From 6891ed7d8ee668faa71ab74896e8426210417146 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 25 Jan 2004 01:47:43 +0000 Subject: [PATCH] Add FAQ 27a git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1091 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-docs/FAQ.xml | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/Shorewall-docs/FAQ.xml b/Shorewall-docs/FAQ.xml index 79a72ffc9..23d56a50e 100644 --- a/Shorewall-docs/FAQ.xml +++ b/Shorewall-docs/FAQ.xml @@ -1897,6 +1897,33 @@ Creating input Chains... (READ HELP) on the Netfilter Configuration menu. Otherwise, DNAT rules with your firewall as the source zone won't work with your new kernel. + +
+ (FAQ 27a) I just built and installed a new kernel and now + Shorewall won't start. I know that my kernel options are correct. + + The last few lines of a startup + trace are these: + + + run_iptables2 -t nat -A eth0_masq -s 192.168.2.0/24 -d 0.0.0.0/0 -j +MASQUERADE ++ '[' 'x-t nat -A eth0_masq -s 192.168.2.0/24 -d 0.0.0.0/0 -j +MASQUERADE' = 'x-t nat -A eth0_masq -s 192.168.2.0/24 -d 0.0.0. +0/0 -j MASQUERADE' ']' ++ run_iptables -t nat -A eth0_masq -s 192.168.2.0/24 -d 0.0.0.0/0 -j +MASQUERADE ++ iptables -t nat -A eth0_masq -s 192.168.2.0/24 -d 0.0.0.0/0 -j +MASQUERADE +iptables: Invalid argument ++ '[' -z '' ']' ++ stop_firewall ++ set +x + + Answer: Your new kernel + contains headers that are incompatible with the ones used to compile + your iptables utility. You need to rebuild + iptables using your new kernel source. +
@@ -1914,7 +1941,8 @@ Creating input Chains... Revision History - 1.132004-01-24TEAdd + 1.142004-01-24TEAdded + FAQ 27a regarding kernel/iptables incompatibility.1.132004-01-24TEAdd a note about the detectnets interface option in FAQ 9.1.122004-01-20TEImprove FAQ 16 answer.1.112004-01-14TECorrected