On Mon, May 01, 2006 at 05:55:08PM +0200, Mick wrote: > On 01/05/06, Toby Cubitt <[EMAIL PROTECTED]> wrote:
[snip] > >Does running "/etc/init.d/iptables stop", then running your script, > >then running "/etc/init.d/iptables save", then > >"/etc/init.d/iptables start" help at all? > > Let's see: > ============================ > # /etc/init.d/iptables stop > * ERROR: "iptables" has not yet been started. > # ./fw_script.sh start > Starting firewall... > # /etc/init.d/iptables save > * Saving iptables state ... > # /etc/init.d/iptables start > * Loading iptables state and starting firewall ... > ============================ > > No problem. Rebooting thereafter comes up *without* the error. So > the error is caused by the state in which the iptables are saved using > the ./fw_script stop command. Something's amiss with the script then, > given the latest kernel chages. Bingo! Your fw_script.sh contains (line 72): iptables -t nat -F POSTROUTING which fails because you haven't compiled NAT into your kernel. Comment it out and hopefully your script will work. You probably know this already, but once you've set up your rules (using your script), and gentoo's init script has saved them, there's no need to run your script again. The rules will be reloaded from the saved file by the init script whenever it's restarted. However, the init script also saves the rules when it's stopped, e.g. on reboot, overwriting previously saved rules. It's easy while setting things up to accidentally save the wrong rule set. Toby -- PhD Student Quantum Information Theory group Max Planck Institute for Quantum Optics Garching, Germany email: [EMAIL PROTECTED] web: www.dr-qubit.org -- gentoo-user@gentoo.org mailing list
