| View previous topic :: View next topic |
| Author |
Message |
Kulfaangaren!
Apprentice
Joined: 11 Jan 2003
Posts: 176
Location: Borås, Sweden
|
 Posted: Wed Mar 19, 2003 2:47 am Post subject: At my wits end... :( |
 |
|
Hello all, hopefully you can help me solve this problem of mine...
I set up a Gentoo 1.2 about 8-10 months ago and upgraded it to 1.4 a couple of months ago.
I have been running kernel 2.4.19-gentoo-r7 and my NATing firewall without a glitch...
I decided last week to upgrade the kernel to 2.4.20 and emerged the gentoo kernel sources for 2.4.20.
I compiled the kernel and booted it and it failed to load my saved iptable rules barfing on my SNAT rule...
| Code: | | iptables -t nat -A POSTROUTING -o eth[i]X[/i] -j SNAT --to-source [i]aaa.bbb.ccc.ddd[/i] |
...with aaa.bbb.ccc.ddd beeing my outside IP address.
This worked fine with 2.4.19 and it is the way that the help for iptables says I should write it.
When I searched the net I also saw "-j SNAT --to aaa.bbb.ccc.ddd" and "-j MASQUERADE" and I also noticed that a new option "-j SAME --to aaa.bbb.ccc.ddd" was available.
I tried ALL of those and all failed.
My original code fails on the "--to-source aaa.bbb.ccc.ddd" as does "-j SNAT --to aaa.bbb.ccc.ddd" and "-j SAME --to aaa.bbb.ccc.ddd" and If I remove the "--to-source" part they can't work and as it should be prints out a message asking me to add the "--to-source" part again.
"-J MASQUERADE" fails with the message "Illegal argument".
I'm at my wits end here guys...either you can help me or I can't upgrade 
Before you ask, yes, offcourse "Full NAT" and "Connection Tracking" is configured on 
I really hope you can help me and that I have just done something incredibly stupid when configuring the netfilter.
Regards
Fredrik |
|
| Back to top |
|
 |
Jimbow
Guru
Joined: 18 Feb 2003
Posts: 597
Location: Silver City, NM
|
| Posted: Wed Mar 19, 2003 3:00 am Post subject: |
|
|
| If it is possible, I suggest that you try to go back to using 2.4.19 kernel. Even if your firewall problem was fixed, there are other problems with the Gentoo 2.4.20 sources that make it less than ideal. |
|
| Back to top |
|
|
Kulfaangaren!
Apprentice
Joined: 11 Jan 2003
Posts: 176
Location: Borås, Sweden
|
| Posted: Wed Mar 19, 2003 3:29 am Post subject: Re: at my wits end |
|
|
Hello and thanks for the quick answer...
I never stoped using 2.4.19, that is still the kernel I run (until I can get a newer one to compile.)
Out of curiosity...is there a thread about these "other" problems with 2.4.20 around or could you please enlighten me ?
// Fredrik |
|
| Back to top |
|
|
Jimbow
Guru
Joined: 18 Feb 2003
Posts: 597
Location: Silver City, NM
|
| Posted: Wed Mar 19, 2003 3:45 am Post subject: |
|
|
I ran into a memory leak bug 15935. One thread (or bug report) said that the Gentoo sources did not "nice" correctly. Other people have had efficency problems and backed off to either the earlier version or to the vanilla sources.
I'm using the 2.4.20 Gentoo Sources now and have not had more problems since patching the memory leak. But unless there is a new feature that you've "got to have" I think you are better off with 2.4.19 |
|
| Back to top |
|
|
Kulfaangaren!
Apprentice
Joined: 11 Jan 2003
Posts: 176
Location: Borås, Sweden
|
| Posted: Wed Mar 19, 2003 3:49 am Post subject: Re: 2.4.20 gentoo sources... |
|
|
Ok, thanks for the info and help...
I guess I will wait until they get a more stable source package into the portage tree.
Out of curiosity...has anyone else encountered my problem or is it just me ?
// Fredrik |
|
| Back to top |
|
|
Zombie[BRAAAINS]
n00b
Joined: 19 Mar 2003
Posts: 62
|
| Posted: Wed Mar 19, 2003 5:43 am Post subject: BRAAAAAAAAINS |
|
|
| Kulfaangaren! wrote: | Ok, thanks for the info and help...
I guess I will wait until they get a more stable source package into the portage tree.
Out of curiosity...has anyone else encountered my problem or is it just me ?
// Fredrik |
Yep, I had the EXACT same problem. It drove me freaking nuts. A week of kernel re-compiles, trying different iptables combinations, and I was about to start digging through the source.
I re-emerged iptables, and the problem was gone. 
P.S.
I felt like such a n00b for not trying that sooner 
_________________
RAWR! Brains, BRAINS! BRAAAINS! MUST EAT BRAINS! |
|
| Back to top |
|
|
Kulfaangaren!
Apprentice
Joined: 11 Jan 2003
Posts: 176
Location: Borås, Sweden
|
| Posted: Wed Mar 19, 2003 5:50 pm Post subject: Re: My wits end... |
|
|
Hehe nice to know I am not alone...
I acctually DID recompile iptables  I just didn't test it before Jimbow told me about the other problems with 2.4.20 kernels and after that I decided not to run 2.4.20
Thanks for the info tho, I appreciate it.
// Fredrik |
|
| Back to top |
|
|
Buzzz
n00b
Joined: 17 Apr 2002
Posts: 63
Location: Enschede, The Netherlands
|
| Posted: Wed Mar 19, 2003 6:43 pm Post subject: |
|
|
I had exactly the same problem. I upgraded from 2.4.19 to 2.4.20 and I was asking myself the whole time, how is this is possible. But a remerge of iptables fixed in my case too.
That made me remerge a program always before starting to fix a problem 
_________________
There are no stupid questions, but there are a lot of inquisitive idiots |
|
| Back to top |
|
|
|
Networking & Security
