iptperl-general — General discussion list for IPTables::IPv4 module

Re: [Iptperl-general] Is IPTables::IPv4 Perl module trustable?

[Alex O. <Ale...@ab...>]

Bruno,
We have an own-build distribution, made from scratch.
We productize a Complete All-in-one solution
(http://www.axsguard.com)
(Router/Firewall/VPN/Content Scanning/E-mail/... much more)
Regards
alex

On Tue, 2004-07-27 at 14:45, Bruno Negr=E3o wrote:
> Thanks Alex. And what kind of linux is yours? (mine is redhat)
>=20
> bruno.
>=20
>=20
> We used it sucessfully on 2.4.19, 2.4.20, 2.4.22 and 2.4.24
> alex
> On Mon, 2004-07-26 at 20:04, Bruno Negr=E3o wrote:
> > Hi Derrik and everybody,
> >
> > I'm asking this because i liked your module and i'd like to use it to
> make
> > some programs to manage a big firewall i have in production here.
> > Since this is an important machine, and your module is so "particular=
"(it
> > uses C libraries that i don't understand and i don't know how to use =
or
> > evaluate by myself) , i'm making a little research about it before st=
art
> > using it.
> >
> > Do you have some advice about using your module in procuction machine=
s?
> >
> > Is your module compatible with all 2.4.x kernels?
> >
> > I read in its README file that it cleans all your firewall rules, mak=
e
> some
> > tests, and then it loads all the rules again.
> > It it really doing this? If so, i cant install it remotely neither in=
 the
> > business hours.
> >
> > regards,
> > bruno
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by BEA Weblogic Workshop
> > FREE Java Enterprise J2EE developer tools!
> > Get your free copy of BEA WebLogic Workshop 8.1 today.
> > http://ads.osdn.com/?ad_id=3D4721&alloc_id=3D10040&op=3Dclick
> > _______________________________________________
> > Iptperl-general mailing list
> > Ipt...@li...
> > https://lists.sourceforge.net/lists/listinfo/iptperl-general
>=20
> --
> aXs GUARD has completed security and anti-virus checks on this e-mail
> (http://www.axsguard.com)
>=20
>=20
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_idG21&alloc_id=10040&op=3Dick
> _______________________________________________
> Iptperl-general mailing list
> Ipt...@li...
> https://lists.sourceforge.net/lists/listinfo/iptperl-general
>=20

--
aXs GUARD has completed security and anti-virus checks on this e-mail
(http://www.axsguard.com)

Re: [Iptperl-general] Is IPTables::IPv4 Perl module trustable?

[<vpo...@en...>]

Thanks Alex. And what kind of linux is yours? (mine is redhat)

bruno.


We used it sucessfully on 2.4.19, 2.4.20, 2.4.22 and 2.4.24
alex
On Mon, 2004-07-26 at 20:04, Bruno Negrão wrote:
> Hi Derrik and everybody,
>
> I'm asking this because i liked your module and i'd like to use it to
make
> some programs to manage a big firewall i have in production here.
> Since this is an important machine, and your module is so "particular"(it
> uses C libraries that i don't understand and i don't know how to use or
> evaluate by myself) , i'm making a little research about it before start
> using it.
>
> Do you have some advice about using your module in procuction machines?
>
> Is your module compatible with all 2.4.x kernels?
>
> I read in its README file that it cleans all your firewall rules, make
some
> tests, and then it loads all the rules again.
> It it really doing this? If so, i cant install it remotely neither in the
> business hours.
>
> regards,
> bruno
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
> _______________________________________________
> Iptperl-general mailing list
> Ipt...@li...
> https://lists.sourceforge.net/lists/listinfo/iptperl-general

--
aXs GUARD has completed security and anti-virus checks on this e-mail
(http://www.axsguard.com)


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=ick
_______________________________________________
Iptperl-general mailing list
Ipt...@li...
https://lists.sourceforge.net/lists/listinfo/iptperl-general

Re: [Iptperl-general] Is IPTables::IPv4 Perl module trustable?

[Alex O. <Ale...@ab...>]

We used it sucessfully on 2.4.19, 2.4.20, 2.4.22 and 2.4.24
alex
On Mon, 2004-07-26 at 20:04, Bruno Negr=E3o wrote:
> Hi Derrik and everybody,
>=20
> I'm asking this because i liked your module and i'd like to use it to m=
ake
> some programs to manage a big firewall i have in production here.
> Since this is an important machine, and your module is so "particular"(=
it
> uses C libraries that i don't understand and i don't know how to use or
> evaluate by myself) , i'm making a little research about it before star=
t
> using it.
>=20
> Do you have some advice about using your module in procuction machines?
>=20
> Is your module compatible with all 2.4.x kernels?
>=20
> I read in its README file that it cleans all your firewall rules, make =
some
> tests, and then it loads all the rules again.
> It it really doing this? If so, i cant install it remotely neither in t=
he
> business hours.
>=20
> regards,
> bruno
>=20
>=20
>=20
>=20
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=3D4721&alloc_id=3D10040&op=3Dclick
> _______________________________________________
> Iptperl-general mailing list
> Ipt...@li...
> https://lists.sourceforge.net/lists/listinfo/iptperl-general

--
aXs GUARD has completed security and anti-virus checks on this e-mail
(http://www.axsguard.com)

Re: [Iptperl-general] Is IPTables::IPv4 Perl module trustable?

[Derrik P. <dp...@ds...>]

Bruno Negrão wrote:
> I'm asking this because i liked your module and i'd like to use it to make
> some programs to manage a big firewall i have in production here.
> Since this is an important machine, and your module is so "particular"(it
> uses C libraries that i don't understand and i don't know how to use or
> evaluate by myself) , i'm making a little research about it before start
> using it.

Understood. libiptc is a pretty complex piece of code. I don't know that 
my wrapper approaches its level of complexity, but it's all complicated.

> Do you have some advice about using your module in procuction machines?

You'd have to ask the people who are using it in production systems.

> Is your module compatible with all 2.4.x kernels?

To my knowledge. I personally am running 2.6.7 on my main daily-use 
systems (my office workstation and my PowerBook), but if a recent 
version of iptables works on the kernel, IPTables::IPv4 will as well.

> I read in its README file that it cleans all your firewall rules, make some
> tests, and then it loads all the rules again.
> It it really doing this? If so, i cant install it remotely neither in the
> business hours.

I'd suggest downloading the tarball and running 'perl Makefile.PL ; make 
; make install' then, instead of installing it using the CPAN shell. 
It's the 'make test' part that does that.

--
Derrik Pates
dp...@ds...

Re: [Iptperl-general] Is IPTables::IPv4 Perl module trustable?

[<vpo...@en...>]

Hi Derrik and everybody,

I'm asking this because i liked your module and i'd like to use it to make
some programs to manage a big firewall i have in production here.
Since this is an important machine, and your module is so "particular"(it
uses C libraries that i don't understand and i don't know how to use or
evaluate by myself) , i'm making a little research about it before start
using it.

Do you have some advice about using your module in procuction machines?

Is your module compatible with all 2.4.x kernels?

I read in its README file that it cleans all your firewall rules, make some
tests, and then it loads all the rules again.
It it really doing this? If so, i cant install it remotely neither in the
business hours.

regards,
bruno

Re: [Iptperl-general] Is IPTables::IPv4 Perl module trustable?

[Alex O. <Ale...@ab...>]

Hi,

We are using it already for a long time and on many
systems and it works well (for us).

