Mailing List Archive

Any idea at least?

Samuel Díaz García escribió:
> With:
> iptables 1.3.5
> linux 2.6.16.1 and 2.6.16-git8
> today's pom-ng
>
> I'm having problems with some matches:
> connlimit
> ipp2p 0.8.1_rc1
>
> When compiling, I can see many "signed//unsigned comparision warnings"
> (don't remember exactly the warning).
>
> In dmesg I see things as:
>
> Mar 31 05:18:04 fraile kernel: [17180340.932000] ip_tables: connlimit
> match: invalid size 0 != 16
> Mar 31 05:54:00 fraile kernel: [17182487.628000] ip_tables: ipp2p match:
> invalid size 0 != 8
> Mar 31 05:54:00 fraile kernel: [17182487.668000] ip_tables: layer7
> match: invalid size 0 != 8452
>
> Any help/patch/suggestion?
>
> Thanks
>

--
Samuel Díaz García

Thus spake Daniel De Graaf on Mon, Sep 25, 2006 at 07:37:13PM CDT
> The (unsigned)(-1) is a known bug (#460 in bugzilla), fixed in
> subversion versions of iptables.
> However, it is only an invalid reporting of the error; the fixed
> version would output "iptables: Invalid Argument".
>
> The error is because SNAT must be in POSTROUTING, not PREROUTING.

Thanks. I had just discovered this. I'm trying to wrangle a VPN into shape
and feeling my way. Sorry for the noise!

--
Lindsay Haisley | "Fighting against human | PGP public key
FMP Computer Services | creativity is like | available at
512-259-1190 | trying to eradicate | <http://pubkeys.fmp.com>
http://www.fmp.com | dandelions" |
| (Pamela Jones) |

KARIM SATTAR escreveu:
> Hi
>
> I am getting the error as mentioned below; the problem arose when I
> have changed the data structure of the ipt_entry which stores the rules
> and other information. I have changed in the also other appropriate
> initialization of the structure in ip_nat_rule and other files.
> I have just added one variable of type unsigned int. Can any one have
> idea regarding this problem.
>
> Before adding this variable, iptables was working fine.
> Can any one help me in this problem.
>
> [root@localhost ~]# service iptables start
> Flushing firewall rules: iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> [FAILED]
> Setting chains to policy ACCEPT: raw iptables: Unknown error 4294967295
> nat iptables: Unknown error 4294967295
> mangle iptables: Unknown error 4294967295
> filter iptables: Unknown error 4294967295
> [FAILED]
> Unloading iptables modules: [ OK ]
>
> All the modules have been loaded as permanent modules rather than as
> loadable modules.
>
>

I really dont know if that will be your case, but i have experienced
several 'Unknown error xxxxxxxxxx' after recompiled kernel and NOT
recompiled iptables.

--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it

How can I recompile the kernel and not iptables.

KARIM SATTAR escreveu:
> Hi
>
> I am getting the error as mentioned below; the problem arose when I
> have changed the data structure of the ipt_entry which stores the
rules
> and other information. I have changed in the also other appropriate
> initialization of the structure in ip_nat_rule and other files.
> I have just added one variable of type unsigned int. Can any one have

> idea regarding this problem.
>
> Before adding this variable, iptables was working fine.
> Can any one help me in this problem.
>
> [root@localhost ~]# service iptables start
> Flushing firewall rules: iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> iptables: Unknown error 4294967295
> [FAILED]
> Setting chains to policy ACCEPT: raw iptables: Unknown error
4294967295
> nat iptables: Unknown error 4294967295
> mangle iptables: Unknown error 4294967295
> filter iptables: Unknown error 4294967295
> [FAILED]
> Unloading iptables modules: [ OK ]
>
> All the modules have been loaded as permanent modules rather than as
> loadable modules.
>
>

> I really dont know if that will be your case, but i have
> experienced
>several 'Unknown error xxxxxxxxxx' after recompiled kernel and >NOT
>recompiled iptables.

> --


> Atenciosamente / Sincerily,
> Leonardo Rodrigues
> Solutti Tecnologia
> http://www.solutti.com.br

> Minha armadilha de SPAM, NÃO mandem email
> gertrudes@solutti.com.br
> My SPAMTRAP, do not email it

> How can I recompile the kernel and not iptables.

Simple. They are separate packages (iptables is not the same as
netfilter; it's part of the project). So it's possible to just compile
the kernel but not iptables, which is only the userspace utility to
create rules.

If you haven't compiled iptables you can download it from
ftp.netfilter.org.
If you patched the kernel before compiling using patch-o-matic-ng, it's
possible that iptables also had to be patched before compiling it so it
may not be enough to just compile and install iptables.
Also, keep in mind that you probably have an older version of iptables
installed that comes with your distro and you should uninstall that
version.


Grts,
Rob