LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-27-2005, 09:45 PM   #1
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Rep: Reputation: 30
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help'


Dear friends,

I am facing a weird problem with iptables.

I wrote a script, which I have simplified as below:

#!/bin/sh

EXTDEV=eth0
EXTIP="60.49.232.254"
#!/bin/sh#!/bin/sh

EXTDEV=eth0
EXTIP="60.49.232.254"

INTDEV=eth1
INTIP="172.22.1.253"

IPT=/sbin/iptables

for table in mangle filter nat
do
$IPT -t $table -F
$IPT -t $table -X
$IPT -t $table -Z
done

$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
$IPT -F
$IPT -X

$IPT -nat -A POSTROUTING -o eth0 -j SNAT --to-source $EXTIP
~


EXTDEV=eth0
EXTIP="60.49.232.254"

INTDEV=eth1
INTIP="172.22.1.253"

IPT=/sbin/iptables

for table in mangle filter nat
do
$IPT -t $table -F
$IPT -t $table -X
$IPT -t $table -Z
done

$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
$IPT -F
$IPT -X

$IPT -nat -A POSTROUTING -o eth0 -j SNAT --to-source $EXTIP
~

INTDEV=eth1#!/bin/sh

EXTDEV=eth0
EXTIP="60.49.232.254"

INTDEV=eth1
INTIP="172.22.1.253"

IPT=/sbin/iptables

for table in mangle filter nat
do
$IPT -t $table -F
$IPT -t $table -X
$IPT -t $table -Z
done

$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
$IPT -F
$IPT -X

$IPT -nat -A POSTROUTING -o eth0 -j SNAT --to-source $EXTIP
~

INTIP="172.22.1.253"

IPT=/sbin/iptables

for table in mangle filter nat
do
$IPT -t $table -F
$IPT -t $table -X
$IPT -t $table -Z
done

$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
$IPT -F
$IPT -X

$IPT -nat -A POSTROUTING -o eth0 -j SNAT --to-source $EXTIP


Problem: Whenever i try to load this script by doing ./firewall it gives me the following error:

iptables v1.2.9: Unknown arg `/sbin/iptables'
Try `iptables -h' or 'iptables --help'

I have checked, there is the /sbin/iptables in there.
Yesterday it worked perfectly, I didn't change anything on my computer, but today it can no longer work. I tired with different scripts, but still don't work.

Searched google but feeds nothing useful, anyone know what went wrong? pleas ehelp me...thank a lot for taking time reading my thread..


Regards
Yong
 
Old 12-28-2005, 03:33 AM   #2
Notwerk
Member
 
Registered: Apr 2005
Location: Jordan
Distribution: Debian (Sarge), Ubuntu (6.06)
Posts: 271

Rep: Reputation: 30
Quote:
$IPT -nat -A POSTROUTING -o eth0 -j SNAT --to-source $EXTIP
Code:
$IPT -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $EXTIP
 
Old 12-28-2005, 06:52 PM   #3
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Original Poster
Rep: Reputation: 30
Thanks friend!
 
Old 12-29-2005, 07:26 PM   #4
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: KirraMail Live Email Server
Posts: 1,275

Rep: Reputation: 61
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
$IPT -F
$IPT -X

Your also setting default policy then flushing, should be the other way aroung try:

$IPT -F
$IPT -X
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

Also having trouble following your script it seems to be repeating itself or did you make a mistake when posting? You also have no rules setup to allow any INPUT, OUTPUT or FORWARD rules

IPT=/sbin/iptables

try:

IPT="/sbin/iptables"

Last edited by fotoguy; 12-29-2005 at 07:27 PM.
 
Old 12-29-2005, 08:20 PM   #5
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Original Poster
Rep: Reputation: 30
Hi fotoguy,

yeah, I made a mistake in my post. And i swap the flush above the default policy.

thanks for your help!

Regards
Fong
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 05:25 AM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 02:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
iptables book wich one can you pll recomment to be an iptables expert? linuxownt Linux - General 2 06-26-2003 04:38 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM


All times are GMT -5. The time now is 10:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration