I found out that the problem lies with my 2.4.18 kernel + 0.0.6 patch. All packets bypass netfilter. I went back to my production bridge/firewall kernel (2.4.13-ac7 with 0.0.3 patch) and it seemed to work about right. I just wanted to make use of the DNAT fix in version 0.0.4
After compiling 2.4.18 with 0.0.6 patch I get the following error when any operation on MANGLE table is performed: iptables: libiptc/libip4tc.c:384: do_check: Assertion `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed. I've tried recompiling quite a few times with the same result though. Just in case, I attached a copy of my kernel config file. Thank you. -Alex -----Original Message----- From: Lennert Buytenhek [mailto:[EMAIL PROTECTED]] Sent: Friday, April 05, 2002 2:54 AM To: Alex Gromov Cc: '[EMAIL PROTECTED]' Subject: Re: [Bridge] Bridge/netfilter DNAT (bug?) On Tue, Apr 02, 2002 at 05:31:31PM -0700, Alex Gromov wrote: > I am trying to set up a bridge with nat. > > I have set up a test machine on 2.4.18 kernel with 0.0.6 bridge/netfilter > patch, where > ISP ---> eth0 [bridge/nf] eth1 <----- x.x.x.89 > > The bridge and filter table work just fine, but when I send packets to > x.x.x.90 trying to translate them to x.x.x.89 using following rule > > iptables -t nat -A PREROUTING -eth0 -d x.x.x.90 -j DNAT --to-destination > x.x.x.89 > > it doesn't work. Note that I have a network range that includes .90 so its > valid. What if you set the target to DROP instead? Does anything happen? cheers, Lennert
config
Description: Binary data
