iptables help..

iptables help..

[JM]

network looks like this...


                                                           LAN 
                                                              |
                                                              |
                                                        Firewall
                                                               |
                                                               |
remote server ( A, B, C ) ---- router2 ----- router1 ----- route3 --- remote server (1, 2, 3 etc ) --- internet
                      |
 Datacenter     |
     (network)    |
          remote server (x,y,z)
                    |
                    |
                 internet

i want to access the http server on "remote server x" from LAN.. without going through the internet..
so what i did is setup DNAT on "remote server A" but somehow its not working.. 

this is my ruleset..

NAT
-A PREROUTING -d serverA_IP -p tcp -m tcp --sport 1024:65535 --dport 81 -j DNAT --to-destination serverx_IP:80

FILTER
-A INPUT -p tcp -s LAN_IP/24 --sport 1024:65535 -d serverA_IP --dport 81 -j LOG --log-prefix "INPUT packets:"
-A FORWARD -d  serverx_IP -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT
-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -j LOG --log-prefix "FORWARD packets:"


TIA
jm

Re: iptables help..

[Ralf Spenneberg]

Am Fre, 2003-10-10 um 06.45 schrieb JM:
> i want to access the http server on "remote server x" from LAN.. without going through the internet..
> so what i did is setup DNAT on "remote server A" but somehow its not working.. 
> 
> this is my ruleset..
> 
> NAT
> -A PREROUTING -d serverA_IP -p tcp -m tcp --sport 1024:65535 --dport 81 -j DNAT --to-destination serverx_IP:80
> 
> FILTER
> -A INPUT -p tcp -s LAN_IP/24 --sport 1024:65535 -d serverA_IP --dport 81 -j LOG --log-prefix "INPUT packets:"
> -A FORWARD -d  serverx_IP -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT
> -A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
> -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A FORWARD -p tcp -j LOG --log-prefix "FORWARD packets:"
> 
So how does it not work? What error messages do you see? Did you enable
routing on server_A? You probably want an SNAT rule too, because
otherwise server_X will try to answer directly to the LAN. That might
create problems doing conntrack on server_A and your Firewall protecting
the LAN.

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto				     http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org

Re: iptables help..

[JM]

hi,

i added LOGging on server_A

log all INPUT and FORWARD to messages log file... and for some reason nothing 
is comming up...

[ having nightmares on this.. : (  ]

TIA

On Friday 10 October 2003 13:29, Ralf Spenneberg wrote:
> Am Fre, 2003-10-10 um 06.45 schrieb JM:
> > i want to access the http server on "remote server x" from LAN.. without
> > going through the internet.. so what i did is setup DNAT on "remote
> > server A" but somehow its not working..
> >
> > this is my ruleset..
> >
> > NAT
> > -A PREROUTING -d serverA_IP -p tcp -m tcp --sport 1024:65535 --dport 81
> > -j DNAT --to-destination serverx_IP:80
> >
> > FILTER
> > -A INPUT -p tcp -s LAN_IP/24 --sport 1024:65535 -d serverA_IP --dport 81
> > -j LOG --log-prefix "INPUT packets:" -A FORWARD -d  serverx_IP -p tcp -m
> > tcp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT -A
> > FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
> > -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> > -A FORWARD -p tcp -j LOG --log-prefix "FORWARD packets:"
>
> So how does it not work? What error messages do you see? Did you enable
> routing on server_A? You probably want an SNAT rule too, because
> otherwise server_X will try to answer directly to the LAN. That might
> create problems doing conntrack on server_A and your Firewall protecting
> the LAN.
>
> Cheers,
>
> Ralf

iptables help

[Vikram Bhuskute]

Hi All,
             I am trying to understand the netfilter/ipatable source
code . 
1. Could somebody suggest godd place/doc/tutorial to start ?
2. I was trying to locate the place where the source IP and  ports are
actually changed ..but couldn't locate ?


Any info on this will be a great help for me.

Regards

Vikram

============================================================================================================================

Tech Mahindra, formerly Mahindra-British Telecom.
 
Disclaimer:

This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/Disclaimer.html">http://tim.techmahindra.com/Disclaimer.html</a> internally within Tech Mahindra.

============================================================================================================================

Re: Iptables help

[Henrik Nordstrom]

On Mon, 4 Apr 2005, dpadalkar2001 wrote:

>    Currently i'm developing something similar to iptables.I wud like to know
> where does the iptables store the rules and the format in which it sotres the
> rules.

iptables stores rules in a linear table (with jumps), uploaded to the 
kernel as a binary blob. There is one such blob per table type (filter, 
nat, mangle, ...), and each hook has it's own entrypoint in the table.

