I hit a "gotcha" while trying to upgrade to the 2.4.21 kernel. Since
DNAT
is done by shorewall in the OUTPUT chain, you must enable in the kernel
config "NAT of local connections" (under Networking->Netfilter
Configuration) when compiling a new kernel >= 2.4.20.
This has been discussed on the list before more than once. But it escaped
me, and took a while searching thru the archives till I found the answer.
Tom''s very helpful images of the kernel config screens are based on
2.4.18
where there was no such configure option.
Might this issue deserve a FAQ ??
____________________________________________________
Quiet people aren''t the only ones who don''t say much. -
R. Baalke
On Tue, 2003-07-08 at 08:02, Micha Silver wrote:> I hit a "gotcha" while trying to upgrade to the 2.4.21 kernel. Since DNAT > is done by shorewall in the OUTPUT chain, you must enable in the kernel > config "NAT of local connections" (under Networking->Netfilter > Configuration) when compiling a new kernel >= 2.4.20. > > This has been discussed on the list before more than once. But it escaped > me, and took a while searching thru the archives till I found the answer. > > Tom''s very helpful images of the kernel config screens are based on 2.4.18 > where there was no such configure option. > > Might this issue deserve a FAQ ??What were you trying to do and what error did you encounter? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Tue, 2003-07-08 at 10:43, Tom Eastep wrote:> > What were you trying to do and what error did you encounter?Without more specific information, this is the best I can do: http://shorewall.net/FAQ.htm#faq27 -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net