problem with iptables-restore

Victor Yeo yeosv at ndc.com.tw
Fri Apr 29 07:04:39 CEST 2005


hello,

i am a newcomer to this mailing list. I have read the packet filtering =
HOWTO, netfilter HOWTO and NAT HPWTO. I have problem with =
iptables-restore. i create a settings file using iptables-save, this =
part is successful, but when i want to restore using iptables-restore, =
it fails. Please tell me what i did wrong. Thanks.

# iptables-save > test
# iptables-restore < test
iptables-restore v1.3.1: iptables-restore: unable to initializetable =
'nat'

Error occurred at line: 2
Try 'iptables-restore -h' for more information.

The contents of "test" is:

# Generated by iptables-save v1.3.1 on Fri Apr 29 13:04:13 2005
*nat
:PREROUTING ACCEPT [2653:510492]
:POSTROUTING ACCEPT [3922:238513]
:OUTPUT ACCEPT [3952:241788]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination =
66.94.230.50:8080=20
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination =
66.94.230.50:8080=20
-A PREROUTING -i eth0 -p tcp -j DNAT --to-destination 66.94.230.50:8080=20
-A POSTROUTING -o eth0 -p icmp -j SNAT --to-source 192.168.4.50=20
-A POSTROUTING -o eth0 -p icmp -j SNAT --to-source 192.168.4.100=20
-A POSTROUTING -o ppp0 -j MASQUERADE=20
COMMIT
# Completed on Fri Apr 29 13:04:13 2005
# Generated by iptables-save v1.3.1 on Fri Apr 29 13:04:13 2005
*mangle
:PREROUTING ACCEPT [464198:27824078]
:INPUT ACCEPT [463749:27778817]
:FORWARD ACCEPT [3:144]
:OUTPUT ACCEPT [704448:185346344]
:POSTROUTING ACCEPT [704476:185352882]
COMMIT
# Completed on Fri Apr 29 13:04:13 2005
# Generated by iptables-save v1.3.1 on Fri Apr 29 13:04:13 2005
*filter
:INPUT ACCEPT [2095849:131010409]
:FORWARD ACCEPT [3:144]
:OUTPUT ACCEPT [2960177:609463704]
-A INPUT -s 127.0.0.0/255.255.0.0 -p tcp -j ACCEPT=20
-A INPUT -s 127.0.0.0/255.255.0.0 -p icmp -j ACCEPT=20
-A INPUT -s 127.0.0.0/255.255.0.0 -p icmp -j DROP=20
-A INPUT -s 127.0.0.1 -p icmp -j DROP=20
-A INPUT -s 127.0.0.0/255.255.255.0 -p icmp -j DROP=20
COMMIT
# Completed on Fri Apr 29 13:04:13 2005

Rgds,
Victor


More information about the netfilter mailing list