This structure is managed by libiptc. Relevant structures can be found in 
include/linux/netfilter_ipv4/ip_tables.h. The main binary table descriptor 
is ipt_replace, and is immediately followed by a list of ipt_entry, each 
followed by a list of ipt_match and a final ipt_target.

I do not remember what the underflow thing is about.

> If i can know this , my task to store it in good format becomes a bit
> easier and more standardised . I shall be very grateful and am very very helpful

You may want to look at the HiPAC project

   http://www.hipac.org/

this uses very efficient tree structures for storing the ruleset.

RE: Iptables help

[Vishwas Manral]

Hi,

I had worked on something similar and could not find any document on
this.

However the rules are stored as "struct ipt_entry" in the kernel. Check
the file ip_tables.c for function do_replace. It should be clearer to
you. 

If it is not let me know.

Thanks,
Vishwas
-----Original Message-----
From: netfilter-devel-bounces@lists.netfilter.org
[mailto:netfilter-devel-bounces@lists.netfilter.org] On Behalf Of
dpadalkar2001
Sent: Monday, April 04, 2005 10:42 AM
To: netfilter-devel@lists.netfilter.org
Subject: Iptables help


hello.
    Currently i'm developing something similar to iptables.I wud like to
know
where does the iptables store the rules and the format in which it
sotres the 
rules. If i can know this , my task to store it in good format becomes a
bit 
easier and more standardised . I shall be very grateful and am very very
helpful
   thanx
Indiatimes Email now powered by APIC Advantage. Help! 
Help

Iptables help

[dpadalkar2001]

hello.
    Currently i'm developing something similar to iptables.I wud like to know
where does the iptables store the rules and the format in which it sotres the 
rules. If i can know this , my task to store it in good format becomes a bit 
easier and more standardised . I shall be very grateful and am very very helpful
   thanx
Indiatimes Email now powered by APIC Advantage. Help! 
Help

Re: IPTABLES HELP

[Jason Opperisano]

On Wed, 2004-12-15 at 18:09, Burton wrote:
> Ok I have had some great help with people on this board I just have not
> found an answer to my problem.
>  
> This is what I need to happen
>  
> [Client]--->T1(12.22.81.1) -->[Linux 12.22.81.8 10025]-->[Windows Mail
> Server 204.250.113.2 25] 
> 
> Then I would like it to also send the data back though T1 (12.22.81.1)
>  
> Current clients get to our SMTP server IE:
> [Client]--->T1(204.250.113.1) -->[Windows Mail Server 204.250.113.2 25]
>  
> 
> The point of this is my boss wants us to divert some traffic though t1
> (12.22.81.1) but keep the our mail server on its current network
>  
> This is what I have tried
>  
> iptables -F
> service iptables stop
>  
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 10025 -j DNAT --to
> 204.250.113.2:25

try adding:

  iptables -t nat -A POSTROUTING -o eth1 -d 204.250.113.2 --dport 25 \
    -j SNAT --to-source $ip_of_eth1

to force the replies from the windows mail server back through the linux
box.
 
-j

--
"Here we have an ordinary square.
 Whoa! Slow down egghead!"
	--The Simpsons

IPTABLES HELP

[Burton]

Ok I have had some great help with people on this board I just have not
found an answer to my problem.
 
This is what I need to happen
 
[Client]--->T1(12.22.81.1) -->[Linux 12.22.81.8 10025]-->[Windows Mail
Server 204.250.113.2 25] 
 
Then I would like it to also send the data back though T1 (12.22.81.1)
 
Current clients get to our SMTP server IE:
[Client]--->T1(204.250.113.1) -->[Windows Mail Server 204.250.113.2 25]
 
 
The point of this is my boss wants us to divert some traffic though t1
(12.22.81.1) but keep the our mail server on its current network
 
This is what I have tried
 
iptables -F
service iptables stop
 
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 10025 -j DNAT --to
204.250.113.2:25
 
iptables -t filter -A FORWARD -i eth0 -d 204.250.113.2 - o eth1 -p tcp
--dport 25 -j ACCEPT
 
service iptables save
 
service iptables start
 
telnet 12.22.81.8 10025
 
I have no other scripts running in my IPTABLES that is why I do the flush
and Ipfowarding is set to 1
 
Any Ideas?

