONFIG_NET_SCH_TEQL=m
CONFIG_NET_SCH_TBF=m
CONFIG_NET_SCH_GRED=m
CONFIG_NET_SCH_DSMARK=m
CONFIG_NET_SCH_NETEM=m
CONFIG_NET_SCH_INGRESS=m
CONFIG_NET_QOS=y
CONFIG_NET_ESTIMATOR=y
CONFIG_NET_CLS=y
CONFIG_NET_CLS_TCINDEX=m
CONFIG_NET_CLS_ROUTE4=m
CONFIG_NET_CLS_ROUTE=y
CONFIG_NET_CLS_FW=m
CONFIG_NET_CLS_U32=m
CONFIG_CLS_U32_PERF=y
CONFIG_NET_CLS_IND=y
CONFIG_NET_CLS_RSVP=m
CONFIG_NET_CLS_RSVP6=m
# CONFIG_NET_CLS_ACT is not set
CONFIG_NET_CLS_POLICE=y

#
# Network testing
#
# CONFIG_NET_PKTGEN is not set
CONFIG_NETPOLL=y
# CONFIG_NETPOLL_RX is not set
CONFIG_NETPOLL_TRAP=y
CONFIG_NET_POLL_CONTROLLER=y
# CONFIG_HAMRADIO is not set
# CONFIG_IRDA is not set
CONFIG_BT=m
CONFIG_BT_L2CAP=m
CONFIG_BT_SCO=m
CONFIG_BT_RFCOMM=m
CONFIG_BT_RFCOMM_TTY=y
CONFIG_BT_BNEP=m
CONFIG_BT_BNEP_MC_FILTER=y
CONFIG_BT_BNEP_PROTO_FILTER=y
CONFIG_BT_CMTP=m
CONFIG_BT_HIDP=m

#
# Bluetooth device drivers
#
CONFIG_BT_HCIUSB=m
CONFIG_BT_HCIUSB_SCO=y
CONFIG_BT_HCIUART=m
CONFIG_BT_HCIUART_H4=y
CONFIG_BT_HCIUART_BCSP=y
CONFIG_BT_HCIUART_BCSP_TXCRC=y
CONFIG_BT_HCIBCM203X=m
CONFIG_BT_HCIBFUSB=m
CONFIG_BT_HCIDTL1=m
CONFIG_BT_HCIBT3C=m
CONFIG_BT_HCIBLUECARD=m
CONFIG_BT_HCIBTUART=m
CONFIG_BT_HCIVHCI=m
CONFIG_TUX=m

#
# TUX options
#
CONFIG_TUX_EXTCGI=y
# CONFIG_TUX_EXTENDED_LOG is not set
# CONFIG_TUX_DEBUG is not set
CONFIG_NETDEVICES=y
CONFIG_DUMMY=m
CONFIG_BONDING=m
# CONFIG_EQUALIZER is not set
CONFIG_TUN=m
CONFIG_ETHERTAP=m
# CONFIG_NET_SB1000 is not set

#
# ARCnet devices
#
# CONFIG_ARCNET is not set

#
# Ethernet (10 or 100Mbit)
#
CONFIG_NET_ETHERNET=y
CONFIG_MII=m
CONFIG_HAPPYMEAL=m
CONFIG_SUNGEM=m
CONFIG_NET_VENDOR_3COM=y
# CONFIG_EL1 is not set
# CONFIG_EL2 is not set
# CONFIG_ELPLUS is not set
# CONFIG_EL16 is not set
# CONFIG_EL3 is not set
# CONFIG_3C515 is not set
CONFIG_VORTEX=m
CONFIG_TYPHOON=m
# CONFIG_LANCE is not set
CONFIG_NET_VENDOR_SMC=y
# CONFIG_WD80x3 is not set
# CONFIG_ULTRA is not set
CONFIG_SMC9194=m
CONFIG_NET_VENDOR_RACAL=y
# CONFIG_NI5010 is not set
# CONFIG_NI52 is not set
# CONFIG_NI65 is not set

#
# Tulip family network device support
#
CONFIG_NET_TULIP=y
CONFIG_DE2104X=m
CONFIG_TULIP=m
# CONFIG_TULIP_MWI is not set
CONFIG_TULIP_MMIO=y
# CONFIG_TULIP_NAPI is not set
CONFIG_DE4X5=m
CONFIG_WINBOND_840=m
CONFIG_DM9102=m
CONFIG_PCMCIA_XIRCOM=m
# CONFIG_PCMCIA_XIRTULIP is not set
# CONFIG_AT1700 is not set
# CONFIG_DEPCA is not set
CONFIG_HP100=m
# CONFIG_NET_ISA is not set
CONFIG_NET_PCI=y
CONFIG_PCNET32=m
CONFIG_AMD8111_ETH=m
CONFIG_AMD8111E_NAPI=y
CONFIG_ADAPTEC_STARFIRE=m
CONFIG_ADAPTEC_STARFIRE_NAPI=y
# CONFIG_AC3200 is not set
CONFIG_APRICOT=m
CONFIG_B44=m
CONFIG_FORCEDETH=m
# CONFIG_CS89x0 is not set
# CONFIG_DGRS is not set
CONFIG_EEPRO100=m
# CONFIG_EEPRO100_PIO is not set
CONFIG_E100=m
CONFIG_E100_NAPI=y
CONFIG_FEALNX=m
CONFIG_NATSEMI=m
CONFIG_NE2K_PCI=m
CONFIG_8139CP=m
CONFIG_8139TOO=m
CONFIG_8139TOO_PIO=y
# CONFIG_8139TOO_TUNE_TWISTER is not set
CONFIG_8139TOO_8129=y
# CONFIG_8139_OLD_RX_RESET is not set
CONFIG_SIS900=m
CONFIG_EPIC100=m
# CONFIG_SUNDANCE is not set
CONFIG_TLAN=m
CONFIG_VIA_RHINE=m
CONFIG_VIA_RHINE_MMIO=y
CONFIG_NET_POCKET=y
# CONFIG_ATP is not set
# CONFIG_DE600 is not set
# CONFIG_DE620 is not set

#
# Ethernet (1000 Mbit)
#
CONFIG_ACENIC=m
# CONFIG_ACENIC_OMIT_TIGON_I is not set
CONFIG_DL2K=m
CONFIG_E1000=m
CONFIG_E1000_NAPI=y
CONFIG_NS83820=m
# CONFIG_HAMACHI is not set
# CONFIG_YELLOWFIN is not set
CONFIG_R8169=m
CONFIG_R8169_NAPI=y
CONFIG_SKY2=m
CONFIG_SK98LIN=m
CONFIG_VIA_VELOCITY=m
CONFIG_TIGON3=m
CONFIG_BNX2=m

#
# Ethernet (10000 Mbit)
#
CONFIG_IXGB=m
CONFIG_IXGB_NAPI=y
CONFIG_S2IO=m
CONFIG_S2IO_NAPI=y

#
# Token Ring devices
#
CONFIG_TR=y
CONFIG_IBMTR=m
CONFIG_IBMOL=m
CONFIG_IBMLS=m
CONFIG_3C359=m
CONFIG_TMS380TR=m
CONFIG_TMSPCI=m
CONFIG_SKISA=m
CONFIG_PROTEON=m
CONFIG_ABYSS=m
CONFIG_SMCTR=m

#
# Wireless LAN (non-hamradio)
#
CONFIG_NET_RADIO=y

#
# Obsolete Wireless cards support (pre-802.11)
#
# CONFIG_STRIP is not set
# CONFIG_ARLAN is not set
CONFIG_WAVELAN=m
CONFIG_PCMCIA_WAVELAN=m
CONFIG_PCMCIA_NETWAVE=m

#
# Wireless 802.11 Frequency Hopping cards support
#
# CONFIG_PCMCIA_RAYCS is not set

#
# Wireless 802.11b ISA/PCI cards support
#
CONFIG_IEEE80211=m
# CONFIG_IEEE80211_DEBUG is not set
CONFIG_IEEE80211_CRYPT=m
CONFIG_IEEE80211_WPA=m
CONFIG_IEEE80211_CRYPT_CCMP=m
CONFIG_IEEE80211_CRYPT_TKIP=m
CONFIG_IPW2100=m
CONFIG_IPW2100_PROMISC=y
# CONFIG_IPW_DEBUG is not set
CONFIG_IPW2200=m
CONFIG_AIRO=m
CONFIG_HERMES=m
CONFIG_PLX_HERMES=m
CONFIG_TMD_HERMES=m
CONFIG_PCI_HERMES=m
CONFIG_ATMEL=m
CONFIG_PCI_ATMEL=m

#
# Wireless 802.11b Pcmcia/Cardbus cards support
#
CONFIG_PCMCIA_HERMES=m
CONFIG_AIRO_CS=m
CONFIG_PCMCIA_ATMEL=m
CONFIG_PCMCIA_WL3501=m

#
# Prism GT/Duette 802.11(a/b/g) PCI/Cardbus support
#
CONFIG_PRISM54=m
CONFIG_NET_WIRELESS=y

#
# PCMCIA network device support
#
CONFIG_NET_PCMCIA=y
CONFIG_PCMCIA_3C589=m
CONFIG_PCMCIA_3C574=m
CONFIG_PCMCIA_FMVJ18X=m
CONFIG_PCMCIA_PCNET=m
CONFIG_PCMCIA_NMCLAN=m
CONFIG_PCMCIA_SMC91C92=m
CONFIG_PCMCIA_XIRC2PS=m
CONFIG_PCMCIA_AXNET=m
CONFIG_PCMCIA_IBMTR=m

#
# Wan interfaces
#
# CONFIG_WAN is not set

#
# ATM drivers
#
CONFIG_ATM_TCP=m
CONFIG_ATM_LANAI=m
CONFIG_ATM_ENI=m
# CONFIG_ATM_ENI_DEBUG is not set
# CONFIG_ATM_ENI_TUNE_BURST is not set
CONFIG_ATM_FIRESTREAM=m
# CONFIG_ATM_ZATM is not set
CONFIG_ATM_NICSTAR=m
# CONFIG_ATM_NICSTAR_USE_SUNI is not set
# CONFIG_ATM_NICSTAR_USE_IDT77105 is not set
CONFIG_ATM_IDT77252=m
# CONFIG_ATM_IDT77252_DEBUG is not set
# CONFIG_ATM_IDT77252_RCV_ALL is not set
CONFIG_ATM_IDT77252_USE_SUNI=y
CONFIG_ATM_AMBASSADOR=m
# CONFIG_ATM_AMBASSADOR_DEBUG is not set
CONFIG_ATM_HORIZON=m
# CONFIG_ATM_HORIZON_DEBUG is not set
# CONFIG_ATM_IA is not set
CONFIG_ATM_FORE200E_MAYBE=m
# CONFIG_ATM_FORE200E_PCA is not set
CONFIG_ATM_HE=m
# CONFIG_ATM_HE_USE_SUNI is not set
CONFIG_FDDI=y
# CONFIG_DEFXX is not set
# CONFIG_SKFP is not set
# CONFIG_HIPPI is not set
# CONFIG_PLIP is not set
CONFIG_PPP=m
CONFIG_PPP_MULTILINK=y
CONFIG_PPP_FILTER=y
CONFIG_PPP_ASYNC=m
CONFIG_PPP_SYNC_TTY=m
CONFIG_PPP_DEFLATE=m
# CONFIG_PPP_BSDCOMP is not set
CONFIG_PPP_MPPE_MPPC=m
CONFIG_PPPOE=m
CONFIG_PPPOATM=m
# CONFIG_SLIP is not set
CONFIG_NET_FC=y
# CONFIG_SHAPER is not set
CONFIG_NETCONSOLE=m
CONFIG_NETDUMP=m








----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

iptables: Unknown error 4294967295

[Lindsay Haisley]

When I execute the following:

iptables -t nat -I PREROUTING -s 10.8.0.1 -i tap0 -j SNAT --to-source 216.110.12.105

... I'm getting the error: 

iptables: Unknown error 4294967295

(4294967295 = an unsigned representation of a signed long int of -1)

Running this under strace shows the following:


mmap2(NULL, 7648, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 
0xb7fbb000
mmap2(0xb7fbc000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xb7fbc000
close(3)                                = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "nat\0\1\0\0\0\335g\21\300\0\0\0\0\224\313F\300\1\0\0\0"..., [84]) = 0
getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [656]) = 0
setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 876) = -1 EINVAL (Invalid argument)
write(2, "iptables: Unknown error 42949672"..., 35iptables: Unknown error 4294967295
) = 35
exit_group(1)                           = ?
Process 10231 detached

Apprently the error is originating in a malformed socket option call.  What's 
happening here, and how can I fix it?   I'm running kernel 2.6.17-gentoo-r4, 
iptables v1.3.5.

