Re: iptables strangeness

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 31 Jan 2003 19:11:14 -0800, jdow wrote:

> > In building a script for my iptables commands, I find that if I
> > enter the command:
> > 
> > iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp+ -j
> > MASQUERADE
> > 
> > from a command prompt, then it executes correctly, but if I place
> > the identical command into a file and invoke it as a script, then it
> > fails with the message:
> > 
> > iptables v1.2.6a: Couldn't load target
> > `MASQUERADE':/lib/iptables/libipt_MASQUERADE.so: cannot open shared
> > object file: No such file or directory.
> > 
> > All of my other iptables commands (non of which reference
> > MASQUERADE), execute equally well from either the command prompt or
> > the script.
> > 
> > Any thoughts?
> 
> Yeah, is the ipchains emulation turned off and expunged from your
> system?
> 
> service ipchains stop
> rpm -e ipchains
> 
> Ipchains interferes with iptables. It's just a thought....

No. I have strong doubts that this thought is in the right
direction. First of all, /lib/iptables/libipt_MASQUERADE.so is a
netfilter _userspace_ extension module, not a kernel module.
Secondly, if the ipchains kernel module were loaded, it would block
loading netfilter/iptables modules with a completely different error
message. And most important, any other iptables commands wouldn't
work at all.

An error like above can be the result of a syntax or type error,
even junk at the end of a line or corrupted delimiters. Which
userspace extension module is loaded depends on at least one
command-line argument, e.g. the -p/--protocol argument and the
- -m/--match argument for match extensions or the -j/--jump argument
for target extensions like MASQUERADE.

If the file /lib/iptables/libipt_MASQUERADE.so is not missing and
the same rule is accepted on the command-line, find out a
reproducible test-case.

Try shortening your script as much as possible while keeping
the problem reproducible.

- -- 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+O+E/0iMVcrivHFQRAhqGAJ0a0xMiuJPCGjV+GIZJwiyZglIztwCfU+LP
b5rBqIq3lBul0Qhw+FeZAds=
=fCIC
-----END PGP SIGNATURE-----



-- 
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
[Index of Archives]     [Fedora General Discussion]     [Red Hat General Discussion]     [Centos]     [Kernel]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux