Invalid Argument
Jose Maria Lopez
jkerouac at eresmas.com
Mon Sep 6 17:58:40 CEST 2004
El lun, 06 de 09 de 2004 a las 14:48, João Carlos Garcia escribió:
> Hi,
>
> I´m trying to configure iptables rules, but ...
> I´m testing the rules in a separeted environment, but the final topology will be the following
> ADSL -- [ LINUX ] -- LOCAL NETWORK
>
> The script look like this
>
> #!/bin/sh
> INTIF=eth0
> EXTIF=eth1
> INTIP=192.168.0.3
> EXTIP=172.16.0.3
>
> echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
> echo 1 > /proc/sys/net/ipv4/ip_forward
> for f in /proc/sys/net/ipv4/conf/*/rp_filter;
> do
> echo 1 > $f;
> done
>
> iptables -F INPUT
> iptables -F OUTPUT
> iptables -F FORWARD
> iptables -A INPUT -j DROP
> iptables -A FORWARD -j DROP
> iptables -A OUTPUT -j DROP
> ...
>
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o $EXTIF -j SNAT --to-source $EXTIP
>
> When the script run the last rule ( NAT ), occurs an error : iptables invalid argument.
> I want that the iptables change the source IP address ( 192.168 ) to his ip address ( 172.16.0.3 ) to all connection to Internet
>
> Could anyone help me ?
> Thanks in advanced
> João Carlos
The rule is correct, I write it in my system and it works, so you
probably have a problem of not having synced the iptables userspace
tools and the kernel space or something similar.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
More information about the netfilter
mailing list