Steve Scrimpshire Posted June 12, 2003 Report Share Posted June 12, 2003 Trying to get masquerading working to share the internet connection, I use the command above and get: iptables: bad argument iptables v1.2.7a MDK 9.1 2.4.20 kernel [root@localhost omar]# lsmod Module Size Used by Tainted: P ipt_TCPMSS 2368 0 (autoclean) ip_nat_irc 2336 0 (unused) ip_nat_ftp 2944 0 (unused) soundcore 3492 0 (autoclean) ipt_ttl 576 0 (autoclean) ipt_unclean 6816 0 (autoclean) ipt_TOS 1024 0 ipt_REDIRECT 768 0 (unused) ppp_deflate 2976 0 (autoclean) zlib_deflate 18560 0 (autoclean) [ppp_deflate] bsd_comp 4064 0 (autoclean) ipt_limit 896 0 (autoclean) il 58184 1 nvidia 1541120 10 ipt_LOG 3424 0 (autoclean) ipt_REJECT 2880 0 (autoclean) ipt_state 576 0 (autoclean) ip_conntrack_irc 3072 1 ip_conntrack_ftp 3776 1 ipt_mark 480 0 (autoclean) iptable_mangle 2144 0 (autoclean) ppp_async 6400 1 (autoclean) ppp_generic 19660 3 (autoclean) [ppp_deflate bsd_comp ppp_async] slhc 4672 0 (autoclean) [ppp_generic] iptable_filter 1696 1 (autoclean) ipt_MASQUERADE 1280 0 (autoclean) iptable_nat 15092 3 (autoclean) [ip_nat_irc ip_nat_ftp ipt_REDIRECT ipt_MASQUERADE] ip_conntrack 17356 4 (autoclean) [ip_nat_irc ip_nat_ftp ipt_REDIRECT ipt_state ip_conntrack_irc ip_conntrack_ftp ipt_MASQUERADE iptable_nat] ip_tables 10976 16 [ipt_TCPMSS ipt_ttl ipt_unclean ipt_TOS ipt_REDIRECT ipt_limit ipt_LOG ipt_REJECT ipt_state ipt_mark iptable_mangle iptable_filter ipt_MASQUERADE iptable_nat] nls_iso8859-1 2816 3 (autoclean) nls_cp850 3552 3 (autoclean) vfat 9756 3 (autoclean) fat 30424 0 (autoclean) [vfat] unix 13636 57 (autoclean) reiserfs 164672 7 What am I doing wrong? I see this command used in Shorewall and Bastille-netfilter and both get the same results 'bad argument'. I can ping my Linux box from windows, and even see my http server, but can't reach the net from the windows box. It gets the ip correctly with DHCP and will release and renew it and I can ping both ways. It's just masquerading that won't work. Yes ip_forwarding is turned on: [root@localhost net]# cat /proc/sys/net/ipv4/ip_forward 1 Here's an excerpt from my boot.log that seems pertinent: Jun 11 18:51:36 localhost network: Enabling IPv4 packet forwarding succeeded Jun 11 18:51:36 localhost network: Bringing up interface eth0: succeeded Jun 11 18:51:36 localhost portmap: portmap startup succeeded Jun 11 18:51:39 localhost shorewall: Processing /etc/shorewall/params ... Jun 11 18:51:39 localhost shorewall: Starting Shorewall... Jun 11 18:51:39 localhost shorewall: Loading Modules... Jun 11 18:51:39 localhost shorewall: Initializing... Jun 11 18:51:39 localhost shorewall: Determining Zones... Jun 11 18:51:39 localhost shorewall: Zones: net masq loc Jun 11 18:51:39 localhost shorewall: Validating interfaces file... Jun 11 18:51:39 localhost shorewall: Validating hosts file... Jun 11 18:51:39 localhost shorewall: Validating Policy file... Jun 11 18:51:39 localhost shorewall: Determining Hosts in Zones... Jun 11 18:51:39 localhost shorewall: Net Zone: ppp:0.0.0.0/0 Jun 11 18:51:39 localhost shorewall: Masquerade Zone: eth0:0.0.0.0/0 Jun 11 18:51:39 localhost shorewall: Warning: Zone loc is empty Jun 11 18:51:40 localhost shorewall: Processing /etc/shorewall/init ... Jun 11 18:51:40 localhost shorewall: Deleting user chains... Jun 11 18:51:41 localhost shorewall: Creating input Chains... Jun 11 18:51:41 localhost shorewall: Configuring Proxy ARP Jun 11 18:51:41 localhost shorewall: Setting up NAT... Jun 11 18:51:41 localhost shorewall: Adding Common Rules Jun 11 18:51:41 localhost shorewall: Adding rules for DHCP Jun 11 18:51:41 localhost shorewall: IP Forwarding Enabled Jun 11 18:51:41 localhost shorewall: Processing /etc/shorewall/tunnels... Jun 11 18:51:41 localhost shorewall: Processing /etc/shorewall/rules... Jun 11 18:51:41 localhost shorewall: Rule "ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -" added. Jun 11 18:51:41 localhost shorewall: Rule "ACCEPT masq fw udp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp -" added. Jun 11 18:51:41 localhost shorewall: Rule "ACCEPT fw masq tcp 631,515,137,138,139 -" added. Jun 11 18:51:41 localhost shorewall: Rule "ACCEPT fw masq udp 631,515,137,138,139 -" added. Jun 11 18:51:41 localhost shorewall: Processing /etc/shorewall/policy... Jun 11 18:51:41 localhost shorewall: Policy ACCEPT for fw to net using chain fw2net Jun 11 18:51:41 localhost shorewall: Policy REJECT for fw to masq using chain all2all Jun 11 18:51:41 localhost shorewall: Policy REJECT for masq to fw using chain all2all Jun 11 18:51:42 localhost shorewall: Policy ACCEPT for masq to net using chain masq2net Jun 11 18:51:42 localhost shorewall: Policy ACCEPT for loc to net using chain loc2net Jun 11 18:51:42 localhost shorewall: Masqueraded Subnets and Hosts: Jun 11 18:51:42 localhost shorewall: Unable to determine the routes through interface eth0 [root@localhost net]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 63.152.12.248 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 63.152.12.248 0.0.0.0 UG 0 0 0 ppp0 Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted June 12, 2003 Author Report Share Posted June 12, 2003 Got it. Due to my Frankenstein-ed 9.1 from this problem and solution: http://mandrakeusers.org/viewtopic.php?p=42347#42347 I had to copy my 8.1 installation of iptables from /mnt/81usr/local/sbin to /usr/local/sbin then I renamed /sbin/iptables, /sbin/iptables-save, and /sbin/iptables-restore to /sbin/iptables.bak, /sbin/iptables-save.bak, and /sbin/iptables-restore.bak and symlinked /usr/local/sbin/iptables* stuff there. This is dirty, but it is working for now. I'm such a hacker. :wink: Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.