iptables1.0.0 probles

William Stearns wstearns@pobox.com
Tue, 4 Apr 2000 15:34:38 -0400 (EDT) 

Good afternoon, Nick,

On Tue, 4 Apr 2000, Nick Vanderest wrote:

> Why do I get invalid arguments and problems with targets on the
> script below?  If someone wants to correct it for me, or tell me just 
> what the hell I am doing wrong, I would appreciate it.  

	You can find your own answers by putting
set -x
	as the second line of your script, right after #!/bin/bash .  This
tells bash to output each line before it's executed.  This'll let you
match up the errors to the offending commands.

> IPT="/usr/local/bin/iptables"
> 
> $IPT -F
> $IPT -F -t nat
> 
> $IPT -A POSTROUTING -t nat -s 10.10.10.0/24 -j MASQUERADE
> $IPT -P FORWARD ACCEPT
> echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> $IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
> $IPT -A INPUT -s 10.10.10.1/32 -d 0/0 -j ACCEPT
> 
> $IPT -A INPUT -p udp --sport 53 -j ACCEPT
> $IPT -A INPUT -p tcp --sport 113 -j ACCEPT
> $IPT -A INPUT -p tcp --dport 113 -j ACCEPT
> $IPT -A INPUT -p tcp --dport 80 -j ACCEPT
> 
> $IPT -A INPUT -p tcp ! --syn --sport 20 --dport 1024:65535 -j ACCEPT
> 
> $IPT -A INPUT -p icmp -j firewall
> $IPT -A INPUT -p tcp --syn -j firewall
> $IPT -A INPUT -p udp -j firewall

	You're saying "jump to the chain named 'firewall'", but there
doesn't appear to be one created by this script.  I suspect these last
three may be part of the problem.
	Unless you're setting a policy of DROP, your firewall has no rules
that block any packets; this is equivalent to having no firewall at all.
	BTW - I agree with Richard; the more relevant detail you can
provide about the problem, the more likely you are to find an answer.
	Cheers,
	- Bill

---------------------------------------------------------------------------
	"When in danger or in doubt, run in circles, scream and shout."
	-- Troubleshooters creed.
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at:                http://www.pobox.com/~wstearns
LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com
--------------------------------------------------------------------------