On Thu, Nov 11, 2004 at 11:34:09PM -0800, Gary W. Smith wrote: > I have been trying to upgrade a RH9 firewall box running 1.2.7a to RHEL3. I applied patch-o-matic pptp-conntrack to the RHEL3 kernel and everything "seemed" fine. I have an automated script that generates some baseline firewall rules for some clients. Anyways, It fails only on RHEL3 1.2.7a. It works on my FC2 and RH9 boxes. > > The failure always happens on the nat filter, output chain: > > [0:0] -A OUTPUT -d 66.120.18.34 -j DNAT --to-destination 192.198.0.34 > > Any ideas? you say you applied a patch from POM and recompiled your kernel. did you also rebuild iptables? IIRC the pptp-conntrack patch changes the size of the internal structures, so an unpatched iptables will fail to add rules in this way (usually on a NAT rule). -j -- Jason Opperisano <opie@xxxxxxxxxxx>
