[Linux-Anyway] Re: More Re: Re: eth1
- From: horrorvacui@xxxxxxx
- To: Linux-Anyway@xxxxxxxxxxxxx
- Date: Thu, 6 Mar 2003 23:06:09 +0100
On Thu, 6 Mar 2003 12:42:01 -0800 (PST)
Meph Istopheles <meph@xxxxxxxxxxx> wrote:
>
> Hey,
>
> Looking round at stuff on ipmasq, I find a lot to do with
> iptables. So, I run:
>
> # /sbin/ipchains -L
> Chain input (policy ACCEPT):
> target prot opt source destination
> ports
<snip>
> Chain forward (policy ACCEPT):
> target prot opt source destination
> ports
> MASQ all ------ 10.0.0.0/24 anywhere
> n/a
>
> Why's my masq still st to 10.0.0.0/24? How do I change that?
The question is, how it got there at all? The MASQ rule gets set as any
other rule by your firewall script, and there you can also change it from
10.0.0.0/24 to 192.168.0.0/16. If you added it manually, you can remove it
by restarting the firewall. You could also flush the forward chain and add
a new rule:
ipchains -F forward
ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0.0.0.0 -j MASQ
Of course, if you want the machine to act as router, you'll need further
rules allowing forwarding between your two networks BEFORE the MASQ rule.
>
> Then, with nat:
>
> # /sbin/iptables -t nat -L
> /lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/ip_tables.o:
> init_module: Device or resource busy
> Hint: insmod errors can be caused by incorrect module parameters,
> including invalid IO or IRQ parameters.
> You may find more information in syslog or the output from
> dmesg
> /lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/ip_tables.o:
> insmod
> /lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/ip_tables.o
> failed
> /lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/ip_tables.o:
> insmod ip_tables failed
> iptables v1.2.5: can't initialize iptables table `nat': iptables
> who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
>
> I know almost nothing about iptables. Can anyone tell me
> what's up with all this?
What kernel do you have? It seems like it's 2.2.x, which works with
ipchains only. Iptables is introduced with 2.4.x, and although you have
iptables utils installed, there seems to be no kernel support, causing
iptables to crap out. If you manage to configure this with ipchains and
upgrade to 2.4.x, you can still use your old ipchains rules (the iptables
syntax is just different enough to make me do exactly this) by compiling
ipchains-support in the kernel. I'd stay with 2.2.x and ipchains for this
box if I were you.
Cheers
--
Horror Vacui
Registered Linux user #257714
Go get yourself... counted: http://counter.li.org/
- and keep following the GNU.
To unsubcribe send e-mail with the word unsubscribe in the body to:
Linux-Anyway-Request@xxxxxxxxxxxxx?body=unsubscribe
Other related posts:
