Re: Unknown error.

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Re: Unknown error.
       [not found] <PKEOKKLGKDAAJCECPIOOGEKOFLAA.rboucneau@tuckernt.net>
@ 2006-08-11 11:31 ` Justin Schoeman
  0 siblings, 0 replies; 6+ messages in thread
From: Justin Schoeman @ 2006-08-11 11:31 UTC (permalink / raw)
  To: Bob Boucneau, netfilter

OK - That one did it!  Got a meaningful error message, and realised that 
somehow I had not built the CONNMARK module ;-) .

Now, the next error, when I try to load a geoip match:

/usr/local/sbin/iptables -t mangle -A INPUT -m geoip --dst-cc ZA -j ACCEPT

I get:

iptables: Invalid argument

with the following in dmesg:

ip_tables: geoip match: invalid size 0 != 96

It seems like some critical piece of geoip /xt_tables integration is not 
in place... Is my analysis correct?  If so, is there a porting document 
somewhere covering the iptables updates since geoip last worked?

Thanks,

Justin

Bob Boucneau wrote:
> Hi Justin,
> 
> Should be fixed in current Netfilter.  This was a bug.
> 
> http://lists.netfilter.org/pipermail/netfilter-buglog/2006-April/000921.html
> 
> B
> 
> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org
> [mailto:netfilter-bounces@lists.netfilter.org]On Behalf Of Justin Schoeman
> Sent: Thursday, August 10, 2006 11:35 AM
> To: netfilter@lists.netfilter.org
> Subject: Unknown error.
> 
> Hi again.
> 
> I was wondering if anybody could help me.  I am using kernel 2.6.17.8
> with iptables 1.3.5, and I get the following error:
> 
> iptables: Unknown error 4294967295
> 
> for this command:
> 
> /usr/local/sbin/iptables -A INPUT -j CONNMARK --save-mark
> 
> I see a large number of hits for the error message on google, mainly
> related to iptables 1.3.5, but I have not seen one thread with a
> conclusive solution.
> 
> Could anybody please give me some pointers on where to start looking? Is
> this an iptables bug, if so, what is the last good version.  If not,
> what else can I look for?
> 
> Thanks,
> 
> Justin
> 


^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: Unknown error.
@ 2006-08-10 23:04 Daniel Williams
  0 siblings, 0 replies; 6+ messages in thread
From: Daniel Williams @ 2006-08-10 23:04 UTC (permalink / raw)
  To: Justin Schoeman, netfilter

The bug is an error message mapping. 

So in other words the command is failing for a legitimate reason,
iptables is just not giving you the useful error message. Try 1.3.4 and
see what the error message is, I don't believe you will find much
different.

Daniel 

-----Original Message-----
From: netfilter-bounces@lists.netfilter.org
[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of Justin
Schoeman
Sent: Friday, 11 August 2006 1:35 AM
To: netfilter@lists.netfilter.org
Subject: Unknown error.

Hi again.

I was wondering if anybody could help me.  I am using kernel 2.6.17.8 
with iptables 1.3.5, and I get the following error:

iptables: Unknown error 4294967295

for this command:

/usr/local/sbin/iptables -A INPUT -j CONNMARK --save-mark

I see a large number of hits for the error message on google, mainly 
related to iptables 1.3.5, but I have not seen one thread with a 
conclusive solution.

Could anybody please give me some pointers on where to start looking? Is

this an iptables bug, if so, what is the last good version.  If not, 
what else can I look for?

Thanks,

Justin

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Unknown error.
@ 2006-08-10 17:34 Justin Schoeman
  2006-08-11  7:08 ` Ming-Ching Tiew
  0 siblings, 1 reply; 6+ messages in thread
From: Justin Schoeman @ 2006-08-10 17:34 UTC (permalink / raw)
  To: netfilter

Hi again.

I was wondering if anybody could help me.  I am using kernel 2.6.17.8 
with iptables 1.3.5, and I get the following error:

iptables: Unknown error 4294967295

for this command:

/usr/local/sbin/iptables -A INPUT -j CONNMARK --save-mark

I see a large number of hits for the error message on google, mainly 
related to iptables 1.3.5, but I have not seen one thread with a 
conclusive solution.

Could anybody please give me some pointers on where to start looking? Is 
this an iptables bug, if so, what is the last good version.  If not, 
what else can I look for?

Thanks,

Justin

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Unknown error.
  2006-08-10 17:34 Justin Schoeman
@ 2006-08-11  7:08 ` Ming-Ching Tiew
  2006-08-11  9:05   ` Ming-Ching Tiew
  0 siblings, 1 reply; 6+ messages in thread
From: Ming-Ching Tiew @ 2006-08-11  7:08 UTC (permalink / raw)
  To: netfilter


I don't think you can perform CONNMARK on the INPUT chain
of the filter table, try doing it on the mangle table :-

/usr/local/sbin/iptables -t mangle -A INPUT -j CONNMARK --save-mark

Cheers.
----- Original Message ----- 
From: "Justin Schoeman" <justin@expertron.co.za>
To: <netfilter@lists.netfilter.org>
Sent: Friday, August 11, 2006 1:34 AM
Subject: Unknown error.


> Hi again.
> 
> I was wondering if anybody could help me.  I am using kernel 2.6.17.8 
> with iptables 1.3.5, and I get the following error:
> 
> iptables: Unknown error 4294967295
> 
> for this command:
> 
> /usr/local/sbin/iptables -A INPUT -j CONNMARK --save-mark
> 
> I see a large number of hits for the error message on google, mainly 
> related to iptables 1.3.5, but I have not seen one thread with a 
> conclusive solution.
> 
> Could anybody please give me some pointers on where to start looking? Is 
> this an iptables bug, if so, what is the last good version.  If not, 
> what else can I look for?
> 
> Thanks,
> 
> Justin
> 





^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Unknown error.
  2006-08-11  7:08 ` Ming-Ching Tiew
@ 2006-08-11  9:05   ` Ming-Ching Tiew
  0 siblings, 0 replies; 6+ messages in thread
From: Ming-Ching Tiew @ 2006-08-11  9:05 UTC (permalink / raw)
  To: netfilter

Cheers.
From: "Ming-Ching Tiew" <mingching.tiew@redtone.com>

> 
> I don't think you can perform CONNMARK on the INPUT chain
> of the filter table, try doing it on the mangle table :-
> 
> /usr/local/sbin/iptables -t mangle -A INPUT -j CONNMARK --save-mark
> 

Hmm I issue the commands on the filter table and INPUT chain on my system,
it seems to work too. And therefore your error is likely due to iptables not 
compiled against the correct kernel source.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* unknown error
@ 2006-05-12  8:06 Angel Tsankov
  0 siblings, 0 replies; 6+ messages in thread
From: Angel Tsankov @ 2006-05-12  8:06 UTC (permalink / raw)
  To: ML: netfilter

Has anyone ever encountered error 4294967295 while using iptables?!


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2006-08-11 11:31 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <PKEOKKLGKDAAJCECPIOOGEKOFLAA.rboucneau@tuckernt.net>
2006-08-11 11:31 ` Unknown error Justin Schoeman
2006-08-10 23:04 Daniel Williams
  -- strict thread matches above, loose matches on Subject: below --
2006-08-10 17:34 Justin Schoeman
2006-08-11  7:08 ` Ming-Ching Tiew
2006-08-11  9:05   ` Ming-Ching Tiew
2006-05-12  8:06 unknown error Angel Tsankov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox