there is no "CONFIG_IP_NF_TARGET_NETLINK" entry in the .config file. i am using 2.4.18 kernel, i have looked for that entry in the xconfig, i didnt find it there either, plz mail me about it as soon as possible ... i need to implement iptables 1.2.4 or 1.2.5 as soon as possible ..
my iptables file entries are : ...... # Generated by iptables-save v1.2.3 on Sun Jan 20 21:45:36 2002 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -N HTTP_TRAFFIC [0:0] -A HTTP_TRAFFIC -i eth0 -s 172.16.0.0/16 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 [0:0] -A PREROUTING -i eth0 -s 172.16.0.0/16 -d 172.16.10.29 -p tcp -m tcp --dport 80 -j ACCEPT [0:0] -A PREROUTING -i eth0 -s 172.16.3.51 -p tcp -m tcp -j ACCEPT [0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 3128 -j DROP #[0:0] -A PREROUTING -i eth1 -s 192.168.0.0/16 -j DROP #[0:0] -A PREROUTING -i eth1 -s 10.10.0.0/8 -j DROP #[0:0] -A PREROUTING -i eth1 -s 172.16.0.0/12 -j DROP [0:0] -A PREROUTING -i eth0 -s 172.16.10.29 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 80 # Completed on Sun Jan 20 21:45:36 2002 # Generated by iptables-save v1.2.3 on Sun Jan 20 21:45:36 2002 *mangle :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Sun Jan 20 21:45:36 2002 # Generated by iptables-save v1.2.3 on Sun Jan 20 21:45:36 2002 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] [0:0] -A INPUT -d 127.0.0.1 -i lo -j ACCEPT [0:0] -A INPUT -d 172.16.10.29 -i lo -j ACCEPT [0:0] -A INPUT -d 202.140.144.99 -i lo -j ACCEPT [0:0] -A INPUT -s 172.16.0.0/255.255.0.0 -d 172.16.10.29 -i eth0 -p icmp -j ACCEPT [0:0] -A INPUT -s 172.16.0.0/255.255.0.0 -d 172.16.10.29 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT [0:0] -A INPUT -s 172.16.0.0/255.255.0.0 -d 172.16.10.29 -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT [0:0] -A INPUT -s 172.16.0.0/255.255.0.0 -d 172.16.10.29 -i eth0 -p udp -m udp --dport 53 -j ACCEPT [0:0] -A INPUT -s 172.16.0.0/255.255.0.0 -d 172.16.10.29 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT #[0:0] -A INPUT -d 202.140.144.99 -i eth1 -j ACCEPT [0:0] -A INPUT -i eth0 -p udp -m udp --dport 67:68 -j ACCEPT [0:0] -A INPUT -i eth0 -p udp -m udp --dport 137:139 -j ACCEPT #[0:0] -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP [0:0] -A FORWARD -s ! 172.16.10.29 -d ! 172.16.10.29 -p tcp -m tcp --dport 3128 -j DROP [0:0] -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT [0:0] -A OUTPUT -s 172.16.10.29 -d 172.16.10.29 -j ACCEPT [0:0] -A OUTPUT -p udp -m udp --sport 67:68 -j ACCEPT [0:0] -A OUTPUT -p udp -m udp --sport 137:139 -j ACCEPT [0:0] -A OUTPUT -s 172.16.10.29 -d 172.16.0.0/255.255.0.0 -p icmp -j ACCEPT [0:0] -A OUTPUT -s 172.16.10.29 -d 172.16.0.0/255.255.0.0 -p tcp -m tcp --sport 80 -j ACCEPT [0:0] -A OUTPUT -s 172.16.10.29 -d 172.16.0.0/255.255.0.0 -p tcp -m tcp --sport 53 -j ACCEPT [0:0] -A OUTPUT -s 172.16.10.29 -d 172.16.0.0/255.255.0.0 -p udp -m udp --sport 53 -j ACCEPT [0:0] -A OUTPUT -s 172.16.10.29 -d 172.16.0.0/255.255.0.0 -p tcp -m tcp --sport 22 -j ACCEPT [0:0] -A OUTPUT -s 202.140.144.99 -j ACCEPT COMMIT # Completed on Sun Jan 20 21:45:36 2002 .......................... these entries are working fine on iptables 1.2.3 but throw error when i start iptabes. plz let me know if there is any problem with the file entries with respect to the iptables 1.2.4 or 1.2.5 Lo. On Sat, 09 Mar 2002 Jack Bowling wrote : >** Reply to message from Lo Baan <[EMAIL PROTECTED]> on Fri, >08 Mar 2002 13:41:14 +0000 > > > > anyways i have a got a problem with iptables .. i downloaded > > iptables 1.2.5 day before and compiled the patch in kernel >2.4.18, > > well the compilation went well (no kernel panics or error > > compiling) but when i start iptables i throws this error >message > > ..... > > > > iptables: libiptc/libip4tc.c:384: do_check: Assertion > > `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed. > > /etc/rc.d/init.d/iptables: line -248: 4935 Aborted > > iptables -t $i -F > > iptables: libiptc/libip4tc.c:384: do_check: Assertion > > `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed. > > /etc/rc.d/init.d/iptables: line -245: 4939 Aborted > > iptables -t $i -X >snip> > > >Ensure you have the following in your kernel .config file before >compiling: > >CONFIG_NETLINK_DEV=y >CONFIG_IP_NF_TARGET_NETLINK=m > > >jb
