command: strace iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 10.100.42.146 seems the -j SNAT doesn't handle to-source any more. I'm reverting this kernel for 2.4.20 vanilla now. open("/lib/iptables/libipt_SNAT.so", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\5\0"..., 1024) = 1024 fstat64(3, {st_mode=S_IFREG|0755, st_size=5526, ...}) = 0 mmap2(NULL, 7788, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40000000 mprotect(0x40001000, 3692, PROT_NONE) = 0 mmap2(0x40001000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x40001000 close(3) = 0 socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3 getsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], [84]) = 0 getsockopt(3, SOL_IP, 0x41 /* IP_??? */, [7627118], [1356]) = 0 setsockopt(3, SOL_IP, 0x40 /* IP_??? */, [7627118], 1576) = -1 EINVAL (Invalid argument) write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument ) = 27 _exit(1) = ?
Just rebuild iptables against the enw sources... for that matter the ebuild for the new sources mentions that. I'm leaving this bug open os that people can read it as needed.
this is clearly spelled out on the post of the gentoo-sources-2.4.20-r3 ebuild (as well as 2.4.20-r1). plus there a @ least 2 other bugs on this same issue which are resolved. closing. Jay
