On Thu, 6 Mar 2003 12:42:01 -0800 (PST) Meph Istopheles <meph@xxxxxxxxxxx> wrote: > > Hey, > > Looking round at stuff on ipmasq, I find a lot to do with > iptables. So, I run: > > # /sbin/ipchains -L > Chain input (policy ACCEPT): > target prot opt source destination > ports <snip> > Chain forward (policy ACCEPT): > target prot opt source destination > ports > MASQ all ------ 10.0.0.0/24 anywhere > n/a > > Why's my masq still st to 10.0.0.0/24? How do I change that? The question is, how it got there at all? The MASQ rule gets set as any other rule by your firewall script, and there you can also change it from 10.0.0.0/24 to 192.168.0.0/16. If you added it manually, you can remove it by restarting the firewall. You could also flush the forward chain and add a new rule: ipchains -F forward ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0.0.0.0 -j MASQ Of course, if you want the machine to act as router, you'll need further rules allowing forwarding between your two networks BEFORE the MASQ rule. > > Then, with nat: > > # /sbin/iptables -t nat -L > /lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/ip_tables.o: > init_module: Device or resource busy > Hint: insmod errors can be caused by incorrect module parameters, > including invalid IO or IRQ parameters. > You may find more information in syslog or the output from > dmesg > /lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/ip_tables.o: > insmod > /lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/ip_tables.o > failed > /lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/ip_tables.o: > insmod ip_tables failed > iptables v1.2.5: can't initialize iptables table `nat': iptables > who? (do you need to insmod?) > Perhaps iptables or your kernel needs to be upgraded. > > I know almost nothing about iptables. Can anyone tell me > what's up with all this? What kernel do you have? It seems like it's 2.2.x, which works with ipchains only. Iptables is introduced with 2.4.x, and although you have iptables utils installed, there seems to be no kernel support, causing iptables to crap out. If you manage to configure this with ipchains and upgrade to 2.4.x, you can still use your old ipchains rules (the iptables syntax is just different enough to make me do exactly this) by compiling ipchains-support in the kernel. I'd stay with 2.2.x and ipchains for this box if I were you. Cheers -- Horror Vacui Registered Linux user #257714 Go get yourself... counted: http://counter.li.org/ - and keep following the GNU. To unsubcribe send e-mail with the word unsubscribe in the body to: Linux-Anyway-Request@xxxxxxxxxxxxx?body=unsubscribe