A couple people have emailed me and the list regarding this issue, so I
thought I'd post for everyone's benefit.
Martin Josefsson <gandalf@xxxxxxxxxxxxxx> was absolutely correct. The
Invalid Argument problem can be fixed by recompiling iptables with the new
linux kernel headers. That means /usr/include/linux needs to link to your
kernel tree, NOT the glibc headers (bad distributions!)
Martin, I apologize for not searching the list archives before posting.
As for my iptables compile errors, I fixed that with a patch, which I
have attached to this email. I'm sure it's something that's already been
fixed, but there's no new patch-o-matic release, so I guess there's no
harm in posting. It was an error caused by the "talk" protocol connection
tracking patch in "extra". The kernel headers need to be able to be
included in userland applications.
Enjoy!
Cory Visi
diff -Naur linux-2.4.20-orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-2.4.20/include/linux/netfilter_ipv4/ip_conntrack_talk.h
--- linux-2.4.20-orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2003-06-01 20:20:07.000000000 -0400
+++ linux-2.4.20/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2003-06-01 20:32:48.000000000 -0400
@@ -2,9 +2,7 @@
#define _IP_CONNTRACK_TALK_H
/* TALK tracking. */
-#ifndef __KERNEL__
-#error Only in kernel.
-#endif
+#ifdef __KERNEL__
#include <linux/in.h>
#include <linux/netfilter_ipv4/lockhelp.h>
@@ -138,6 +136,8 @@
#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */
#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */
+#endif /* __KERNEL__ */
+
/* We don't really need much for talk */
struct ip_ct_talk_expect
{