Thanks to Derek for this

Regards
alex

On Sat, 2004-07-24 at 01:34, Bruno Negr=E3o wrote:
> Hi guys,
>=20
> My question is exactly the one in the e-mail subject: Is
> IPTables::IPv4
> Perl module trustable?
>=20
> This module is a perl interface to the 'libiptc' library, written by,
> Derrik Pates. I'd like to use it in an application.
> But I read in netfilter's FAQ the following:
>=20
> "4.5 Is there an C/C++ API for adding/removing rules?
> The answer unfortunately is: No.
> Now you might think 'but what about libiptc?'. As has been pointed out
> numerous times on the mailinglist(s), libiptc was _NEVER_ meant to be
> used
> as a public interface. We don't guarantee a stable interface, and it
> is
> planned to remove it in the next incarnation of linux packet
> filtering.
> libiptc is way too low-layer to be used reasonably anyway.
> We are well aware that there is a fundamental lack for such an API,
> and we
> are working on improving that situation. Until then, it is recommended
> to
> either use system() or open a pipe into stdin of iptables-restore. The
> latter will give you a way better performance."
>=20
> Does someone else already tested it before? Does someone else there
> knows
> its internals?
>=20
> Thanks,
> bruno negr=E3o
>=20

--
aXs GUARD has completed security and anti-virus checks on this e-mail
(http://www.axsguard.com)

Re: [Iptperl-general] Is IPTables::IPv4 Perl module trustable?

[Derrik P. <dp...@ds...>]

Bruno Negrão wrote:
> My question is exactly the one in the e-mail subject: Is IPTables::IPv4
> Perl module trustable?
> 
> This module is a perl interface to the 'libiptc' library, written by,
> Derrik Pates. I'd like to use it in an application.
> But I read in netfilter's FAQ the following:
> 
> "4.5 Is there an C/C++ API for adding/removing rules?
> The answer unfortunately is: No.
> Now you might think 'but what about libiptc?'. As has been pointed out
> numerous times on the mailinglist(s), libiptc was _NEVER_ meant to be used
> as a public interface. We don't guarantee a stable interface, and it is
> planned to remove it in the next incarnation of linux packet filtering.
> libiptc is way too low-layer to be used reasonably anyway.
> We are well aware that there is a fundamental lack for such an API, and we
> are working on improving that situation. Until then, it is recommended to
> either use system() or open a pipe into stdin of iptables-restore. The
> latter will give you a way better performance."

The ways they suggest will work, but not very well, and they're really 
quite ugly. Yes, a whole new userspace tool for managing netfilter rules 
will eventually be written - but that's still a ways off, and until the 
kernel side interface changes, the libiptc code which I'm using from the 
iptables codebase will continue to work just fine, thank you.

> Does someone else already tested it before? Does someone else there knows
> its internals?

I don't really know what you're saying here. But really, you can test it 
any way you need to, or have whoever you want test it for you - the 
source is there for your (or anybody's) perusal. It incorporates a fair 
amount of code on top of libiptc so that you don't have to know the raw 
data structures, and generally makes things a good bit nicer than 
calling libiptc directly, and way cleaner than assembling command lines 
and using system() to call out to iptables (I've tried that before, long 
ago, and it caused me great pain. Or maybe that was just lunch one 
day... I forget now.)

-- 
Derrik Pates
dp...@ds...

Re: [Iptperl-general] Can't install IPTables::IPv4 in RedHat 7.2

[Derrik P. <dp...@ds...>]

Bruno Negrão wrote:
> I can't install the IPTables::IPv4 module - the 'make test' failed. The
> last installation messages are bellow:
> 
> rm -f blib/arch/auto/IPTables/IPv6/IPv6.so
> LD_RUN_PATH="" gcc  -shared -L/usr/local/lib IPv6.o loader_v6.o packer_v6.o
> unpacker_v6.o maskgen_v6.o libiptc/libiptc.a  -o
> blib/arch/auto/IPTables/IPv6/IPv6.so
> chmod 755 blib/arch/auto/IPTables/IPv6/IPv6.so
> Running Mkbootstrap for IPTables::IPv6 ()
> /bin/sh: -MExtUtils::Mkbootstrap: command not found
> make: *** [IPv6.bs] Error 127

> The system I tried to install it is a Red Hat 7.2 kernel 2.4.20-19.7. Does
> someone know what can I do to fix it?

