Riho Kurg
2003-Apr-06 06:53 UTC
[Shorewall-users] Bad argument `nat'' and pppoe masquerade
Hi there,
I''m using shorewall for sharing ADSL (pppoe) line with only one
ethernet
card. Until recent upgrade to Mandrake 9.1 everything worked fine. To
avoid some Mandrake version specific problems, I''m using kernel from
previous working setup and vanilla Shorewall instead of Mandrake provided
one.
* Starting shorewall gives following:
root@eleet:/etc/shorewall> shorewall start
Processing /etc/shorewall/params ...
Starting Shorewall...
Loading Modules...
Initializing...
Determining Zones...
Zones: net loc
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: ppp0:0.0.0.0/0
Local Zone: eth0:0.0.0.0/0
Processing /etc/shorewall/init ...
Deleting user chains...
Creating input Chains...
Configuring Proxy ARP
Setting up NAT...
Adding Common Rules
Adding rules for DHCP
Enabling RFC1918 Filtering
Setting up Kernel Route Filtering...
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/rules...
Rule "ACCEPT fw net tcp 53" added.
Rule "ACCEPT fw net udp 53" added.
Rule "ACCEPT fw net tcp" added.
Rule "ACCEPT fw net udp" added.
Rule "ACCEPT loc fw tcp 22" added.
Rule "ACCEPT loc fw tcp ftp, ftp-data" added.
Rule "ACCEPT loc fw icmp 8" added.
Rule "ACCEPT net fw icmp 8" added.
Rule "ACCEPT fw loc icmp 8" added.
Rule "ACCEPT fw net icmp 8" added.
Processing /etc/shorewall/policy...
Policy REJECT for fw to net using chain all2all
Policy REJECT for fw to loc using chain all2all
Policy DROP for net to fw using chain net2all
Policy REJECT for loc to fw using chain all2all
Policy ACCEPT for loc to net using chain loc2net
Masqueraded Subnets and Hosts:
iptables: Invalid argument
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/stopped ...
Terminated
* Looking through ''shorewall debug start'' trace:
+ run_iptables -t nat -A ppp0_masq -s 10.0.0.0/24 -d 0.0.0.0/0 -j
MASQUERADE
+ iptables -t nat -A ppp0_masq -s 10.0.0.0/24 -d 0.0.0.0/0 -j MASQUERADE
iptables: Invalid argument
(complete trace is attached)
I can''t see what''s wrong with the arguments :(
My setup follows:
root@eleet:~/shorewall> shorewall version
1.3.14a
root@eleet:~/shorewall> shorewall version
1.3.14a
root@eleet:~/shorewall> uname -a
Linux eleet.vahelduvvool.com 2.4.19-16mdk #1 Fri Sep 20 18:15:05 CEST 2002
i686 unknown unknown GNU/Linux
root@eleet:/etc/shorewall> iptables --version
iptables v1.2.7a
root@eleet:~/shorewall> ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:06:7b:01:92:72 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.10/24 brd 10.0.0.255 scope global eth0
inet6 fe80::206:7bff:fe01:9272/10 scope link
4: sit0@NONE: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 80.235.35.233 peer 80.235.32.1/32 scope global ppp0
root@eleet:~/shorewall> ip route show
80.235.32.1 dev ppp0 proto kernel scope link src 80.235.35.233
10.0.0.0/24 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 80.235.32.1 dev ppp0
root@eleet:~/shorewall> lsmod
Module Size Used by Tainted: P
ipt_TOS 984 0 (autoclean)
isofs 25652 1 (autoclean)
inflate_fs 17892 0 (autoclean) [isofs]
snd-seq 33168 0 (autoclean)
appletalk 21668 1 (autoclean)
ipx 17124 1 (autoclean)
ipv6 140692 -1 (autoclean)
agpgart 31840 3 (autoclean)
nvidia 1547456 10
sg 31276 0 (autoclean) (unused)
st 26740 0 (autoclean) (unused)
sr_mod 15096 0 (autoclean) (unused)
sd_mod 11788 0 (autoclean) (unused)
scsi_mod 90372 4 (autoclean) [sg st sr_mod sd_mod]
ide-cd 28712 1 (autoclean)
cdrom 26848 0 (autoclean) [sr_mod ide-cd]
ipt_MASQUERADE 1272 0 (autoclean)