Re: iptables help

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 613 bytes --]

On Thu, Nov 04, 2004 at 10:42:47AM +0800, Wei Ming Long wrote:
> 
> Hi everone,
> 
> I have a setup as shown below:

This is a development mailinglist.  You are not asking a development,
but a user question, it is therefor off-topic.
-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: iptables help

[Bosse Klykken]

On Thu, Nov 04, 2004 at 10:40:51AM +0800, Wei Ming Long wrote:
>                    VNC Server 192.168.1.4
>                           |
>                           | --------> ssh tunnel on port 5800
>                           |
>                 eth1= 192.168.1.2
>                           |
>                 Linux Gateway
>                           |
>                  eth0=192.168.33.167
>                           |
>                           |
>                  WindowsXP 192.168.33.164 
>           
> 
> Requirement: To be able to access the VNC Server behind the Linux gateway
> using the web browser on port 5800 tunneled through ssh.

If the 192.168.33.0/24 network has a valid route for the 192.168.1.0/24
network through the Linux gateway, then you could SSH directly to the
VNC server without NAT. On the Windows XP machine you can use plink or
putty to make the port mappings, and point the XP web browser to
localhost.

Be advised that VNC port 5800 has java stuff only, while I believe that
VNC traffic still will transmit on port 5900, so you might need to
create an additional SSH tunnel, if you can't use a vncviewer on the XP
machine and do with a SSH port link on port 5900.

> I created a ssh tunnel between the VNC Server(192.168.1.4) & the Linux
> Gateway(192.168.1.2) for port 5800

OK, you can do this if the networks are not routable with each other.
For troubleshooting I would get a vncviewer on the XP box, instead of
fiddling around with the java stuff. When you can get an ordinary
connection with a vncviewer on port 5900, you can try creating another
SSH tunnel for port 5800, and see if you can access the java client.

On the linux box, you can run this:
ssh -N -L 5800:localhost:5800 192.168.1.4
ssh -N -L 5900:localhost:5900 192.168.1.4

And then go to http://192.168.33.167:5800 from your XP web browser.

> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
> 192.168.1.2:5800 

I don't really see the need for NAT here.

.../Bosse
-- 
Bosse Klykken - http://www.klykken.com/~bosse
Keep staring. I might do a trick.

Re: iptables help

[Jason Opperisano]

On Wed, 2004-11-03 at 21:40, Wei Ming Long wrote:
> Hi everone,
> 
> I have a setup as shown below:
> 
>                    VNC Server 192.168.1.4
>                           |
>                           | --------> ssh tunnel on port 5800
>                           |
>                 eth1= 192.168.1.2
>                           |
>                 Linux Gateway
>                           |
>                  eth0=192.168.33.167
>                           |
>                           |
>                  WindowsXP 192.168.33.164 
>           
> 
> Requirement: To be able to access the VNC Server behind the Linux gateway
> using the web browser on port 5800 tunneled through ssh.
> 
> I created a ssh tunnel between the VNC Server(192.168.1.4) & the Linux
> Gateway(192.168.1.2) for port 5800 and the following iptables command in
> Gateway:
> 
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
> 192.168.1.2:5800 
> 
> When I type in http://192.168.33.167 in the browser on the WindowsXP machine,
> Iwas expecting that the http request on port 80 would be redirected to port
> 5800 & go through the tunnel & reach the VNC Server.
> 
> But it doesn't work, what is wrong? can someone please help me with this?

without seeing how your ssh forwarding is setup, no.

-j

--
"Ah! the searing kiss of hot lead; how I missed you! I mean, I think
 I'm dying."
	--The Simpsons

iptables help

[Wei Ming Long]

Hi everone,

I have a setup as shown below:

                   VNC Server 192.168.1.4
                          |
                          | --------> ssh tunnel on port 5800
                          |
                eth1= 192.168.1.2
                          |
                Linux Gateway
                          |
                 eth0=192.168.33.167
                          |
                          |
                 WindowsXP 192.168.33.164 
          

Requirement: To be able to access the VNC Server behind the Linux gateway
using the web browser on port 5800 tunneled through ssh.

I created a ssh tunnel between the VNC Server(192.168.1.4) & the Linux
Gateway(192.168.1.2) for port 5800 and the following iptables command in
Gateway:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
192.168.1.2:5800 

When I type in http://192.168.33.167 in the browser on the WindowsXP machine,
I was expecting that the http request on port 80 would be redirected to port
5800 & go through the tunnel & reach the VNC Server.

But it doesn't work, what is wrong? can someone please help me with this?


Best regards
Matthew


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This email is confidential and may be privileged. If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank You.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

iptables help

[Wei Ming Long]

Hi everone,

I have a setup as shown below:

                   VNC Server 192.168.1.4
                          |
                          | --------> ssh tunnel on port 5800
                          |
                eth1= 192.168.1.2
                          |
                Linux Gateway
                          |
                 eth0=192.168.33.167
                          |
                          |
                 WindowsXP 192.168.33.164 
          

Requirement: To be able to access the VNC Server behind the Linux gateway
using the web browser on port 5800 tunneled through ssh.

I created a ssh tunnel between the VNC Server(192.168.1.4) & the Linux
Gateway(192.168.1.2) for port 5800 and the following iptables command in
Gateway:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
192.168.1.2:5800 

When I type in http://192.168.33.167 in the browser on the WindowsXP machine,
Iwas expecting that the http request on port 80 would be redirected to port
5800 & go through the tunnel & reach the VNC Server.

But it doesn't work, what is wrong? can someone please help me with this?


Best regards
Matthew


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This email is confidential and may be privileged. If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank You.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

iptables help

[Wei Ming Long]

Hi everone,

I have a setup as shown below:

                   VNC Server 192.168.1.4
                          |
                          | --------> ssh tunnel on port 5800
                          |
                eth1= 192.168.1.2
                          |
                Linux Gateway
                          |
                 eth0=192.168.33.167
                          |
                          |
                 WindowsXP 192.168.33.164 
          

Requirement: To be able to access the VNC Server behind the Linux gateway
using the web browser on port 5800 tunneled through ssh.

I created a ssh tunnel between the VNC Server(192.168.1.4) & the Linux
Gateway(192.168.1.2) for port 5800 and the following iptables command in
Gateway:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
192.168.1.2:5800 

When I type in http://192.168.33.167 in the browser on the WindowsXP machine,
Iwas expecting that the http request on port 80 would be redirected to port
5800 & go through the tunnel & reach the VNC Server.

But it doesn't work, what is wrong? can someone please help me with this?


Best regards
Matthew


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This email is confidential and may be privileged. If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank You.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

iptables help

[Wei Ming Long]

Hi everone,

I have a setup as shown below:

                   VNC Server 192.168.1.4
                          |
                          | --------> ssh tunnel on port 5800
                          |
                eth1= 192.168.1.2
                          |
                Linux Gateway
                          |
                 eth0=192.168.33.167
                          |
                          |
                 WindowsXP 192.168.33.164 
          

Requirement: To be able to access the VNC Server behind the Linux gateway
using the web browser on port 5800 tunneled through ssh.

I created a ssh tunnel between the VNC Server(192.168.1.4) & the Linux
Gateway(192.168.1.2) for port 5800 and the following iptables command in
Gateway:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
192.168.1.2:5800 

When I type in http://192.168.33.167 in the browser on the WindowsXP machine,
Iwas expecting that the http request on port 80 would be redirected to port
5800 & go through the tunnel & reach the VNC Server.

But it doesn't work, what is wrong? can someone please help me with this?


Best regards
Matthew


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This email is confidential and may be privileged. If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank You.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Re: iptables help

[Antony Stone]

On Thursday 29 July 2004 12:20 am, Ashley M. Kirchner wrote:

>     I need some help adding a few blocking rules (*) to an iptables
> script that I once inherited, and grown over time.  I don't want to post
> the whole thing here because I don't need to be spamming everyone with
> it, but if there's a kind soul willing to help, I'll gladly send it
> (unless no one objects to getting the whole file.)
>
>     (*) the basic gist is that I need to block places like hotmail.com,
> yahoo.com, and other sites from getting accessed from only two machines
> on our private network, during a specific period of time.  If we like
> the way it works, we'll add more machines/IPs to it later.

1. What help do you need?   Adding rules to block specific traffic is quite 
simple:

iptables -I FORWARD -s a.b.c.d -d w.x.y.z -p tcp --dport 80 -j REJECT

(this is assuming that you meant you want to block web access - I've assumed 
this because the domains you mentioned are best known as large websites)

a.b.c.d is the machine in your network you want the block to apply to
w.x.y.z is a machine on the Internet you don't want them to access

2. Applying a time window to rules is also fairly simple once you've applied 
the 'time' match from patch-o-matic:

iptables -I FORWARD -s a.b.c.d -d w.x.y.z -p txp --dport 80 -m time 
--timestart 09:00 --timestop 17:00 -j REJECT

Do block the same packets as for the previous rule, but only between 09:00 and 
17:00 each day.

