LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   port forwarding --state (command not found?) (https://www.linuxquestions.org/questions/linux-security-4/port-forwarding-state-command-not-found-384129/)

abcampa 11-17-2005 04:55 PM
port forwarding --state (command not found?)
 
So I added the following to my iptables script:


Code:
#echo "Enabling PORTFW Redirection on the external LAN.."
#
#  This will forward ALL port 80 traffic from the external IP address
#  to port 80 on the 192.168.0.10 machine
#
#  Be SURE that when you add these new rules to your rc.firewall-*, you
#  add them before a direct or implict DROP or REJECT.
#
PORTFWIP="192.168.0.10"


# NOTE:  If you are using the basic rc.firewall-iptables ruleset, you
#        will need to enable the following EXTIP option.  Users of the
#        rc.firewall-iptables-stronger ruleset already have this defined.
#
#  *PLEASE* look over the rc.firewall-iptables-stronger ruleset for more
#            specific issues regarding dynamic vs. static IP addresses
#
#
# Determine the external IP automatically:
# ----------------------------------------
#
#  The following line will determine your external IP address.  This
#  line is somewhat complex and confusing but it will also work for
#  all NON-English Linux distributions:
#
# DISABLED by default -- to enable, REMOVE both the "#" characters below
#
#EXTIP="`$IFCONFIG $EXTIF | $AWK \
#/$EXTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"


# Allow forwarding of new and existing port 80 connections from the external
# interface.  This rule is required as our default FORWARD policy is DENY.
#
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state \
 --state NEW,ESTABLISHED,RELATED -j ACCEPT


#Enable PORTFW of this port 80 traffic from the external interface
#
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 80 -m state \
*** --state NEW,ESTABLISHED,RELATED -j DNAT --to $PORTFWIP:80



and i get the following error:



Code:
  - Loading OUTPUT rulesets
./rc.firewall-iptables-stronger: line 621: o: command not found
Bad argument ` '
Try `iptables -h' or 'iptables --help' for more information.
./rc.firewall-iptables-stronger: line 663: --state: command not found
    - FWD: Allow all connections OUT and only existing/related IN
i copied and pasted from the site:

http://www.tldp.org/HOWTO/IP-Masquer...orwarders.html



So why would the --state command be not found if the statement right above went just fine and its identical?


The line 663 is the one with the *** at the begining btw.

Appreciate any help

this is on centos OS btw.

unSpawn 11-19-2005 04:51 AM
Could it be because you've configured earlier line 621 wrong and the ipt_state module isn't loaded?:
./rc.firewall-iptables-stronger: line 621: o: command not found
As root: "grep -q ^ipt_state /proc/modules || modprobe ipt_state".

abcampa 11-19-2005 10:58 AM
good eye, there was a line with just a "o" at the beginning, insteado f a "echo -e"

That fixed it.

i cant believe i didnt see the line 621 error.


All times are GMT -5. The time now is 10:12 AM.