ipt_LOG 3384 0 (autoclean)
ipt_REJECT 2744 0 (autoclean)
ipt_state 568 0 (autoclean)
iptable_mangle 2072 0 (autoclean)
ip_nat_irc 2384 0 (unused)
ip_nat_ftp 2992 0 (unused)
iptable_nat 15224 2 [ipt_MASQUERADE ip_nat_irc ip_nat_ftp]
ip_conntrack_irc 3056 1
ip_conntrack_ftp 3952 1
ip_conntrack 18400 4 [ipt_MASQUERADE ipt_state ip_nat_irc
ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]
iptable_filter 1644 0 (autoclean)
ip_tables 11672 10 [ipt_TOS ipt_MASQUERADE ipt_LOG
ipt_REJECT ipt_state iptable_mangle iptable_nat iptable_filter]
snd-pcm-oss 36004 0 (unused)
snd-mixer-oss 10904 0 [snd-pcm-oss]
snd-via82xx 7884 10
snd-pcm 55872 4 [snd-pcm-oss snd-via82xx]
snd-timer 9932 0 [snd-seq snd-pcm]
snd-ac97-codec 27588 0 [snd-via82xx]
snd-mpu401-uart 2800 0 [snd-via82xx]
snd-rawmidi 12640 0 [snd-mpu401-uart]
snd-seq-device 3836 0 [snd-seq snd-rawmidi]
snd 24972 8 [snd-seq snd-pcm-oss snd-mixer-oss
snd-via82xx snd-pcm snd-timer snd-ac97-codec snd-mpu401-uart snd-rawmidi
snd-seq-device]
soundcore 3780 0 [snd]
ppp_synctty 5952 0 (unused)
ppp_async 7456 1
ppp_generic 20064 3 [ppp_synctty ppp_async]
slhc 5072 0 [ppp_generic]
af_packet 13000 3 (autoclean)
ip_vs 74328 0 (autoclean)
floppy 49340 0
8139too 14472 1 (autoclean)
mii 1152 0 (autoclean) [8139too]
nls_iso8859-15 3356 2 (autoclean)
nls_cp850 3580 1 (autoclean)
vfat 9588 1 (autoclean)
fat 31864 0 (autoclean) [vfat]
supermount 14340 2 (autoclean)
loop 11376 0 (autoclean)
lvm-mod 56704 0
usb-uhci 21676 0 (unused)
usbcore 58304 1 [usb-uhci]
rtc 6560 1 (autoclean)
ext3 74004 4
jbd 38452 4 [ext3]
Please CC: reply to me directly, because I''m not in the list.
TIA,
Rx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trace.gz
Type: application/octet-stream
Size: 12315 bytes
Desc:
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030406/814f71ad/trace-0001.obj
Tom Eastep
2003-Apr-06 18:56 UTC
[Shorewall-users] Bad argument `nat'' and pppoe masquerade
On Sun, 6 Apr 2003, Riho Kurg wrote:> Hi there, > > I''m using shorewall for sharing ADSL (pppoe) line with only one ethernet > card. Until recent upgrade to Mandrake 9.1 everything worked fine. To > avoid some Mandrake version specific problems, I''m using kernel from > previous working setup and vanilla Shorewall instead of Mandrake provided > one. > * Starting shorewall gives following:Please follow the instructions at http://www.shorewall.net/troubleshoot.htm under the title "If the firewall fails to start". -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep
2003-Apr-07 11:01 UTC
[Shorewall-users] Bad argument `nat'' and pppoe masquerade
On Sun, 6 Apr 2003, Riho Kurg wrote:> > On Sun, 6 Apr 2003, Riho Kurg wrote: > > > Hi there, > > > > > > I''m using shorewall for sharing ADSL (pppoe) line with only oneethernet> > > card. Until recent upgrade to Mandrake 9.1 everything worked fine. To > > > avoid some Mandrake version specific problems, I''m using kernel from > > > previous working setup and vanilla Shorewall instead of Mandrakeprovided> > > one. > > > * Starting shorewall gives following: > > Please follow the instructions at > > http://www.shorewall.net/troubleshoot.htm under the title "If thefirewall> > fails to start". > > I might be awfully wrong here, but I actually did read these notes. Full > "shorewall debug start" trace was included to my mail as well.Sorry -- I missed that. There''s nothing wrong with the command that is failing. Whatever your problem is, it isn''t the commands that Shorewall is generating. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net