Edit Makefile.PL, go to line 61, and change

         \@\$(PERLRUN) \\

to

         \@\$(PERL) \\

Fortunately, most of my development anymore is done on Debian unstable 
running on PowerPC systems, so I don't have Perl 5.6. This is something 
that Perl 5.6 requires. I eventually intend to reorganize the module 
structure so that that kind of hack isn't necessary any longer, but 
until then, it works (for the most part).

-- 
Derrik Pates
dp...@ds...

[Iptperl-general] Is IPTables::IPv4 Perl module trustable?

[<vpo...@en...>]

Hi guys,

My question is exactly the one in the e-mail subject: Is IPTables::IPv4
Perl module trustable?

This module is a perl interface to the 'libiptc' library, written by,
Derrik Pates. I'd like to use it in an application.
But I read in netfilter's FAQ the following:

"4.5 Is there an C/C++ API for adding/removing rules?
The answer unfortunately is: No.
Now you might think 'but what about libiptc?'. As has been pointed out
numerous times on the mailinglist(s), libiptc was _NEVER_ meant to be =
used
as a public interface. We don't guarantee a stable interface, and it is
planned to remove it in the next incarnation of linux packet filtering.
libiptc is way too low-layer to be used reasonably anyway.
We are well aware that there is a fundamental lack for such an API, and =
we
are working on improving that situation. Until then, it is recommended =
to
either use system() or open a pipe into stdin of iptables-restore. The
latter will give you a way better performance."

Does someone else already tested it before? Does someone else there =
knows
its internals?

Thanks,
bruno negr=E3o

[Iptperl-general] Can't install IPTables::IPv4 in RedHat 7.2

[<vpo...@en...>]

Hi guys,

I can't install the IPTables::IPv4 module - the 'make test' failed. The
last installation messages are bellow:

rm -f blib/arch/auto/IPTables/IPv6/IPv6.so
LD_RUN_PATH="" gcc  -shared -L/usr/local/lib IPv6.o loader_v6.o packer_v6.o
unpacker_v6.o maskgen_v6.o libiptc/libiptc.a  -o
blib/arch/auto/IPTables/IPv6/IPv6.so
chmod 755 blib/arch/auto/IPTables/IPv6/IPv6.so
Running Mkbootstrap for IPTables::IPv6 ()
/bin/sh: -MExtUtils::Mkbootstrap: command not found
make: *** [IPv6.bs] Error 127
  /usr/bin/make  -- NOT OK
Running make test
  Can't test without successful make
Running make install
  make had returned bad status, install seems impossible

The system I tried to install it is a Red Hat 7.2 kernel 2.4.20-19.7. Does
someone know what can I do to fix it?

thanks
bruno.

Re: [Iptperl-general] Sample Code

[Jordan H. <jo...@mj...>]

Hi,

We use IPTables::IPv4 but I doubt that a generic perl script will
help you setting up your particular rules. I combined this module
with Config::General for a particular application, so there is not
much to see anymore how it really works.

Try this:

1. set up your iptables rules using iptables, dump/show/recover with
   iptables-save and iptables-restore

2. enter the perl debugger and dump the rules you just set up (eg.
   stating "x \%IPTables::IPv4" on the command line)

3. try the methods from the man page (which is pretty comprehensive)
   in the perl debugger and look at the resulting kernel rules
   (eg. using iptables or uiptables-save).

Using these methods it should be easy to set up your rules script.
jordan

On Tue, 2004-05-18 at 12:25, d h a h n wrote:
> Looking for some sample IPTables::IPv4 code to help me get through a few 
> problems.  Does anyone have anything that they are willing to post or 
> send directly to me?
> 
> Mostly I'm trying to get accurate information about current in memory 
> rules out through my perl script.  At this point, I'm getting basic rule 
> information but, information such as to-destination on DNAT rules is not 
> getting through - I'm guessing it's user/programmer error.
> 
[snip]

Re: [Iptperl-general] Sample Code

[Alex O. <Ale...@ab...>]

We wrote a 'Wrapper' around it.
You might need to do some self-study, but it works
for us.