I have about every possible kernel netfilter capability compiled as a module, 
or built into the kernel.

-- 
Lindsay Haisley       | "Fighting against human |     PGP public key
FMP Computer Services |    creativity is like   |      available at
512-259-1190          |    trying to eradicate  | <http://pubkeys.fmp.com>
http://www.fmp.com    |        dandelions"      |
                      |      (Pamela Jones)     |

Re: iptables: Unknown error 4294967295

[Daniel De Graaf]

On 9/25/06, Lindsay Haisley <fmouse-netfilter@fmp.com> wrote:
> When I execute the following:
>
> iptables -t nat -I PREROUTING -s 10.8.0.1 -i tap0 -j SNAT --to-source 216.110.12.105
>
> ... I'm getting the error:
>
> iptables: Unknown error 4294967295
>
> (4294967295 = an unsigned representation of a signed long int of -1)
>
> Running this under strace shows the following:
>
>
> mmap2(NULL, 7648, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> 0xb7fbb000
> mmap2(0xb7fbc000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xb7fbc000
> close(3)                                = 0
> socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "nat\0\1\0\0\0\335g\21\300\0\0\0\0\224\313F\300\1\0\0\0"..., [84]) = 0
> getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [656]) = 0
> setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 876) = -1 EINVAL (Invalid argument)
> write(2, "iptables: Unknown error 42949672"..., 35iptables: Unknown error 4294967295
> ) = 35
> exit_group(1)                           = ?
> Process 10231 detached
>
> Apprently the error is originating in a malformed socket option call.  What's
> happening here, and how can I fix it?   I'm running kernel 2.6.17-gentoo-r4,
> iptables v1.3.5.
>
> I have about every possible kernel netfilter capability compiled as a module,
> or built into the kernel.
>
> --
> Lindsay Haisley       | "Fighting against human |     PGP public key
> FMP Computer Services |    creativity is like   |      available at
> 512-259-1190          |    trying to eradicate  | <http://pubkeys.fmp.com>
> http://www.fmp.com    |        dandelions"      |
>                       |      (Pamela Jones)     |
>
>
The (unsigned)(-1) is a known bug (#460 in bugzilla), fixed in
subversion versions of iptables.
However, it is only an invalid reporting of the error; the fixed
version would output "iptables: Invalid Argument".

The error is because SNAT must be in POSTROUTING, not PREROUTING.

- Daniel De Graaf

Re: iptables: Unknown error 4294967295

[Yasuyuki KOZAKAI]

Hello,

From: Lindsay Haisley <fmouse-netfilter@fmp.com>
Date: Mon, 25 Sep 2006 19:03:01 -0500

> When I execute the following:
> 
> iptables -t nat -I PREROUTING -s 10.8.0.1 -i tap0 -j SNAT --to-source 216.110.12.105
> 
> ... I'm getting the error: 
> 
> iptables: Unknown error 4294967295
> 
> (4294967295 = an unsigned representation of a signed long int of -1)
> 
> Running this under strace shows the following:
> 
> 
> mmap2(NULL, 7648, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 
> 0xb7fbb000
> mmap2(0xb7fbc000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xb7fbc000
> close(3)                                = 0
> socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "nat\0\1\0\0\0\335g\21\300\0\0\0\0\224\313F\300\1\0\0\0"..., [84]) = 0
> getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [656]) = 0
> setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 876) = -1 EINVAL (Invalid argument)
> write(2, "iptables: Unknown error 42949672"..., 35iptables: Unknown error 4294967295
> ) = 35
> exit_group(1)                           = ?
> Process 10231 detached
> 
> Apprently the error is originating in a malformed socket option call.  What's 
> happening here, and how can I fix it?   I'm running kernel 2.6.17-gentoo-r4, 
> iptables v1.3.5.
> 
> I have about every possible kernel netfilter capability compiled as a module, 
> or built into the kernel.

