I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
I'm working on a Soekris net4801 that is running an unknown distro of Linux. The kernel is 2.4.29, and iptables is v1.3.4.
I can't work out how to save the iptables. I searched the whole system for files/folders containing the name "iptables" and got 3 results:
/user/local/lib/iptables
/sbin/iptables
/lib/iptables
I've tried iptables save, iptables-save and iptables save active.
"iptables save" and "iptables save active" give me an invalid argument error. "iptables-save" isn't a valid command. "iptables --help" gives me a list of valid switches, none of which have to do with saving.
how I can save the iptables?
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
I have a config script for a particular software package that does...
iptables-restore < /etc/sysconfig/iptables > /tmp/firewall.log 2>&1
The problem is, the output hangs after this. If the user hits a return, the rest of the output comes to the screen and the script finishes normally. But the script looks like its hung because of this odd iptables-restore behavior.
what could this bei saved my correct iptables file @ Code: /etc/iptables.up.ruleswhere webmin is looking for it.webmin config is to automaticly boot this file and addes a line at.
Code:
/etc/network/interfaces
file
[code]...
Config a CentOS iptables.I issued some iptables rules.the rules were effective at once.Then, I came with a "iptables-save", but the "/etc/sysconfig/iptables" file hasn't been updated, it still loads the defaults rules with CentOS after reboot.
View 4 Replies View RelatedI am going to start studying IPTABLES for Linux Firewall. Can any one suggest me the best Book for IPTABLES contains everything of iptables.
View 2 Replies View RelatedI am configuring the iptables in the debain squeeze and then running the: iptables-save
View 4 Replies View RelatedI am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
I have eth0 for administration, and vlans eth0.2 eth0.3 and br0 for resource seperation. My esternal interface is ra0.each internal interface is on a seperate subnet, and I have dhcpd giving connecting devices ip addresses out of their assigned network. I want all of the devices to be able to access the internet through NAT, I need to allow them to communicate with port 80 on eth0's subnet
eth0 10.0.0.0/24
eth0.2 10.2.0.0/24
eth0.3 10.3.0.0/24
[code]...
Anyone know if the iptables-restore command operates atomically? I want to make sure that the entirety of in-kernel iptables are switched over to those specified in the input to iptables-restore, all at once, with no intervening emptiness, incompleteness, or mixing with prior table. The man page doesn't say about this.
View 3 Replies View RelatedTo expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedAfter resetting a pc running lenny I get iptables errors at boot ("resource temporarily unavailable", "bad rule" etc). "setting up firewall" (Guarddog) is not followed by any errors and the firewall apparently operates ok.How can I restore my iptables to the default installation values?
View 2 Replies View RelatedI'm setting up a server with Jaunty Jackalope version. I'm trying to test setting up a basic iptables rules... No matter which command I put in, it is failing on the first command when I run iptables-restore < file location (the first rule always fails). I'm doing this on the root user and first typing in the iptables rules in a test file. I've tried the first command starting with % sudo, iptables and -A. All have the same result. I've also tried letting the HTTP rule be first with the same result.
[Code]...
I am unable to start iptables :
Code:
-bash-3.2# /sbin/chkconfig --list | grep ip
iptables 0:off1:off2:on3:on4:on5:on6:off
[code]...
I am using iptables and what i want to do is have is log to a specific file that i have set for it. Here is what i edited to rsyslog.conf
#kern.* /dev/console
:msg, contains, "iptables" /var/log/iptables
& ~
now as far as iptables rules here is what i am working with...
iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "iptables"
however when i run my script i get this kind of output:
iptables v1.4.9: unknown option `--log-level'
Try `iptables -h' or 'iptables --help' for more information. when i do 'iptables -L -n' i get this kind of output..
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW limit: avg 5/min burst 7 LOG flags 0 level 4 prefix `iptables'
why i am getting this error unknown option '--log-level' and two why is not writing anything to /var/log/iptables when i do 'cat /var/log/iptables' i get nothing
When I try to run anything that uses iptables, even just iptables -L, I get:
Code:
1+drm33.2/modules.dep: No such file or directory
iptables v1.4.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. This is on a fresh Ubuntu minimal install, using my VPS hosts image (so they could have messed something up). I know there have been issues in the past with iptables on Ubuntu on xen. Is this a Ubuntu bug? Is there a solution?
incidentally depmod -a gives:
Code:
WARNING: Couldn't open directory /lib/modules/2.6.32.11+drm33.2: No such file or directory
FATAL: Could not open /lib/modules/2.6.32.11+drm33.2/modules.dep.temp for writing: No such file or directory
I'm coming from a RHEL/CentOS background where I'm used to editing /etc/sysconfig/iptables for host-based firewall stuff. I can't find a direct equivalent on Ubuntu and I'm pretty surprised. What I've found is the ufw utility which seems to do some of what I want and some things I may not want, but it seems pretty cumbersome to type "ufw allow proto tcp from <address> to any port <number>" etc over and over again, compared to just copying and pasting and editing a largely canned set of iptables rules on RHEL.
Is that how experienced ubuntu server sysadmins do things? Do you really use the ufw front end, or do you do a preup script in /etc/network/interfaces that calls a iptables --restore, etc?
Is there another way that I'm missing? I want to do things the most standard, ubuntu-like way that's consistent with repeatability and quality, basically.
I am having a little trouble setting up a NAT firewall using iptables. I have 1 PC dedicated to being the firewall running Ubuntu 10.04 LTS. There are 2 NICs in this PC. One NIC is connected to the modem & the other is hooked into my router, sharing the connection through to the other PC on my LAN. Thing is that I am having troubles setting this up using iptables. I have it sharing the connection, but can't seem to make it forward 2 ports through to my webserver on the LAN. I am also wanting to setup init.d to control iptables. I have been trying to google this, but haven't found anything useful to get this accomplished. I put the following into rc.local to make the forwarding work:
/sbin/iptables -F
/sbin/iptables -N block
/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
/sbin/iptables -A block -j LOG
/sbin/iptables -A block -j DROP
/sbin/iptables -A INPUT -j block
/sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
Though I have uninstalled and rm -rf'ed everything I can find having to do with ufw, I am still getting weird output from iptables -L If I type in
Code:
iptables -F
iptables -Z
iptables -L
I should get
[Code]...
I am configuring an internal only IMAP server for archival emails. I am absolutely baffled why my connection is being refused. UFW is disabled and IPTABLES has a rule to allow all connections on 143 and 993. When I telnet this response is given:
Code:
telnet localhost 143
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
Even nmap shows the port closed. Here is my iptables rule:
HTML Code:
-A ufw-user-input -p udp -m udp --dport 143 -j ACCEPT
I noticed you can use names for ports like ssh, instead of the actual port number in iptables, but I can't find a list of what they are?
View 3 Replies View RelatedI have a clean install of Ubuntu server Lucid Lynx with the virt-host task installed. I need to find the location of the iptables rules that are being loaded when the system boots. These are the rules for the virbr0 interface.
View 1 Replies View RelatedHow to configure iptables to allow only 22,80,3306 ports for only a dynamic public ip/dyn dns domain name on a ubuntu server?
View 9 Replies View RelatedIn Lucid I have some ufw rules but I figured that I need to limit the ICMP messages that the box responds to and also limit their number. There are iptables rules to accomplish this but since I already have ufw rules it is safe to use iptables only for ICMP rules ?
View 4 Replies View RelatedTwo servers, one is RHEL 4, and the other is RHEL 5. They are both on the same subnet, one is 10 the other is 11. I added the Webmin rule to the iptables config file but for some reason, the RHEL 4 server, I can access Webmin but the RHEL 5 server I can not. I checked the iptables file and they are the same for both servers, except two rules which are for other ports.
I'm reading about the iptables and had a problem when I manually added the port 10000 entry after the REJECT entry, but wondering if I need to move it up higher or maybe there's another possible block?
I'm using Ubuntu server 9.10 with 2 NICS (Internet-router-eth0, eth1-LAN). I use iptables to generate rules for 20 computers, but when I execute the script, ALL TRAFFIC DROPS, including the server. What am I doing wrong?
Code:
#!/bin/sh
#eth0 192.168.0.50 - connected to Internet
#eth1 192.168.1.51 - connected to LAN
#192.168.1.52 - workstation1
#set default policies
iptables -P INPUT DROP
[Code]...
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -s 192.168.1.52 -j ACCEPT. The reason I'm doing this is, I just want to open necessary ports in the server and restrict LAN usage.
Why would this iptables cause this mail delivery error? I think it's to do with dns lookups not being routed properly... if remove the last rule, mail works fine.
ssh is also very slow to connect when the last rule is enabled.
postfix mail error:
Code:
Jan 24 11:32:18 xxxx postfix/smtp[15065]: 9F2162C519: to=<xxxxx@hotmail.com>, relay=none, delay=1005, delays=965/0.01/40/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=hotmail.com type=MX: Host not found, try again) iptables
[Code]....