Do thing like Ipt->fae to append entries to
the filter table (or nae for nat) and
at the end do a Ipt->commit.

I hope it helps you
Regards
alex

On Tue, 2004-05-18 at 12:25, d h a h n wrote:
> Looking for some sample IPTables::IPv4 code to help me get through a few 
> problems.  Does anyone have anything that they are willing to post or 
> send directly to me?
> 
> Mostly I'm trying to get accurate information about current in memory 
> rules out through my perl script.  At this point, I'm getting basic rule 
> information but, information such as to-destination on DNAT rules is not 
> getting through - I'm guessing it's user/programmer error.
> 
> thanks,
> 
> dhahn
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: SourceForge.net Broadband
> Sign-up now for SourceForge Broadband and get the fastest
> 6.0/768 connection for only $19.95/mo for the first 3 months!
> http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
> _______________________________________________
> Iptperl-general mailing list
> Ipt...@li...
> https://lists.sourceforge.net/lists/listinfo/iptperl-general

--
aXs GUARD has completed security and anti-virus checks on this e-mail
(http://www.axsguard.com)

[Iptperl-general] Sample Code

[d h a h n <dh...@dh...>]

Looking for some sample IPTables::IPv4 code to help me get through a few 
problems.  Does anyone have anything that they are willing to post or 
send directly to me?

Mostly I'm trying to get accurate information about current in memory 
rules out through my perl script.  At this point, I'm getting basic rule 
information but, information such as to-destination on DNAT rules is not 
getting through - I'm guessing it's user/programmer error.

thanks,

dhahn

Re: [Iptperl-general] Problem with tcp-flags - option

[Derrik P. <dp...@ds...>]

Frank Schreiner wrote:
> hi all,
> 
> when i start my script i get the following error-message:
> 
> #############################################################
> tcp-flags: field unknown at ./SITCo-Firewall line 320.
> #############################################################
> 
> this are the lines, which causes the error:
> 
> ##############################################################
> %rule3 = ( %rule3, 'tcp-flags' => { mask => [ 'SYN','ACK' ] , comp => [
> 'SYN' ], inv => [ 'ACK' ]  } );
> 
> $filter->append_entry("OUTPUT",\%rule3) || die $!;
> ##############################################################

You have to specify 'protocol' => "tcp" somewhere in there, so that the 
module for the TCP protocol match gets loaded to handle that option.

--
Derrik Pates
dp...@ds...

[Iptperl-general] Problem with tcp-flags - option

[Frank S. <fr...@sc...>]

hi all,

when i start my script i get the following error-message:

#############################################################
tcp-flags: field unknown at ./SITCo-Firewall line 320.
#############################################################

this are the lines, which causes the error:

##############################################################
%rule3 = ( %rule3, 'tcp-flags' => { mask => [ 'SYN','ACK' ] , comp => [
'SYN' ], inv => [ 'ACK' ]  } );

$filter->append_entry("OUTPUT",\%rule3) || die $!;
##############################################################

i tried many things and read the man-page serveral times, but i cant
find my mistake. Actually i try to find something similar to the
iptables-option "! --syn". Could anybody give me an Example.(I know,
this bitmask wouldnt make sense at all - it's only for testing the
syntax)

thanks for help

frank
-- 
Frank Schreiner                                 90403 Nürnberg	
IT Consulting					Tel.:  0911/5975546
Rosental 23					Mobil: 0911/5975547

[Iptperl-general] Leaving tcp/udp ports in numeric mode for IPTables::IPv4::list_chains

[Alain K. <ala...@ll...>]

When listing a rule which contains TCP or UDP port numbers, the module
converts them back to a string representation using getservbyport

Is there any possibility to switch this behavior off?

