More error message updates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-10-04 17:19:24 +00:00
parent e70b1246b0
commit 1b42f18f5f

View File

@ -800,7 +800,7 @@
<section> <section>
<title>Iptables Error Messages</title> <title>Iptables Error Messages</title>
<para>By far the most asked about iptables error message is:</para> <para>By far the most asked about iptables error messages are:</para>
<glosslist> <glosslist>
<glossentry> <glossentry>
@ -813,27 +813,53 @@
copy of the iptables command that is failing. Most commonly, the copy of the iptables command that is failing. Most commonly, the
problem is that one of the match types (keyword following "-m" in problem is that one of the match types (keyword following "-m" in
the command) isn't supported by your iptables/kernel. The output of the command) isn't supported by your iptables/kernel. The output of
"shorewall check" shows you what your iptables/kernel "shorewall show capabilities" shows you what your iptables/kernel
support:</para> support:</para>
<programlisting>gateway:~# shorewall check <programlisting>gateway:~# shorewall show capabilities
Loading /usr/share/shorewall/functions... Shorewall has detected the following iptables/netfilter capabilities:
Processing /etc/shorewall/params ... <emphasis role="bold"> NAT: Available
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
<emphasis role="bold">Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available Packet Mangling: Available
Multi-port Match: Available Multi-port Match: Available
Extended Multi-port Match: Available Extended Multi-port Match: Available
Connection Tracking Match: Available Connection Tracking Match: Available
Packet Type Match: Not available Packet Type Match: Available
Policy Match: Available Policy Match: Available
Physdev Match: Available Physdev Match: Available
IP range Match: Available</emphasis> IP range Match: Available
Verifying Configuration... Recent Match: Available
Owner Match: Available
Ipset Match: Available
ROUTE Target: Not available
Extended MARK Target: Available
CONNMARK Target: Available
Connmark Match: Available</emphasis>
<emphasis role="bold">Raw Table: Available</emphasis>
gateway:~#</programlisting>
</glossdef>
</glossentry>
...</programlisting> <glossentry>
<glossterm>iptables: invalid argument</glossterm>
<glossdef>
<para>Answer: 99.999% of the time, this error is caused by a
mismatch between your iptables and kernel.</para>
<orderedlist>
<listitem>
<para>Your iptables must be compiled against a kernel source
tree that is Netfilter-compatible with the kernel that you are
running.</para>
</listitem>
<listitem>
<para>If you rebuild iptables using the defaults and install it,
it will be installed in /usr/local/sbin/iptables. As shown
above, you have the IPTABLES variable in shorewall.conf set to
"/sbin/iptables".</para>
</listitem>
</orderedlist>
</glossdef> </glossdef>
</glossentry> </glossentry>
</glosslist> </glosslist>