mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 08:44:05 +01:00
More error message updates
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
e70b1246b0
commit
1b42f18f5f
@ -800,7 +800,7 @@
|
||||
<section>
|
||||
<title>Iptables Error Messages</title>
|
||||
|
||||
<para>By far the most asked about iptables error message is:</para>
|
||||
<para>By far the most asked about iptables error messages are:</para>
|
||||
|
||||
<glosslist>
|
||||
<glossentry>
|
||||
@ -813,27 +813,53 @@
|
||||
copy of the iptables command that is failing. Most commonly, the
|
||||
problem is that one of the match types (keyword following "-m" in
|
||||
the command) isn't supported by your iptables/kernel. The output of
|
||||
"shorewall check" shows you what your iptables/kernel
|
||||
"shorewall show capabilities" shows you what your iptables/kernel
|
||||
support:</para>
|
||||
|
||||
<programlisting>gateway:~# shorewall check
|
||||
Loading /usr/share/shorewall/functions...
|
||||
Processing /etc/shorewall/params ...
|
||||
Processing /etc/shorewall/shorewall.conf...
|
||||
Loading Modules...
|
||||
<emphasis role="bold">Shorewall has detected the following iptables/netfilter capabilities:
|
||||
NAT: Available
|
||||
<programlisting>gateway:~# shorewall show capabilities
|
||||
Shorewall has detected the following iptables/netfilter capabilities:
|
||||
<emphasis role="bold"> NAT: Available
|
||||
Packet Mangling: Available
|
||||
Multi-port Match: Available
|
||||
Extended Multi-port Match: Available
|
||||
Connection Tracking Match: Available
|
||||
Packet Type Match: Not available
|
||||
Packet Type Match: Available
|
||||
Policy Match: Available
|
||||
Physdev Match: Available
|
||||
IP range Match: Available</emphasis>
|
||||
Verifying Configuration...
|
||||
IP range Match: Available
|
||||
Recent Match: Available
|
||||
Owner Match: Available
|
||||
Ipset Match: Available
|
||||
ROUTE Target: Not available
|
||||
Extended MARK Target: Available
|
||||
CONNMARK Target: Available
|
||||
Connmark Match: Available</emphasis>
|
||||
<emphasis role="bold">Raw Table: Available</emphasis>
|
||||
gateway:~#</programlisting>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
...</programlisting>
|
||||
<glossentry>
|
||||
<glossterm>iptables: invalid argument</glossterm>
|
||||
|
||||
<glossdef>
|
||||
<para>Answer: 99.999% of the time, this error is caused by a
|
||||
mismatch between your iptables and kernel.</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Your iptables must be compiled against a kernel source
|
||||
tree that is Netfilter-compatible with the kernel that you are
|
||||
running.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If you rebuild iptables using the defaults and install it,
|
||||
it will be installed in /usr/local/sbin/iptables. As shown
|
||||
above, you have the IPTABLES variable in shorewall.conf set to
|
||||
"/sbin/iptables".</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
</glosslist>
|
||||
|
Loading…
Reference in New Issue
Block a user