Thanks,

Alain

[Iptperl-general] Re: make issue on Redhat 9

[David L. <da...@la...>]

for those having the same issue, the solution is to set LANG=C before 
generating the Makefile

Dave

On Tue, 7 Oct 2003, David LaPorte wrote:

> I noticed a posting in the list archives from a few months back but
> didn't recieve a response - forgive me if this is a FAQ.
> 
> When building the module under Redhat 9, I get the following:
> 
> $ perl Makefile.PL
> Writing Makefile for IPTables::IPv4
> $ make
> Makefile:86: *** missing separator.  Stop.
> 
> inspecting the Makefile shows it to be pretty messed up - some values are
> truncated and others aren't quoted properly. It installed fine under
> Redhat 7.3 - any idea why it isn't making properly?  I attached the
> Makefile so you could see what I'm talking about.
> 
> thanks,
> Dave LaPorte
> 
> --
> David LaPorte
> da...@la...

-- 
David LaPorte
da...@la...

[Iptperl-general] make issue on Redhat 9

[David L. <da...@la...>]

I noticed a posting in the list archives from a few months back but
didn't recieve a response - forgive me if this is a FAQ.

When building the module under Redhat 9, I get the following:

$ perl Makefile.PL
Writing Makefile for IPTables::IPv4
$ make
Makefile:86: *** missing separator.  Stop.

inspecting the Makefile shows it to be pretty messed up - some values are
truncated and others aren't quoted properly. It installed fine under
Redhat 7.3 - any idea why it isn't making properly?  I attached the
Makefile so you could see what I'm talking about.

thanks,
Dave LaPorte

--
David LaPorte
da...@la...

Re: [Iptperl-general] $table->commit() bug with latest cvs version of "0.98"?

[<dp...@ds...>]

On Tue, Aug 12, 2003 at 02:11:38PM -0400, Suzor, Greg wrote:
> I started off using IPTables::IPv4 0.97b from CPAN. Everything was fine
> until I noticed a memory leak. Long story short, the latest version from
> cvs, which I'll call "0.98", fixed the problem. However, a new problem has
> emerged.
> 
> Assuming that 'custom_mangle_chain' and 'custom_filter_chain' already exist
> with some rules, the following code will work with 0.97b, but fail with
> "0.98":

> With 0.97b, both rules are properly deleted. However, with "0.98", only
> "mangle->custom_mangle_chain->rule_3" is deleted. If the last two lines
> above are switched, then only "filter->custom_filter_chain->rule_7" is
> deleted. I'm guessing that the problem has something to do with the new
> commit() and DESTROY semantics as described in the README for "0.98".
> 
> The code that I'm writing is in an infinite loop (it does sleep for some
> time), so the memory leak from 0.97b will add up after time. So I'd like to
> use "0.98" if commit() could be "fixed" for it. Any help with this would be
> appreciated.

Ok, I've discovered the problem. It's yet another case of libiptc not
taking programs other than the command-line 'iptables' tool into
account. I've added code into libiptc to refcount the netlink socket
file descriptor, so it doesn't leak fd's, or blindly close them when
other open tables need them. Try the current CVS. Also, check the return
values from calls like commit() and delete_num_entry(). The return
values are documented in the POD pages, and I always put error strings
into $!.

-- 
Derrik Pates
dp...@ds...
dp...@vo...

[Iptperl-general] $table->commit() bug with latest cvs version of "0.98"?

[Suzor, G. <sys...@ap...>]

Hello,
I started off using IPTables::IPv4 0.97b from CPAN. Everything was fine
until I noticed a memory leak. Long story short, the latest version from
cvs, which I'll call "0.98", fixed the problem. However, a new problem has
emerged.

Assuming that 'custom_mangle_chain' and 'custom_filter_chain' already exist
with some rules, the following code will work with 0.97b, but fail with
"0.98":
---------------------------------------------
#!/usr/bin/perl

use strict;
use IPTables::IPv4;

my $mangle = IPTables::IPv4::init('mangle');
my $filter = IPTables::IPv4::init('filter');

$mangle->delete_num_entry('custom_mangle_chain', 3);
$filter->delete_num_entry('custom_filter_chain', 7);

$mangle->commit();
$filter->commit();
---------------------------------------------
With 0.97b, both rules are properly deleted. However, with "0.98", only
"mangle->custom_mangle_chain->rule_3" is deleted. If the last two lines
above are switched, then only "filter->custom_filter_chain->rule_7" is
deleted. I'm guessing that the problem has something to do with the new
commit() and DESTROY semantics as described in the README for "0.98".

