abcampa |
11-17-2005 04:55 PM |
port forwarding --state (command not found?)
So I added the following to my iptables script:
Code:
#echo "Enabling PORTFW Redirection on the external LAN.."
#
# This will forward ALL port 80 traffic from the external IP address
# to port 80 on the 192.168.0.10 machine
#
# Be SURE that when you add these new rules to your rc.firewall-*, you
# add them before a direct or implict DROP or REJECT.
#
PORTFWIP="192.168.0.10"
# NOTE: If you are using the basic rc.firewall-iptables ruleset, you
# will need to enable the following EXTIP option. Users of the
# rc.firewall-iptables-stronger ruleset already have this defined.
#
# *PLEASE* look over the rc.firewall-iptables-stronger ruleset for more
# specific issues regarding dynamic vs. static IP addresses
#
#
# Determine the external IP automatically:
# ----------------------------------------
#
# The following line will determine your external IP address. This
# line is somewhat complex and confusing but it will also work for
# all NON-English Linux distributions:
#
# DISABLED by default -- to enable, REMOVE both the "#" characters below
#
#EXTIP="`$IFCONFIG $EXTIF | $AWK \
#/$EXTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"
# Allow forwarding of new and existing port 80 connections from the external
# interface. This rule is required as our default FORWARD policy is DENY.
#
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
#Enable PORTFW of this port 80 traffic from the external interface
#
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 80 -m state \
*** --state NEW,ESTABLISHED,RELATED -j DNAT --to $PORTFWIP:80
and i get the following error:
Code:
- Loading OUTPUT rulesets
./rc.firewall-iptables-stronger: line 621: o: command not found
Bad argument ` '
Try `iptables -h' or 'iptables --help' for more information.
./rc.firewall-iptables-stronger: line 663: --state: command not found
- FWD: Allow all connections OUT and only existing/related IN
i copied and pasted from the site:
http://www.tldp.org/HOWTO/IP-Masquer...orwarders.html
So why would the --state command be not found if the statement right above went just fine and its identical?
The line 663 is the one with the *** at the begining btw.
Appreciate any help
this is on centos OS btw.
|