|
Help on IPTABLES on Fedora Core 4 Firewall
Hello,
I need help from you gurus. I am new to Linux and just recently installed Fedora Core 4. I have this book about setting up LAMP and now to the part where I am customizing the firewall. I have the following script: #!/bin/sh # Change the part after the = to the where your # IPTABLES is on your system IPTABLES=/sbin/iptables # Flush existing rulles $IPTABLES -F INPUT # Allow connections going outbound # from this machine to reply back $IPTABLES -A INPUT -j ACCEPT -m state --state \ ESTABLISHED -i eth0 -p icmp $IPTABLES -A INPUT -j ACCEPT -m state --state \ ESTABLISHED -i eth0 -p tcp $IPTABLES -A INPUT -j ACCEPT -m state --state \ ESTABLISHED -i eth0 -p udp # Allow incoming SSH requests $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT # Allow incoming DNS $IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT # Allow incoming HTTP requests (to web server) $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT # Allow Ping echo $IPTABLES -A INPUT -p icmp -j ACCEPT # Load modules insmod ip_conntrack_ftp insmod ipt_LOG insmod ipt_REJECT insmod ipt_limit insmod ipt_state # The logging is set so if more than 5 packets are dropped # in three seconds they will be ignored. This # helps to prevent a DOS attack # crashing the computer the firewall is running on $IPTABLES -A INPUT -m limit --limit 3/second \ --limit-burst 5 -i ! lo -j LOG # Drop and log all other data $IPTABLES -A INPUT -i ! lo -j DROP When I run this script (after stopping /etc/init.d/iptables), I get the following error: [root@localhost ~]# /usr/local/etc/firewall insmod: can't read 'ip_conntrack_ftp': No such file or directory insmod: can't read 'ipt_LOG': No such file or directory insmod: can't read 'ipt_REJECT': No such file or directory insmod: can't read 'ipt_limit': No such file or directory insmod: can't read 'ipt_state': No such file or directory [root@localhost ~]# The book I'm using uses FC2. Is this why I'm getting these error? How can I solve this? Thank you in advance!!! |
Hi,
It seems the modules have not been built. In linux, functionality can either be built into the kernel or as loadable modules. Since the insmod command fails, it appears either the modules haven't been built separately or they are already built into the kernel.... Try to comment out these insmod lines with # and then execute the script. No output/error will be returned if the attempt has been successful. Also check your /var/log/messages file for output from IPTABLES logging. Cheers, --cyberjun |
hello cyberjun,
thanks for your reply. i'm setting up an ftp server and the book i am reading stated i need those lines (modules loaded). i remember when i installed fc4 that i unchecked the ftp server option so it should not have loaded it. now i did a "yum install ftp" and it did something. but then i get the same result when i run my firewall script. how can i load these modules using the command line? thanks. i am a newbie, if any of you gurus would like to reply on this, please provide step by step instructions. thanks again! |
When installing FC1-4 they give you a option to install a Firewall. You should select that option and use the gui to preconfigure your firewall filters. Once its all loaded up all you need to do is edit /etc/sysconfig/iptables. From there you can modifiy the filters. Make sure after you save iptables do a 'service iptables restart' so the new rules are loaded.
Other options are: 'service iptables start' *Start Firewall 'service iptables stop' *Stop Firewall 'service iptables status' *Check status of Firewall/Rules |
| All times are GMT -5. The time now is 10:56 AM. |