Shorewall users - Mar 2005 - can''t use shorewall in a UML-Session

Hi folks,
sorry for my bad english, but I am not a native speaker.

I want to setup a virtual firewall-host in a UML-Session.
I''m using Kernel 2.4.27-um1 and shorewall 2.2.2-2 from Debian sarge.
I have 4 nic''s in my System:

eth0 -> localnet 0
eth1 -> localnet 1
eth2 -> wlan
eth3 -> DSL/ppp0

I''m using four bridges br0,br1,br2,br3.
The UML firewall host is connected over 4 tap-devices tap0-tap3 to the phys. 
devices. In the UML-Session I have 4 nic''s  eth0-eth3.
My DSL connection in the UML-Session starts very well.
I want to masquerade the connections from eth0-eth3 over ppp0 (DSL)
When I''m starting shorewall the following messages are coming up:
 
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Not available
   Connection Tracking Match: Not available
   Packet Type Match: Available
   Policy Match: Not available
   Physdev Match: Not available
   IP range Match: Available
Determining Zones...
   Zones: net loc0 loc1 wlan
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
   Internet Zone: ppp0:0.0.0.0/0
   eth0_net Zone: eth0:0.0.0.0/0
   eth1_net Zone: eth1:0.0.0.0/0
   wlan_net Zone: eth2:0.0.0.0/0
Processing /etc/shorewall/init ...
Pre-processing Actions...
Deleting user chains...
Setting up Accounting...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Setting up NETMAP...
Adding Common Rules
Processing /etc/shorewall/initdone ...
Setting up Kernel Route Filtering...
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/ipsec...
Processing /etc/shorewall/rules...
Processing Actions...
   Generating Transitive Closure of Used-action List...
Processing /etc/shorewall/policy...
   Policy ACCEPT for fw to net using chain fw2net
   Policy ACCEPT for loc0 to net using chain loc02net
   Policy ACCEPT for loc1 to net using chain loc12net
   Policy ACCEPT for wlan to net using chain wlan2net
Masqueraded Networks and Hosts:
iptables: Invalid argument
   ERROR: Command "/sbin/iptables -t nat -A ppp0_masq -s 192.168.11.0/24 -d
0.0.0.0/0 -j MASQUERADE" Failed
Processing /etc/shorewall/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...

My masq file is:

ppp0	eth0
ppp0	eth1
ppp0	eth2

When I''m starting connection and shorewall on the real nic''s
without UML and
bridges, It works without any problems.

Can anybody help me about my problem? Do you need additional informations 
for troubleshooting? 
Thanks for spending your time, Greetings Rainer.

Rainer Fleischhacker wrote:
> Masqueraded Networks and Hosts:
> iptables: Invalid argument
>    ERROR: Command "/sbin/iptables -t nat -A ppp0_masq -s
192.168.11.0/24 -d
I guess that I''m going to have to add a new FAQ for this one....

99.999% of the time, this error is caused by a mismatch between your
iptables and kernel.

a) Your iptables must be compiled against a kernel source tree that is
Netfilter-compatible with the kernel that you are running.

b) If you rebuild iptables using the defaults and install it, it will be
installed in /usr/local/sbin/iptables. As shown above, you have the
IPTABLES variable in shorewall.conf set to "/sbin/iptables".

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key