A couple people have emailed me and the list regarding this issue, so I
thought I'd post for everyone's benefit.
Martin Josefsson <gandalf@xxxxxxxxxxxxxx> was absolutely correct. The
Invalid Argument problem can be fixed by recompiling iptables with the new
linux kernel headers. That means /usr/include/linux needs to link to your
kernel tree, NOT the glibc headers (bad distributions!)
As for my iptables compile errors, I fixed that with a patch, which I
attached. I'm sure it's something that's already been fixed, but there's
no new patch-o-matic release, so no harm in posting. It was an error
caused by the "talk" protocol connection tracking.
Enjoy!
Cory Visi
diff -Naur linux-2.4.20-orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-2.4.20/include/linux/netfilter_ipv4/ip_conntrack_talk.h
--- linux-2.4.20-orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2003-06-01 20:20:07.000000000 -0400
+++ linux-2.4.20/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2003-06-01 20:32:48.000000000 -0400
@@ -2,9 +2,7 @@
#define _IP_CONNTRACK_TALK_H
/* TALK tracking. */
-#ifndef __KERNEL__
-#error Only in kernel.
-#endif
+#ifdef __KERNEL__
#include <linux/in.h>
#include <linux/netfilter_ipv4/lockhelp.h>
@@ -138,6 +136,8 @@
#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */
#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */
+#endif /* __KERNEL__ */
+
/* We don't really need much for talk */
struct ip_ct_talk_expect
{
