On Wed, Aug 29, 2001 at 10:40:22PM +0800, Ian C. Sison wrote:
>
> Hello, does anyone care to fix this problem?
>
> IPTables still SEGFAULTS with a simple iptables config file!
>
>
> i've tried to use iptables-1.2.2-3.1mdk with the latest
> kernel-2.4.7.12.3mdk, with the file /etc/sysconfig/iptables:
>
> ==================================================
> -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> -A FORWARD -i eth1 -j ACCEPT
> ==================================================
>
> and iptables-restore bombs out with a segfault..
>
> ~/srpm (#1028) cat /etc/sysconfig/iptables | iptables-restore
> Segmentation fault (core dumped)
This isn't a real bug. The problem is the difference between what
you're doing above and what iptables-restore is expecting.
iptables-restore is used to work on data produced by iptables-save.
For example in your situation iptables-save would produce something like
this:
# Generated by iptables-save v1.2.2 on Sat Sep 8 05:53:27 2001
*nat
:PREROUTING ACCEPT [23484:1599071]
:POSTROUTING ACCEPT [21819:1438770]
:OUTPUT ACCEPT [553:44179]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat Sep 8 05:53:27 2001
# Generated by iptables-save v1.2.2 on Sat Sep 8 05:53:27 2001
*filter
:INPUT ACCEPT [5102:604719]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [4199:606881]
-A FORWARD -i eth1 -j ACCEPT
COMMIT
# Completed on Sat Sep 8 05:53:27 2001
Note the lack of -t, but rather it uses *nat and COMMIT to show the
begging and ending of a table. Switch to this format and your segfault
will go away.
--
Ben Reser <[EMAIL PROTECTED]>
http://ben.reser.org
Just when you think you're not in Kansas anymore, turns out you are!
- Colonel Jack O'Neill SG1
