LinuxQuestions.org - Unable to start iptables

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Unable to start iptables (https://www.linuxquestions.org/questions/linux-newbie-8/unable-to-start-iptables-791570/)

jonaskellens

02-25-2010 03:01 PM

Unable to start iptables

I am unable to start iptables :

Code:

-bash-3.2# /sbin/chkconfig --list | grep ip

iptables              0:off        1:off        2:on        3:on        4:on        5:on        6:off

multipathd            0:off        1:off        2:off        3:off        4:off        5:off        6:off

-bash-3.2# /etc/rc.d/init.d/iptables status

Firewall is stopped.

-bash-3.2# /etc/rc.d/init.d/iptables start

-bash-3.2# /etc/rc.d/init.d/iptables status

Firewall is stopped.

-bash-3.2# /etc/init.d/iptables status

Firewall is stopped.

-bash-3.2# /etc/init.d/iptables start

-bash-3.2# /etc/init.d/iptables status

Firewall is stopped.

This is the version of iptables :

Code:

-bash-3.2# rpm -qa iptables

iptables-1.3.5-5.3.el5_4.1

Do I have a problem with my kernel ?

Code:

-bash-3.2# uname -r

2.6.18-164.11.1.el5xen

Code:

-bash-3.2# ls /usr/src/kernels/

2.6.18-164.11.1.el5-x86_64  2.6.18-164.11.1.el5-xen-x86_64  2.6.18-164.11.1.el5xen-x86_64

If this is a kernel-problem, how do I enable iptables for my kernel ??

smoker

02-25-2010 03:52 PM

service iptables start

has it ever started ?

if not you need to create the iptables file

Code:

[root@bigboy tmp]# touch /etc/sysconfig/iptables

[root@bigboy tmp]# chmod 600 /etc/sysconfig/iptables



[root@bigboy tmp]# service iptables start

Applying iptables firewall rules: [  OK  ]

[root@bigboy tmp]#

http://www.linuxhomenetworking.com/w..._Won.27t_Start

But of course they will be empty !

jonaskellens

02-25-2010 04:04 PM

This what I have :

Code:

-bash-3.2# ls -l /etc/sysconfig/ | grep ipta

-rw------- 1 root root 1740 Nov  2 13:17 iptables-config

Isn't there a default file for iptables ??

smoker

02-25-2010 04:31 PM

I would have thought so. But if it's never been run, then it might not have any rules.
Check the iptables-config file to see if the autosave section is disabled.
Either way you will have to create some rules.

Have you got a gui to set the firewall up with ?

jonaskellens

02-26-2010 01:49 AM

Quote:

Originally Posted by smoker (Post 3876894)

I would have thought so. But if it's never been run, then it might not have any rules.
Check the iptables-config file to see if the autosave section is disabled.

/etc/sysconfig/iptables-config contains :

Code:

IPTABLES_SAVE_ON_STOP="no"

IPTABLES_SAVE_ON_RESTART="no"

Do I need to change ? Or else I will loose my config every time ?

To manage I will use CSF.

vinaytp

02-26-2010 02:17 AM

Hi jonaskellens,

Hope you are using Redhat family of distros. So the place of your iptables and iptables-config are correct.

My iptables-config file is here, which is working fine for me, You can compare it to yours

Code:

IPTABLES_MODULES="nf_conntrack_ftp nf_conntrack_netbios_ns"

IPTABLES_MODULES_UNLOAD="yes"

IPTABLES_SAVE_ON_STOP="no"

IPTABLES_SAVE_ON_RESTART="no"

IPTABLES_SAVE_COUNTER="no"

ITABLES_STATUS_NUMERIC="yes"

IPTABLES_STATUS_VERBOSE="no"

IPTABLES_STATUS_LINENUMBERS="yes"

How about this ?

Code:

# /sbin/iptables -nvL

smoker

02-26-2010 05:40 AM

It doesn't matter if your iptables-config line has that as you can manually save any rules you add.
Those lines are just for anything you add after it starts, but don't want to persist on a reboot.

Find a safe iptables set up from somewhere and copy it in to your iptables
save the file then type

Code:

service iptables save

Code:

service iptables restart

All times are GMT -5. The time now is 09:59 PM.