The code that I'm writing is in an infinite loop (it does sleep for some
time), so the memory leak from 0.97b will add up after time. So I'd like to
use "0.98" if commit() could be "fixed" for it. Any help with this would be
appreciated.
Thanks,
Greg Suzor

Re: [Iptperl-general] Bug Bis

[<dp...@ds...>]

On Tue, Jun 17, 2003 at 01:30:45PM +0200, Alex Ongena wrote:
> The same problem for REDIRECT and MASQUERADING
> targets.
> Same test program (for MASQUERADING, change
> PREROUTING to POSTROUTING)

I don't know - I haven't seen this particular problem. Putting rules
into chains in the 'nat' table works fine here. I am running into a
problem on Linux on PowerPC, where a segfault is occurring when the
MASQUERADE module is loaded, but I don't yet know why. It seems to be
over-optimized Perl builds or something.

Do you have any output from dmesg when you try the script you cited in
the previous message? Anything of note, anyway? Let me know.

-- 
Derrik Pates
dp...@ds...
dp...@vo...

[Iptperl-general] something wrong with anonymous cvs to iptperl ?

[Alex O. <Ale...@ab...>]

When I follow the instructions:

cvs -d:pserver:ano...@cv...:/cvsroot/iptperl login
Logging in to
:pserver:ano...@cv...:2401/cvsroot/iptperl
CVS password:

and press enter, I get:

cvs [login aborted]: end of file from server (consult above messages if
any)

Also, in my previously checked out directory, when I do:

cvs update

I get:

cvs [update aborted]: end of file from server (consult above messages if
any)

While the password is coorectly set (in my <user>/.cvspass)

A few weeks ago, this has worked perfectly.

Sourceforge or Project problem ?

Txs
alex


--
Security check on this e-mail has been done by aXs GUARD
(http://www.axsguard.com)

[Iptperl-general] Bug Bis

[Alex O. <Ale...@ab...>]

The same problem for REDIRECT and MASQUERADING
targets.
Same test program (for MASQUERADING, change
PREROUTING to POSTROUTING)
Alex


--
Security check on this e-mail has been done by aXs GUARD
(http://www.axsguard.com)

[Iptperl-general] BUG ?

[Alex O. <Ale...@ab...>]

Hi,

I'am using transforming our iptables FW script towards IPTables::IPv4.
All went well until I tried to convert my DNAT rules.

Below a small test file that fails.
(I'am using IPTables::IPv4 CVS version dated 21 may 2003)

--
#!/usr/bin/perl -w

# I need the equivalent of
# iptables -t nat -A PREROUTING -s 1.2.3.4 -j DNAT --to 5.6.7.8
#

use strict;

use IPTables::IPv4;

my $nat = IPTables::IPv4::init('nat');

if (! $nat->append_entry('PREROUTING',{
		'source' => '1.2.3.4',
		'jump' => 'DNAT',
		'to-destination' => '5.6.7.8'
	} )) {
	die "Append error: $!\n";
}

if (! $nat->commit() ) {
	die "Commit error: $!\n";
}

and I get:
# Commit error: Invalid argument

# running iptables -t nat -A PREROUTING -s 1.2.3.4 -j DNAT --to 5.6.7.8
on the command line is OK.

Any clue ?

Thanks
alex


--
Security check on this e-mail has been done by aXs GUARD
(http://www.axsguard.com)

[Iptperl-general] problem compiling

[Mark <mar...@cf...>]

Hello,
 
I am trying to get the IPTables::IPv4 module installed and I am having
problems.  I get a Makefile:86: *** missing separator.  Stop. error
every time i try to make.
 
Any ideas?
 
I am using Redhat 9.
 
I tried both the cpan install and a manual install from the tar file. 
Same error.
 
Mark Ryan