Re: Problem with iptables on RedHat 7.2

Sun, 24 Mar 2002 18:53:51 -0800 

On Sun, 2002-03-24 at 00:37, Jochen wrote:
> I justed switched from SuSE 7.3 to RedHat 7.2.
> On my SuSE I used the following script to secure my Server:
> 
> #!/bin/bash
> IPT="/sbin/iptables"
> LAN="eth0"
> WEB="ppp0"
> 
> #Load the module.
> modprobe ip_tables
> #Flush old rules, delete the firewall chain if it exists
> $IPT -F
> $IPT -F -t nat
> $IPT -X firewall

You don't have this rule called "firewall" to delete in the first place.

> 
> #Setup Masquerading. Change the IP to your internal network and 
> uncomment
> #this in order to enable it.
> $IPT -A POSTROUTING -t nat -s 192.168.0.1/24 -j MASQUERADE
> $IPT -P FORWARD ACCEPT
> 
> ...and so on.
> 
> When I try to run it on my RedHat I get the following message:
> 
> On the first run: Do you need to insmod?
> 

It's because of the -X firewall, you should include full messages in
future.

> On the second run:
> 
> ./rc.firewall_012: modprobe: command not found
> ./rc.firewall_012: iptables: command not found
> ./rc.firewall_012: iptables: command not found
> ./rc.firewall_012: iptables: command not found
> ./rc.firewall_012: iptables: command not found
> ./rc.firewall_012: iptables: command not found
> 
Would be interesting to find out why this happens, if i assume you are
still running this script as root just after you ran the first time.

> /sbin/lsmod shows the wollowing:
> 
> ipt_LOG                 4000   1  (autoclean)
> ipt_MASQUERADE          1824   1  (autoclean)
> iptable_nat            18452   0  (autoclean) [ipt_MASQUERADE]
> ip_conntrack           17068   1  (autoclean) [ipt_MASQUERADE 
> iptable_nat]
> iptable_filter          2272   0  (autoclean) (unused)
> ip_tables              11424   6  [ipt_LOG ipt_MASQUERADE 
> iptable_nat iptable_filter]
> 

on the first run modprobe has already loaded the modules needed, eg you
can use iptables.
So what is iptables -L show ?

I would suggest to first manually key in your iptable rules, ensure that
it is working and what you want and save it 
(iptables-save >/etc/sysconfig/iptables)
and use the rc.d/init.d scripts

> What's wrong here?!
> 
> -- 
> Jochen
> 
> 
> 
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list




_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to