forked from extern/shorewall_code
More error message updates
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
e70b1246b0
commit
1b42f18f5f
@ -800,7 +800,7 @@
|
|||||||
<section>
|
<section>
|
||||||
<title>Iptables Error Messages</title>
|
<title>Iptables Error Messages</title>
|
||||||
|
|
||||||
<para>By far the most asked about iptables error message is:</para>
|
<para>By far the most asked about iptables error messages are:</para>
|
||||||
|
|
||||||
<glosslist>
|
<glosslist>
|
||||||
<glossentry>
|
<glossentry>
|
||||||
@ -813,27 +813,53 @@
|
|||||||
copy of the iptables command that is failing. Most commonly, the
|
copy of the iptables command that is failing. Most commonly, the
|
||||||
problem is that one of the match types (keyword following "-m" in
|
problem is that one of the match types (keyword following "-m" in
|
||||||
the command) isn't supported by your iptables/kernel. The output of
|
the command) isn't supported by your iptables/kernel. The output of
|
||||||
"shorewall check" shows you what your iptables/kernel
|
"shorewall show capabilities" shows you what your iptables/kernel
|
||||||
support:</para>
|
support:</para>
|
||||||
|
|
||||||
<programlisting>gateway:~# shorewall check
|
<programlisting>gateway:~# shorewall show capabilities
|
||||||
Loading /usr/share/shorewall/functions...
|
Shorewall has detected the following iptables/netfilter capabilities:
|
||||||
Processing /etc/shorewall/params ...
|
<emphasis role="bold"> NAT: Available
|
||||||
Processing /etc/shorewall/shorewall.conf...
|
|
||||||
Loading Modules...
|
|
||||||
<emphasis role="bold">Shorewall has detected the following iptables/netfilter capabilities:
|
|
||||||
NAT: Available
|
|
||||||
Packet Mangling: Available
|
Packet Mangling: Available
|
||||||
Multi-port Match: Available
|
Multi-port Match: Available
|
||||||
Extended Multi-port Match: Available
|
Extended Multi-port Match: Available
|
||||||
Connection Tracking Match: Available
|
Connection Tracking Match: Available
|
||||||
Packet Type Match: Not available
|
Packet Type Match: Available
|
||||||
Policy Match: Available
|
Policy Match: Available
|
||||||
Physdev Match: Available
|
Physdev Match: Available
|
||||||
IP range Match: Available</emphasis>
|
IP range Match: Available
|
||||||
Verifying Configuration...
|
Recent Match: Available
|
||||||
|
Owner Match: Available
|
||||||
|
Ipset Match: Available
|
||||||
|
ROUTE Target: Not available
|
||||||
|
Extended MARK Target: Available
|
||||||
|
CONNMARK Target: Available
|
||||||
|
Connmark Match: Available</emphasis>
|
||||||
|
<emphasis role="bold">Raw Table: Available</emphasis>
|
||||||
|
gateway:~#</programlisting>
|
||||||
|
</glossdef>
|
||||||
|
</glossentry>
|
||||||
|
|
||||||
...</programlisting>
|
<glossentry>
|
||||||
|
<glossterm>iptables: invalid argument</glossterm>
|
||||||
|
|
||||||
|
<glossdef>
|
||||||
|
<para>Answer: 99.999% of the time, this error is caused by a
|
||||||
|
mismatch between your iptables and kernel.</para>
|
||||||
|
|
||||||
|
<orderedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Your iptables must be compiled against a kernel source
|
||||||
|
tree that is Netfilter-compatible with the kernel that you are
|
||||||
|
running.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>If you rebuild iptables using the defaults and install it,
|
||||||
|
it will be installed in /usr/local/sbin/iptables. As shown
|
||||||
|
above, you have the IPTABLES variable in shorewall.conf set to
|
||||||
|
"/sbin/iptables".</para>
|
||||||
|
</listitem>
|
||||||
|
</orderedlist>
|
||||||
</glossdef>
|
</glossdef>
|
||||||
</glossentry>
|
</glossentry>
|
||||||
</glosslist>
|
</glosslist>
|
||||||
|
Loading…
Reference in New Issue
Block a user