Is your iptables 32bit binary and do you run it on 64bit kernel ?
And did syslog output anything ?

-- Yasuyuki Kozakai

Re: iptables: Unknown error 4294967295

[Lindsay Haisley]

Thus spake Daniel De Graaf on Mon, Sep 25, 2006 at 07:37:13PM CDT
> The (unsigned)(-1) is a known bug (#460 in bugzilla), fixed in
> subversion versions of iptables.
> However, it is only an invalid reporting of the error; the fixed
> version would output "iptables: Invalid Argument".
> 
> The error is because SNAT must be in POSTROUTING, not PREROUTING.

Thanks.  I had just discovered this.  I'm trying to wrangle a VPN into shape 
and feeling my way.  Sorry for the noise!

-- 
Lindsay Haisley       | "Fighting against human |     PGP public key
FMP Computer Services |    creativity is like   |      available at
512-259-1190          |    trying to eradicate  | <http://pubkeys.fmp.com>
http://www.fmp.com    |        dandelions"      |
                      |      (Pamela Jones)     |

Re: iptables: Unknown error 4294967295

[Alan Ezust]

[-- Attachment #1: Type: text/plain, Size: 2303 bytes --]

I was getting this too, and my problem was related to the fact that my kernel 
was configued with CONFIG_NETFILTER_NETLINK=m. I changed that to a "y" and my
UNKNOWN ERROR went away. And yes, I was loading the module at the right time 
in my /etc/modules, but that didn't seem to make a difference to netfilter.



On Monday 25 September 2006 17:41, Yasuyuki KOZAKAI wrote:
> Hello,
>
> From: Lindsay Haisley <fmouse-netfilter@fmp.com>
> Date: Mon, 25 Sep 2006 19:03:01 -0500
>
> > When I execute the following:
> >
> > iptables -t nat -I PREROUTING -s 10.8.0.1 -i tap0 -j SNAT --to-source
> > 216.110.12.105
> >
> > ... I'm getting the error:
> >
> > iptables: Unknown error 4294967295
> >
> > (4294967295 = an unsigned representation of a signed long int of -1)
> >
> > Running this under strace shows the following:
> >
> >
> > mmap2(NULL, 7648, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
> > 0xb7fbb000
> > mmap2(0xb7fbc000, 4096, PROT_READ|PROT_WRITE,
> > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xb7fbc000 close(3)         
> >                       = 0
> > socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> > getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> > "nat\0\1\0\0\0\335g\21\300\0\0\0\0\224\313F\300\1\0\0\0"..., [84]) = 0
> > getsockopt(3, SOL_IP, 0x41 /* IP_??? */,
> > "nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [656]) = 0
> > setsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> > "nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 876) = -1
> > EINVAL (Invalid argument) write(2, "iptables: Unknown error 42949672"...,
> > 35iptables: Unknown error 4294967295 ) = 35
> > exit_group(1)                           = ?
> > Process 10231 detached
> >
> > Apprently the error is originating in a malformed socket option call. 
> > What's happening here, and how can I fix it?   I'm running kernel
> > 2.6.17-gentoo-r4, iptables v1.3.5.
> >
> > I have about every possible kernel netfilter capability compiled as a
> > module, or built into the kernel.
>
> Is your iptables 32bit binary and do you run it on 64bit kernel ?
> And did syslog output anything ?
>
> -- Yasuyuki Kozakai

-- 
Alan Ezust            www.presinet.com
Presinet, inc         alan.ezust@presinet.com
           Victoria, BC,Canada

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

iptables: Unknown error 4294967295

[KARIM SATTAR]

Hi

I am getting the error as mentioned below; the problem arose when I  
have changed the data structure of the ipt_entry which stores the rules 
 and other information. I have changed in the also other appropriate 
initialization of the structure in ip_nat_rule and other files.
I have just added one variable of type unsigned int. Can any one have 
idea regarding this problem.

