Unable to start iptables

jonaskellens · 02-25-2010, 03:01 PM

I am unable to start iptables :

Code:

-bash-3.2# /sbin/chkconfig --list | grep ip
iptables       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
multipathd     	0:off	1:off	2:off	3:off	4:off	5:off	6:off
-bash-3.2# /etc/rc.d/init.d/iptables status
Firewall is stopped.
-bash-3.2# /etc/rc.d/init.d/iptables start
-bash-3.2# /etc/rc.d/init.d/iptables status
Firewall is stopped.
-bash-3.2# /etc/init.d/iptables status
Firewall is stopped.
-bash-3.2# /etc/init.d/iptables start
-bash-3.2# /etc/init.d/iptables status
Firewall is stopped.

This is the version of iptables :

Code:

-bash-3.2# rpm -qa iptables
iptables-1.3.5-5.3.el5_4.1

Do I have a problem with my kernel ?

Code:

-bash-3.2# uname -r
2.6.18-164.11.1.el5xen

Code:

-bash-3.2# ls /usr/src/kernels/
2.6.18-164.11.1.el5-x86_64  2.6.18-164.11.1.el5-xen-x86_64  2.6.18-164.11.1.el5xen-x86_64

If this is a kernel-problem, how do I enable iptables for my kernel ??

smoker · 02-25-2010, 03:52 PM

service iptables start

has it ever started ?

if not you need to create the iptables file

Code:

[root@bigboy tmp]# touch /etc/sysconfig/iptables
[root@bigboy tmp]# chmod 600 /etc/sysconfig/iptables

[root@bigboy tmp]# service iptables start
Applying iptables firewall rules: [  OK  ]
[root@bigboy tmp]#

http://www.linuxhomenetworking.com/w..._Won.27t_Start

But of course they will be empty !

jonaskellens · 02-25-2010, 04:04 PM

This what I have :

Code:

-bash-3.2# ls -l /etc/sysconfig/ | grep ipta
-rw------- 1 root root 1740 Nov  2 13:17 iptables-config

Isn't there a default file for iptables ??

smoker · 02-25-2010, 04:31 PM

I would have thought so. But if it's never been run, then it might not have any rules.
Check the iptables-config file to see if the autosave section is disabled.
Either way you will have to create some rules.

Have you got a gui to set the firewall up with ?

jonaskellens · 02-26-2010, 01:49 AM

Quote:

Originally Posted by smoker

I would have thought so. But if it's never been run, then it might not have any rules.
Check the iptables-config file to see if the autosave section is disabled.

/etc/sysconfig/iptables-config contains :

Code:

IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"

Do I need to change ? Or else I will loose my config every time ?

To manage I will use CSF.

vinaytp · 02-26-2010, 02:17 AM

Hi jonaskellens,

Hope you are using Redhat family of distros. So the place of your iptables and iptables-config are correct.

My iptables-config file is here, which is working fine for me, You can compare it to yours

Code:

IPTABLES_MODULES="nf_conntrack_ftp nf_conntrack_netbios_ns"
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_COUNTER="no"
ITABLES_STATUS_NUMERIC="yes"
IPTABLES_STATUS_VERBOSE="no"
IPTABLES_STATUS_LINENUMBERS="yes"

How about this ?

Code:

# /sbin/iptables -nvL

smoker · 02-26-2010, 05:40 AM

It doesn't matter if your iptables-config line has that as you can manually save any rules you add.
Those lines are just for anything you add after it starts, but don't want to persist on a reboot.

Find a safe iptables set up from somewhere and copy it in to your iptables
save the file then type

Code:

service iptables save

Code:

service iptables restart