iptables-restore v1.2.9: Line 13 seems to have a -t table option.

Mon Aug 30 20:18:42 UTC 2004

Am Mo, den 30.08.2004 schrieb Hans Christian Studt um 21:49:

Please don't change the reply address like you did. It is very
uncomfortable to always have to check that a reply will go to the list!

> >What is the content of /etc/sysconfig/iptables and especially line 13
in
> >this file? Seems you have wrong syntax in there.
> 
> ========== /etc/sysconfig/iptables ==========
>       1 *filter
>       2 :INPUT ACCEPT [0:0]
>       3 :FORWARD ACCEPT [0:0]
>       4 :OUTPUT ACCEPT [0:0]
>       5 :RH-Firewall-1-INPUT - [0:0]
>       6 -A INPUT -j RH-Firewall-1-INPUT
>       7 -A FORWARD -j RH-Firewall-1-INPUT
>       8 -A RH-Firewall-1-INPUT -i lo -j ACCEPT
>       9 -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
>      10 -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
>      11 -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j
ACCEPT
>      12 -A RH-Firewall-1-INPUT -j REJECT --reject-with
icmp-host-prohibited
>      13 -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>      14 COMMIT
> ========== /etc/sysconfig/iptables ==========
> 
> Mvh Hans Christian Studt

Right, the error is abvious.

You have a wrong command line (line 13) in the filter section. Remove
line 13. Add to top of the iptables file following:

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT

Run "service iptables restart" and all is fine.

Alexander

-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp 
Serendipity 22:17:14 up 19:33, 12 users, 0.44, 0.22, 0.18 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040830/6ce6eb1e/attachment-0001.sig>