Before adding this variable, iptables was working fine.
Can any one help me in this problem.

[root@localhost ~]# service iptables start
Flushing firewall rules: iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
iptables: Unknown error 4294967295
                                                           [FAILED]
Setting chains to policy ACCEPT: raw iptables: Unknown error 4294967295
nat iptables: Unknown error 4294967295
mangle iptables: Unknown error 4294967295
filter iptables: Unknown error 4294967295
                                                           [FAILED]
Unloading iptables modules:                                [  OK  ]

All the modules have been loaded as permanent modules rather than as 
loadable modules.

Re: iptables: Unknown error 4294967295

[Leonardo Rodrigues Magalhães]

[-- Attachment #1: Type: text/plain, Size: 1792 bytes --]



KARIM SATTAR escreveu:
> Hi
>
> I am getting the error as mentioned below; the problem arose when I  
> have changed the data structure of the ipt_entry which stores the rules 
>  and other information. I have changed in the also other appropriate 
> initialization of the structure in ip_nat_rule and other files.
> I have just added one variable of type unsigned int. Can any one have 
> idea regarding this problem.
>
> Before adding this variable, iptables was working fine.
> Can any one help me in this problem.
>
> [root@localhost ~]# service iptables start
> Flushing firewall rules: iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
>                                                            [FAILED]
> Setting chains to policy ACCEPT: raw iptables: Unknown error 4294967295
> nat iptables: Unknown error 4294967295
> mangle iptables: Unknown error 4294967295
> filter iptables: Unknown error 4294967295
>                                                            [FAILED]
> Unloading iptables modules:                                [  OK  ]
>
> All the modules have been loaded as permanent modules rather than as 
> loadable modules.
>
>   

    I really dont know if that will be your case, but i have experienced 
several 'Unknown error xxxxxxxxxx' after recompiled kernel and NOT 
recompiled iptables.

-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it





[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 5672 bytes --]

Re: iptables: Unknown error 4294967295

[KARIM SATTAR]

How can I recompile the kernel and not iptables.

KARIM SATTAR escreveu:
> Hi
>
> I am getting the error as mentioned below; the problem arose when I  
> have changed the data structure of the ipt_entry which stores the
 rules 
>  and other information. I have changed in the also other appropriate 
> initialization of the structure in ip_nat_rule and other files.
> I have just added one variable of type unsigned int. Can any one have
 
> idea regarding this problem.
>
> Before adding this variable, iptables was working fine.
> Can any one help me in this problem.
>
> [root@localhost ~]# service iptables start
> Flushing firewall rules: iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
>                                                            [FAILED]
> Setting chains to policy ACCEPT: raw iptables: Unknown error
 4294967295
> nat iptables: Unknown error 4294967295
> mangle iptables: Unknown error 4294967295
> filter iptables: Unknown error 4294967295
>                                                            [FAILED]
> Unloading iptables modules:                                [  OK  ]
>
> All the modules have been loaded as permanent modules rather than as 
> loadable modules.
>
>   

>    I really dont know if that will be your case, but i have
> experienced 
>several 'Unknown error xxxxxxxxxx' after recompiled kernel and >NOT 
>recompiled iptables.

> -- 


>	Atenciosamente / Sincerily,
>	Leonardo Rodrigues
>	Solutti Tecnologia
>	http://www.solutti.com.br

>	Minha armadilha de SPAM, NÃO mandem email
>	gertrudes@solutti.com.br
>	My SPAMTRAP, do not email it

RE: iptables: Unknown error 4294967295

[Rob Sterenborg]

> How can I recompile the kernel and not iptables.

Simple. They are separate packages (iptables is not the same as
netfilter; it's part of the project). So it's possible to just compile
the kernel but not iptables, which is only the userspace utility to
create rules.

If you haven't compiled iptables you can download it from
ftp.netfilter.org.
If you patched the kernel before compiling using patch-o-matic-ng, it's
possible that iptables also had to be patched before compiling it so it
may not be enough to just compile and install iptables.
Also, keep in mind that you probably have an older version of iptables
installed that comes with your distro and you should uninstall that
version.


Grts,
Rob