| View previous topic :: View next topic |
| Author |
Message |
vaguy02
Guru
Joined: 25 Feb 2005
Posts: 424
Location: Hopefully in one place
|
 Posted: Fri Feb 02, 2007 6:08 pm Post subject: iptables help [solved] |
 |
|
Guys,
I used to use Gentoo a while ago, but haven't used it recently. Trying to get back into it. I've written iptables scripts before and made everything work. Never really had an issue. Until now.
I have the iptables options built into the kernel, i've emerge'd iptables, I've written the firewall script. But whenever I try to run the script it comes back with weird error messages. About how it can't find nat try insmod and also the -j ACCEPT is not valid, things of that nature. Has anyone heard of this? I will post the exact messages later this evening, but any initial thoughts?
Robert
Last edited by vaguy02 on Fri Feb 02, 2007 10:08 pm; edited 1 time in total |
|
| Back to top |
|
 |
wah
Guru
Joined: 25 Feb 2005
Posts: 453
Location: Raleigh, NC, USA
|
| Posted: Fri Feb 02, 2007 6:12 pm Post subject: |
|
|
I had an interesting error message the last time I used IPTABLES - every time I tried to do a stateful command, it would fail ("invalid table" or something like that). I thought I had put everything in the kernel, but I had left a few things out, including the state tracking feature. When you post your error messages, can you also post relevant IPTABLES kernel configuration items?
Cheers,
W.
_________________
- AMD64 3000+, MSI K8N-SLI, Nvidia Geforce 6600 PCIE, 2GB OCZ Dual-Channel PC3200,2x160GB SATA
- Registered Linux User #418541 |
|
| Back to top |
|
|
vaguy02
Guru
Joined: 25 Feb 2005
Posts: 424
Location: Hopefully in one place
|
| Posted: Fri Feb 02, 2007 6:14 pm Post subject: |
|
|
| No problem, I can do a screen shot of the kernel build when I get home later. But I agree with you, my problems sounds somewhat similar to your problem about invalid tables. |
|
| Back to top |
|
|
.:chrome:.
Advocate
Joined: 19 Feb 2005
Posts: 4588
Location: Brescia, Italy
|
| Posted: Fri Feb 02, 2007 6:21 pm Post subject: Re: iptables help |
|
|
run your script by hand.
one rune per time, and report here the rule that generates the error and the errorr message.
TIP: don't use scripts. use rules file /var/lib/iptables/rules-save and configure /etc/conf.d/iptables |
|
| Back to top |
|
|
vaguy02
Guru
Joined: 25 Feb 2005
Posts: 424
Location: Hopefully in one place
|
| Posted: Fri Feb 02, 2007 9:51 pm Post subject: |
|
|
Okay, I'm back now. Here is the code I'm trying to execute, simple, just found it on a page somewhere, I wanted to start back simple since it's been a while. and the error message that follows.
| Code: |
echo "Starting Firewall Script"
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
export LAN=eth1
export WAN=eth0
/sbin/iptables -I INPUT l -i $(LAN) -j ACCEPT
/sbin/iptables -I INPUT l -i lo -j ACCEPT
/sbin/iptables -A INPUT -p UDP --dport bootps -i ! $(LAN) -j REJECT
/sbin/iptables -A INPUT -p UDP --dport domain -i ! $(LAN) -j REJECT
/sbin/iptables -A INPUT -p TCP -i ! $(LAN) -d 0/0 --dport 0:1023 -j DROP
/sbin/iptables -A INPUT -p UDP -i ! $(LAN) -d 0/0 --dport 0:1023 -j DROP
/sbin/iptables -I FORWARD -i $(LAN) -d 192.168.1.0/255.255.0.0 -j DROP
/sbin/iptables -A FORWARD -i $(LAN) -s 192.168.1.0/255.255.0.0 -j ACCEPT
/sbin/iptables -A FORWARD -i $(WAN) -d 192.168.1.0/255.255.0.0 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o $(WAN) -j MASQUERADE
echo "Finishing Firewall Script"
|
Error Message
| Code: | tux init.d # ./firewall.sh
Starting Firewall Script
./firewall.sh: line 13: LAN: command not found
iptables v1.3.5: Invalid rule number `l'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Invalid rule number `l'
Try `iptables -h' or 'iptables --help' for more information.
./firewall.sh: line 15: LAN: command not found
Warning: wierd character in interface `-j' (No aliases, :, ! or *).
Bad argument `REJECT'
Try `iptables -h' or 'iptables --help' for more information.
./firewall.sh: line 16: LAN: command not found
Warning: wierd character in interface `-j' (No aliases, :, ! or *).
Bad argument `REJECT'
Try `iptables -h' or 'iptables --help' for more information.
./firewall.sh: line 18: LAN: command not found
Warning: wierd character in interface `-d' (No aliases, :, ! or *).
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
./firewall.sh: line 19: LAN: command not found
Warning: wierd character in interface `-d' (No aliases, :, ! or *).
Bad argument `0/0'
Try `iptables -h' or 'iptables --help' for more information.
[/quote]Finishing Firewall Script
|
I forgot how to post images or if you can else I would post the kernel build info.
Thanks
Robert |
|
| Back to top |
|
|
wah
Guru
Joined: 25 Feb 2005
Posts: 453
Location: Raleigh, NC, USA
|
| Posted: Fri Feb 02, 2007 9:56 pm Post subject: |
|
|
Ok, those are context errors.
For the first (LAN error) - use brackets instead of parenth.
The second (0/0 error)- I'm not familiar with the -d 0/0 context, so I'm not sure if that's correct or not.
However, try replacing the parenths with brackets and run the script again. Post any new errors that you may get.
Cheers,
W.
_________________
- AMD64 3000+, MSI K8N-SLI, Nvidia Geforce 6600 PCIE, 2GB OCZ Dual-Channel PC3200,2x160GB SATA
- Registered Linux User #418541 |
|
| Back to top |
|
|
vaguy02
Guru
Joined: 25 Feb 2005
Posts: 424
Location: Hopefully in one place
|
| Posted: Fri Feb 02, 2007 10:00 pm Post subject: |
|
|
Nice work. Now I'm down to the 'l', apparently it doesn't like it. Any suggestions?
| Quote: |
tux init.d # ./firewall.sh
Starting Firewall Script
iptables v1.3.5: Invalid rule number `l'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.5: Invalid rule number `l'
Try `iptables -h' or 'iptables --help' for more information.
Finishing Firewall Script
|
|
|
| Back to top |
|
|
vaguy02
Guru
Joined: 25 Feb 2005
Posts: 424
Location: Hopefully in one place
|
| Posted: Fri Feb 02, 2007 10:07 pm Post subject: |
|
|
| Nevermind, I just deleted the l's and it worked just fine I think. Sorry to bother everyone. Just trying to get a firewall/router with gentoo up and running again after a long time. |
|
| Back to top |
|
|
wah
Guru
Joined: 25 Feb 2005
Posts: 453
Location: Raleigh, NC, USA
|
| Posted: Fri Feb 02, 2007 11:08 pm Post subject: |
|
|
| vaguy02 wrote: | | Nevermind, I just deleted the l's and it worked just fine I think. Sorry to bother everyone. Just trying to get a firewall/router with gentoo up and running again after a long time. |
Nice work - and no bother...it's all part of a learning process!
Enjoy your firewall!
Cheers,
W.
_________________
- AMD64 3000+, MSI K8N-SLI, Nvidia Geforce 6600 PCIE, 2GB OCZ Dual-Channel PC3200,2x160GB SATA
- Registered Linux User #418541 |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