3. If it is primarily web access you want to restrict, you may well find that 
Squid http://www.squid-cache.org is a better way of doing it; that can 
control access to domains by domain name rather than requiring a rule for 
each web server IP address (as netfilter does), and can also do time-based 
matching as a standard facility.

Hope this helps,

Regards,

Antony.

-- 
Wanted: telepath.   You know where to apply.

                                                     Please reply to the list;
                                                           please don't CC me.

iptables help

[Ashley M. Kirchner]

    I need some help adding a few blocking rules (*) to an iptables 
script that I once inherited, and grown over time.  I don't want to post 
the whole thing here because I don't need to be spamming everyone with 
it, but if there's a kind soul willing to help, I'll gladly send it 
(unless no one objects to getting the whole file.)

    (*) the basic gist is that I need to block places like hotmail.com, 
yahoo.com, and other sites from getting accessed from only two machines 
on our private network, during a specific period of time.  If we like 
the way it works, we'll add more machines/IPs to it later.

RE: iptables Help

[Daniel Chemko]

Vinay, this isn't a simple problem that can be applied to a standardf
template. To get some info on balancing and sculpting lines, see
http://lartc.org or http://linux-ip.net/html/linux-ip.html 

They have enough reference material to get you through the process.

You also have to note something else. If the two ISP line aren't from
the same ISP, there's no guarantee this'll work at all. The problem is
that each set of IP addresses tied to your PC are pointed to by your
ISP. If your ISP finds you sending sources packets from a network that
isn't theirs, they have all the right in the world to block those
packets. Both Sender/Receiver have to have the same address to make
connections.

Good luck.

iptables Help

[Vinay Poojary]

Dear Sir,

  I have installed redhat 9.0 for my server, i have two Internet links. I
have 3 Interface cards attached to my server where the two Internet
links terminate and One Internet card for my local network.

suppose

eth0 - 10.0.0.200 (Local Lan IP address)
eth1 - 11.0.0.254  (The first Isp Link terminate let it be of tata )
eth2 - 12.0.0.254  (The second isp Link terminate Let it be of sify)

 My default gateway is Isp 1 (eth1) But the problem with these is that
they charge a lot .

 So what i want is to upload from eth1 (first Internet Link) and download
from eth2 (second Internet link).

 Please send me any iptable rule which could do this.

Thanks In advance,

Waiting for your reply,

Regards,
vinay

RE: iptables help..

[George Vieira]

> > FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
You have it accepting packets before it gets LOGged.. Put the LOG line above all others..
> > -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> > -A FORWARD -p tcp -j LOG --log-prefix "FORWARD packets:"

Also, if your DNATing to a local webserver on the same network, it won't work without a SNAT as per jeromes suggestion as you have to make it look like the firewall is MAQUERADing your lan to an outside address BUT it's really inside, so your webserver will see all packets as the firewall and not local hosts...

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

Phone   : +61 2 9955 2644
HelpDesk: +61 2 9955 2698
 

> -----Original Message-----
> From: JM [mailto:jerome@gmanmi.tv]
> Sent: Monday, 13 October 2003 1:12 PM
> To: Ralf Spenneberg
> Cc: Netfilter
> Subject: Re: iptables help..
> 
> 
> hi,
> 
> i added LOGging on server_A
> 
> log all INPUT and FORWARD to messages log file... and for 
> some reason nothing 
> is comming up...
> 
> [ having nightmares on this.. : (  ]
> 
> TIA
> 
> 

iptables help

[Laxman Gummadavally]

[-- Attachment #1: Type: text/plain, Size: 675 bytes --]

Hi ,

I have installed RedHat linux 7.3.. 
Iptables version :    Iptables-1.2.5-3 


When I issue the following comand I am getting error like
[root@fire laxman]# modprobe iptable_nat
/lib/modules/2.4.18-3/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.18-3/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.18-3/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.18-3/kernel/net/ipv4/netfilter/ip_tables.o: insmod iptable_nat failed
[root@fire laxman]# 


Please Help me....
Laxman

[-- Attachment #2: Type: text/html, Size: 1400 bytes --]