LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 06-13-2009, 09:00 PM   #1
renree
LQ Newbie
 
Registered: Jun 2009
Posts: 3

Rep: Reputation: 0
unable to re-install iptables (novice help)


Hi all,
i'm a complete newbie to fedora and iptables so please bare with me.

I've recent been having major hack attempts on my server and thanks to the crappy fasthost support I've been forced to learn linux on the go!

Any here's my problem,
After some major searching all advice on server security points to the iptables. So I attempted to edit it, but due to my poor understanding I think I edited the wrong file.
So when I tried to restart the iptables it failed with the message "iptables cannot execute binary"

Thinking I just need to re-install iptables I attempted to do that and now I'm stuck.

I've downloaded and attempted to install iptables but now when I try to start any of the services I the following "iptales: unrecognised service"

So I uninstalled it and re-tried and now when I try "iptables -F" I get no response and when I try "service iptables start" or "service iptables stop or status" all I get is iptables: unrecognized service

I'm guessing I've messed things up badly so please please can anyone help.
I've tried google in the problem but I'm I can't seem to find a clear answer that a novice can understand.

I've go a huge hole in my security and no means of closing the door.

I'm running Fedora 6 (Zod) Kernel 2.6.18-1.2869.fc6 on an i686 and Im tried to re-install iptables-1.3.5
Please kind ladies or gents HELP!
 
Old 06-14-2009, 04:38 AM   #2
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,910

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
Originally Posted by renree View Post
After some major searching all advice on server security points to the iptables. So I attempted to edit it, but due to my poor understanding I think I edited the wrong file.
It would be useful to know which file you edited. Is it possible that you just changed the file permissions and the file contents are unchanged?

Quote:
Thinking I just need to re-install iptables I attempted to do that and now I'm stuck.
OK, I guess you are aware that there is a danger that you are making the problem worse. How did you re-install iptables?

Let's quickly run through the basics, to try to stop you making more errors. iptables/netfilter is a firewall program; there should never by any reason to mess with the iptables code itself as configuration is done by...
  • writing a 'ruleset' (a set of rules in a simple-ish programming language that instructs iptables what to do)
  • modifying the environment in which iptables runs (so setting various kernel parameters that configure the general networking environment)

Mostly, you do the first of those two, but probably there are a couple of things that will need the second and they may or may not be set up correctly before you start configuring the box.

You could instantiate (put in to place) the ruleset in several ways, but using a bash script that runs on start-up and sets up all of your rules has much to recommend it (you could also incerementally modify whatever rules that you start from, maybe also from a bash script).

have a look at tutorials at:
http://www.linuxhomenetworking.com/w...Using_iptables
http://iptables-tutorial.frozentux.net/

(the first is probably more what you want; the second is more like a manual than a tutorial....still good though)

(Note also: there are 'simple' GUI front ends to iptables (there is a large selection of them; don't try to get me to select any one as I don't know, but there are several threads that discuss them). You might argue that you don't want a gui on your server....and that would be a fair comment and a desirable aim, but....you could, potentially run the GUI app on your local machine to generate the ruleset and then copy that ruleset over to the server box, and that would be a good setup from a security point of view.)

Quote:
I've go a huge hole in my security and no means of closing the door.
Right now, you are not in the best position; you should ensure that you do not have unnecessary services listening on ports that could be exploited; you need to get back to a situation in which you have proper security measures in place ASAP. I am not clear what you have installed that is worthwhile and how much reconfiguration it took you to get here, but do you want to consider re-building the box from the ground up? (I assume that this is a service offered by your hosting organisation.)

Quote:
I'm running Fedora 6 (Zod) Kernel 2.6.18-1.2869.fc6 on an i686 and Im tried to re-install iptables-1.3.5
Hmmm, that's not what I would have been expecting fathosts (sorry) to be offering as a server...is this their default offering?
 
Old 06-14-2009, 12:22 PM   #3
renree
LQ Newbie
 
Registered: Jun 2009
Posts: 3

Original Poster
Rep: Reputation: 0
I wish I just changed the file permissions but naw, I actually edited the file, then I saw i edited the wrong file so removed the change but I kepted get "iptables cannot execute binary"


Hmmm, that's not what I would have been expecting fathosts (sorry) to be offering as a server...is this their default offering?

Yeah this is the default.

OK, I guess you are aware that there is a danger that you are making the problem worse. How did you re-install iptables?

I downloaded the tar files and just did the following
#tar xvzf package.tar.gz
#cd package
# make
# make install

I know it might be a dumb question but do you think the reason I'm getting the "unrecognized service" when I try to start or stop the iptables message is because I need to write the rulesets?
 
Old 06-14-2009, 12:42 PM   #4
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,910

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
Originally Posted by renree View Post

I downloaded the tar files and just did the following
#tar xvzf package.tar.gz
#cd package
# make
# make install
I was afraid that was going to say; any reason that you didn't go for the rpm?

Quote:
I know it might be a dumb question but do you think the reason I'm getting the "unrecognized service" when I try to start or stop the iptables message is because I need to write the rulesets?
I think you are probably not starting iptables. Unfortunately, I don't know enough about how fedora does things to tell you what you should do about this. If I remember correctly that 'homenetworking' tutorial is derived from the Harrison book, which is fairly heavily RedHat/fedora based.
 
Old 06-14-2009, 03:04 PM   #5
renree
LQ Newbie
 
Registered: Jun 2009
Posts: 3

Original Poster
Rep: Reputation: 0
to be honest I wanted to go down the rpm route, I just couldn't find the link to download it.

If you have a suggestion on where I can find them I'd try them instead!
From what I saw in the homenetworking tutorial rpm was what they refered to too, but I just couldnt find where to download them.

I got the iptables_1.3.5 from http://netfilter.org/projects/iptabl...iptables-1.3.5, couldn't find a link to rpm thou!
 
  


Reply

Tags
errors, fedora, install, iptables, reinstall


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS through iptables: unable to configure it guarriman Fedora 1 12-06-2006 02:28 AM
Unable to set up direct connection with iptables Niceman2005 Linux - Security 1 08-04-2006 01:45 AM
unable to configure firewall using IPTABLES adityavpratap Slackware 5 05-29-2006 10:21 AM
IPTables Firewall + Unable to surf locally yvesg Linux - Networking 5 08-10-2005 02:32 PM
Novice Debian User needs DVD player easy install QREllis Linux - Software 9 07-28-2005 11:41 AM


All times are GMT -5. The time now is 05:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration