After I restart iptables I get the following
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules: /etc/rc.d/init.d/iptables: line 205: 20160
Done grep -v "^[[:space:]]*#" $IPTABLES_CONFIG
20161 | grep -v '^[[:space:]]*$'
20162 Segmentation fault | /sbin/iptables-restore -c
[FAILED]
Whats the problem?
And also I can ping from my local computer (192.168.1.3 ) to the servers
external ip, but can not ping to the internet.
----- Original Message -----
From: "Jason Staudenmayer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 31, 2003 8:45 PM
Subject: RE: IP tables help
> If you place them in /etc/sysconfig/iptables
> After a reboot the rules will be in effect.
> Or if you don't want to reboot /et/rc.d/init.d/iptables restart
> Will read the new rules and activate them
>
> -----Original Message-----
> From: Rudik Amirjanyan [mailto:[EMAIL PROTECTED]
> Sent: Sunday, August 31, 2003 1:34 PM
> To: [EMAIL PROTECTED]
> Subject: Re: IP tables help
>
>
> Thanks for help, but now in wich file shal I put this entries, and what
must
> I do for keeping the configuration after server reboot ?
> Thanks.
>
> ----- Original Message -----
> From: "Alexey Fadyushin" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, August 31, 2003 7:29 PM
> Subject: Re: IP tables help
>
>
> > Did you note the last line in the INPUT chain?
> > The firewall will not accept anything not listed in the first two lines
> > of the INPUT chain regardless of the default policy because the
> > catch-all
> > REJECT rule in the chain will be always used instead of the default
> > policy.
> >
> > The default ACCEPT policy is just a precaution intended to be used when
> > something happens during the loading of rules. In that case the REJECT
> > or DROP default policy may prevent further communication with the
> > machine
> > if the rule which allows, for example, SSH and rules that folow it
> > has not been loaded due to some error.
> >
> > Alexey Fadyushin
> > Brainbench MVP for Linux
> > http://www.brainbench.com
> >
> > Jason Staudenmayer wrote:
> > >
> > > I would change that 'INPUT ACCEPT' to DROP or else the firewall really
> isn't
> > > a firewall since it will accept anything.
> > >
> > > -----Original Message-----
> > > From: Alexey Fadyushin [mailto:[EMAIL PROTECTED]
> > > Sent: Sunday, August 31, 2003 11:42 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: IP tables help
> > >
> > > I think that the following configuration will help.
> > > Put the following lines in /etc/sysconfig/iptables:
> > >
> > > *nat
> > > :PREROUTING ACCEPT
> > > :POSTROUTING ACCEPT
> > > :OUTPUT ACCEPT
> > > -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source <YOUR EXTERNAL
> > > ADDRESS HERE>
> > > COMMIT
> > >
> > > *filter
> > > :INPUT ACCEPT
> > > :FORWARD ACCEPT
> > > :OUTPUT ACCEPT
> > > -A INPUT -i eth1 -j ACCEPT
> > > -A INPUT -i eth0 -p tcp -m multiport --destination-port
> > > ssh,http,ftp,ftp-data,smtp -j ACCEPT
> > > -A INPUT -j REJECT
> > > -A FORWARD -i eth0 -o eth1 -d 192.168.1.0/24 -j ACCEPT
> > > -A FORWARD -i eth1 -o eth0 -s 192.168.1.0/24 -j ACCEPT
> > > -A FORWARD -j DROP
> > > COMMIT
> > >
> > > Alexey Fadyushin
> > > Brainbench MVP for Linux
> > > http://www.brainbench.com
> > >
> > > Rudik Amirjanyan wrote:
> > > >
> > > > Hello
> > > > In my small office we have local lan 192.168.1.0 and we have put a
RH9
> as
> > > a
> > > > router, and want to masquerade the local ip addreses of the network.
> The
> > > > server has 2 interfaces, eth0 whit global IP adress, and eth1
> 192.168.1.1.
> > > > we want to open only ssh, ftp, www, mail, ports from outsaid, and
> > > everewhere
> > > > from local lan.
> > > > We have setup iptables, but do not know how to make it work. the
> question
> > > > is,
> > > > what entries must be in the /etc/sysconfig/iptables file to work the
> > > > firewall properly.
> > > > Any halp is appreciated.
> > > >
> > > > Thanks.
> > > >
> > > > --
> > > > redhat-list mailing list
> > > > unsubscribe
mailto:[EMAIL PROTECTED]
> > > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:[EMAIL PROTECTED]
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:[EMAIL PROTECTED]
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:[EMAIL PROTECTED]
> > https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:[EMAIL PROTECTED]
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:[EMAIL PROTECTED]
> https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
