Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I looked on google but the only answer I found was for people using ipchains, I am using iptables. I am using the 2.6 kernel, which may be a problem, and also when I try to start it up I get the following output:
External Interface: eth0
Internal Interface: eth1
loading modules: - Verifying that all kernel modules are ok
----------------------------------------------------------------------
ip_tables, ip_conntrack, ip_conntrack_ftp, ip_conntrack_irc, iptable_nat, ip_nat_ftp, ----------------------------------------------------------------------
Done loading modules.
Enabling forwarding..
Enabling DynamicAddr..
Clearing any existing rules and setting default policy..
FWD: Allow all connections OUT and only existing and related ones IN
Enabling SNAT (MASQUERADE) functionality on eth0
iptables: Invalid argument
Done.
[root@x1-6-00-09-5b-62-fe-80 sbin]#
I did do a 'whereis iptables' and it said /sbin/iptables so thats what I set in my rc.firewall-2.4 file. All of the other tests work, I am just having trouble getting past this one.
someone told me that it's probably because the kernel is not compiled correctly, any other ideas/suggestions so I can get it working? Thanks.
naw, the problem is about your PATH prolly
try echo $PATH before your try to run your firewall... /sbin is probably not in your PATH at this time (you are running it at boot time right?).
Or maybe you are not root?
...
or maybe you typed a very bad command, if the command seems to do not end on a line, iptables read the next line (beginning by "iptables" probably). Could you post that command?
Originally posted by Half_Elf naw, the problem is about your PATH prolly
try echo $PATH before your try to run your firewall... /sbin is probably not in your PATH at this time (you are running it at boot time right?).
Or maybe you are not root?
...
or maybe you typed a very bad command, if the command seems to do not end on a line, iptables read the next line (beginning by "iptables" probably). Could you post that command?
I am root when I tried it. All I typed in was this: /etc/rc.d/rc.firewall-2.4
is that what you mean? Sorry, but this is all a little bit new to me. Thanks for the help though. I also did 'chmod 700 /etc/rc.d/rc.firewall-2.4' like the howto said. The NAT server can ping external ip's but not the internal clients.
Ok, well I tried the quick tutorial http://tldp.org/HOWTO/Masquerading-S...O/summary.html and when I enter [root@x1-6-00-09-5b-62-fe-80 thomas]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 67.167.203.xxx
iptables: Invalid argument
[root@x1-6-00-09-5b-62-fe-80 thomas]#
the same thing happens. (of course I blocked out my ip with xxx so people don't try to mess with me.) Anyone have any ideas? I am running iptables 1.2.9 and the 2.6 kernel. It could be because this is Mandrake Cooker. Thanks yet again. I think I might wait for Fedora Core 2 or just get core 1 and try, one of my friends got it working that way.
the "iptsbles" not found command is a problem with your PATH as stated before.
echo your PATH and give the output please.
Or if you don't want to mess with it, you can type the complete path like /sbin/iptables or /usr/sbin/iptables (depending where it is on your system) instead of just "iptables"
Btw, if you want to stop using Linux at the first difficulty (trying another distro won't help you,no one will do everything for you like Windoze does) you're probably not ready for it.
And don't worry, I am not going to give up. oh and /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 67.167.203.189 worked, any idea on how I can get that script working (/etc/rc.d/rc.firewall-2.4)
as you see in your PATH, /sbin and /usr/sbin aren't there.
You could try to edit /etc/profile to add this to the path (to add, use a command like : PATH="$PATH:/usr/sbin:/sbin"
Or easier you could just use a variable in the rc.iptables script
open it and create a variable (as example : IPTABLES="/sbin/iptables")
then use it instead of "iptables" (examples : $IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 67.167.203.189)
**EDITED, see below.
thanks for the quick response. I did make a small mistake but still I am having some problems, I am going to try what you said right now, I will let you know how it goes.
ok so her is my /etc/profile:
Code:
# /etc/profile
# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc
pathmunge () {
if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
fi
}
# Path manipulation
if [ `id -u` = 0 ]; then
pathmunge /sbin
pathmunge /usr/sbin
pathmunge /usr/local/sbin
fi
pathmunge /usr/X11R6/bin after
unset pathmunge
# No core files by default
ulimit -S -c 0 > /dev/null 2>&1
USER="`id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
HOSTNAME=`/bin/hostname`
HISTSIZE=1000
if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then
INPUTRC=/etc/inputrc
fi
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC
for i in /etc/profile.d/*.sh ; do
if [ -r "$i" ]; then
. $i
fi
done
unset i
what would I change?
Oh also now this is what I get for rc.firewall-2.4:
Code:
[root@x1-6-00-09-5b-62-fe-80 sbin]# /etc/rc.d/rc.firewall-2.4
Loading simple rc.firewall version 0.75..
External Interface: eth0
Internal Interface: eth1
loading modules: - Verifying that all kernel modules are ok
----------------------------------------------------------------------
ip_tables, ip_conntrack, ip_conntrack_ftp, ip_conntrack_irc, iptable_nat, ip_nat_ftp, ----------------------------------------------------------------------
Done loading modules.
Enabling forwarding..
Enabling DynamicAddr..
Clearing any existing rules and setting default policy..
FWD: Allow all connections OUT and only existing and related ones IN
Enabling SNAT (MASQUERADE) functionality on eth0
Done.
[root@x1-6-00-09-5b-62-fe-80 sbin]#
It looks like it ought to be working, well thanks yet again.
*****EDIT: It's working, thanks alot, stupid me just had to enter the gateway address. Well I am still a bit of a newbie, hopefully anyone who is trying to get this working finds this thread helpful.
Last edited by blackphiber; 01-27-2004 at 09:12 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
