On Thu, 2004-02-12 at 02:10, Richard Bown wrote: > On Wed, 2004-02-11 at 22:14, Cedric Blancher wrote: > > Le mer 11/02/2004 à 22:53, Richard Bown a écrit : > > > I suspect from the results I've seen running 2.6.2 with iptables-1.2.9 > > > that the handling of DNAT & SNAT is very different. > > > > Afaik, from a user point of vue, there's no difference between 2.4 and > > 2.6. I'm using a 2.6.1 kernel on which all the scripts I've written for > > 2.4 kernels are working just the way they did before, for filtering, > > mangling and nating... > > > > What kind of results makes you believe there are major differences on > > NAT handling ? > > > Hi Cedric > I'm using MDK 9.2 and iptables-1.2.9-4mdk plus shorewall 1.4.8-3mdk with > kernel 2.4.22-26mddk > > > when trying to run with kernel -2.6.2 shorewall stopped after an iptable > invalid argument o n a rule starting DNAT. > That rule was hashed out and all rules loaded , until the masq section > which again halted shorewall. Sounds like your kernel config doesn't have MASQ and/or NAT support. You need to recompile the kernel with those options included. > I tried an iptables -F to flush out all rules and allow networking but > no avail. > I really would like to knoqw whats happening so I understand what to do. > > Richard > > One big difference is bridge interfaces handling, as physical interfaces > > cannot get matched using -i/-o switches anymore (br0 is seen through > > them) so you have to use physdev match. -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
