|
List Info Thread: fix dreaded "Unknown error 4294967295"
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
fix dreaded "Unknown error 4294967295" |
|
List Info Thread: fix dreaded "Unknown error 4294967295"
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
gnumonks.org]
Denis Vlasenko wrote:
> I have some troubles setting up firewall on AMD64
kernel
> with 32-bit userspace.
>
> When I pointed KERNEL_DIR= to the build directory
> of currently running kernel, i saw
-DKERNEL_64_USERSPACE_32
> in gcc commands and resulting iptables was utterly
useless.
> It was throwing "Unknown error 4294967295" on
practically anything.
>
> I rebuilt it, pointing KERNEL_DIR= to pristine,
unconfigured
> 2.6.18 source. Now it works most of the time.
>
> However, on some commands it does not:
>
> iptables -t nat -A OUTPUT --match connmark --mark 22 -j
RETURN
> iptables -t nat -A OUTPUT -j CONNMARK --set-mark 22
>
> give the same error and in dmesg I see:
>
> ip_tables: connmark match: invalid size 24 != 12
> ip_tables: CONNMARK target: invalid size 24 != 12
> ip_tables: connmark match: invalid size 24 != 12
> ip_tables: CONNMARK target: invalid size 24 != 12
>
> Same happens on MARK target.
The latest -git kernel includes compatibility functions for
32 bit
userspace. You need to compile your iptables without the
KERNEL_64_USERSPACE_32 thing though (edit main Makefile).