|
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so:
I have got a problem with my iptables. Setting this firewall up is a part of a school project. Problem is everything worked when i left the machine last week, now when i try to start iptables i get this message:
iptables: Chain already exists iptables v1.2.6a: Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. As far as i know, noone have had access to the machine through the weekend as the school have been closed, so i got no idea what happend or what to do to fix this, my iptables script looks like this: #!/bin/sh #Ip Adresses DMZIP=172.17.2.1 INTIP=172.17.1.1 EXTIP=217.60.180.25 #Tillad Forwaring af Pakker echo "1" > /proc/sys/net/ipv4/ip_forward #Lukker alt INPUT og FORWARD iptables -P INPUT DROP iptables -P FORWARD DROP #Tillader OUTPUT traffik iptables -P OUTPUT ACCEPT #Sletter gammel konfiguration iptables -F iptables -t nat -F #Laver en ny kæde iptables -N block #Tillader alt lokal traffik iptables -A INPUT -i lo -j ACCEPT #Router pakker fra 172.17.1.0 til 217.60.180.25 iptables -t nat -A POSTROUTING -s 172.17.1.0/24 -d "!" 172.17.1.0/24 -j SNAT --to $EXTIP #Router pakker fra 172.17.2.0 til 217.60.180.25 iptables -t nat -A POSTROUTING -s 172.17.2.0/24 -d "!" 172.17.2.0/24 -j SNAT --to $EXTIP #Router pakker fra 172.17.1.0 til 172.17.2.0 iptables -t nat -A PREROUTING -d 172.17.1.0/24 -j DNAT --to $INTIP #Router pakker fra 172.17.2.0 til 172.17.1.0 iptables -t nat -A PREROUTING -d 172.17.2.0/24 -j DNAT --to $DMZIP #Tillader forbindelser der er oprettet iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT #Tillader nye forbindelser der kommer fra internt netværk (eth1 og eth2) iptables -A block -m state --state NEW -i eth1 -j ACCEPT iptables -A block -m state --state NEW -i eth2 -j ACCEPT #Kobler block kæden pÃ¥ INPUT OG FORWARD iptables -A INPUT -j block iptables -A FORWARD -j block #Ãbner for port 21,22,25,80 og 110 pÃ¥ eth0 iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -i eth0 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -i eth0 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT iptables -A INPUT -p tcp --dport 110 -i eth0 -j ACCEPT #Tillader Forwarding af port 21,25,80 og 110 iptables -A FORWARD -p tcp --dport 21 -i eth0 -j ACCEPT iptables -A FORWARD -p tcp --dport 25 -i eth0 -j ACCEPT iptables -A FORWARD -p tcp --dport 80 -i eth0 -j ACCPET iptables -A FORWARD -p tcp --dport 110 -i eth0 -j ACCEPT #Forwarder alle pakker der kommer pÃ¥ port 21,25,80 og 110 til den respektive server iptables -t nat -A PREROUTING -p tcp --dport 21 -d 217.60.180.25 -j DNAT --to 172.17.1.10 iptables -t nat -A PREROUTING -p tcp --dport 25 -d 217.60.180.25 -j DNAT --to 172.17.1.10 iptables -t nat -A PREROUTING -p tcp --dport 80 -d 217.60.180.25 -j DNAT --to 172.17.1.10 iptables -t nat -A PREROUTING -p tcp --dport 110 -d 217.60.180.25 -j DNAT --to 172.17.1.10 And im running Red Hat 8.0 if thats any relevant information |
Re: Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so:
iptables: Chain already exists Might need to add flush rules at the beginning in case you already have some rules defined when you run the script. iptables v1.2.6a: Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: There's your hint, look how ACCEPT is spelled in the above error message (or miss-spelled in this case) Code:
#Ip Adresses |
Re: Re: Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so:
Quote:
|
It's always the little things that get you with iptables ;)
|
| All times are GMT -5. The time now is 04:16 PM. |