LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 11-17-2005, 05:55 PM   #1
abcampa
LQ Newbie
 
Registered: Apr 2005
Distribution: Mandriva 10.1
Posts: 18

Rep: Reputation: 0
Question port forwarding --state (command not found?)


So I added the following to my iptables script:


Code:
#echo "Enabling PORTFW Redirection on the external LAN.."
#
#   This will forward ALL port 80 traffic from the external IP address
#   to port 80 on the 192.168.0.10 machine
#
#   Be SURE that when you add these new rules to your rc.firewall-*, you
#   add them before a direct or implict DROP or REJECT.
#
PORTFWIP="192.168.0.10"


# NOTE:  If you are using the basic rc.firewall-iptables ruleset, you
#        will need to enable the following EXTIP option.  Users of the
#        rc.firewall-iptables-stronger ruleset already have this defined.
#
#  *PLEASE* look over the rc.firewall-iptables-stronger ruleset for more 
#            specific issues regarding dynamic vs. static IP addresses
#
#
# Determine the external IP automatically:
# ----------------------------------------
#
#  The following line will determine your external IP address.  This
#  line is somewhat complex and confusing but it will also work for
#  all NON-English Linux distributions:
#
# DISABLED by default -- to enable, REMOVE both the "#" characters below
#
#EXTIP="`$IFCONFIG $EXTIF | $AWK \
#/$EXTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"


# Allow forwarding of new and existing port 80 connections from the external
# interface.  This rule is required as our default FORWARD policy is DENY.
#
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state \
 --state NEW,ESTABLISHED,RELATED -j ACCEPT


#Enable PORTFW of this port 80 traffic from the external interface
#
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 80 -m state \ 
*** --state NEW,ESTABLISHED,RELATED -j DNAT --to $PORTFWIP:80



and i get the following error:



Code:
   - Loading OUTPUT rulesets
./rc.firewall-iptables-stronger: line 621: o: command not found
Bad argument ` '
Try `iptables -h' or 'iptables --help' for more information.
./rc.firewall-iptables-stronger: line 663: --state: command not found
     - FWD: Allow all connections OUT and only existing/related IN
i copied and pasted from the site:

http://www.tldp.org/HOWTO/IP-Masquer...orwarders.html



So why would the --state command be not found if the statement right above went just fine and its identical?


The line 663 is the one with the *** at the begining btw.

Appreciate any help

this is on centos OS btw.
 
Old 11-19-2005, 05:51 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,810
Blog Entries: 54

Rep: Reputation: 2986Reputation: 2986Reputation: 2986Reputation: 2986Reputation: 2986Reputation: 2986Reputation: 2986Reputation: 2986Reputation: 2986Reputation: 2986Reputation: 2986
Could it be because you've configured earlier line 621 wrong and the ipt_state module isn't loaded?:
./rc.firewall-iptables-stronger: line 621: o: command not found
As root: "grep -q ^ipt_state /proc/modules || modprobe ipt_state".
 
Old 11-19-2005, 11:58 AM   #3
abcampa
LQ Newbie
 
Registered: Apr 2005
Distribution: Mandriva 10.1
Posts: 18

Original Poster
Rep: Reputation: 0
good eye, there was a line with just a "o" at the beginning, insteado f a "echo -e"

That fixed it.

i cant believe i didnt see the line 621 error.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 08:35 PM
Simple Port Forwarding Firewall - not forwarding MadTurki Linux - Security 14 04-09-2006 01:08 PM
ISPconfig AUTHORIZATION state command . linutzy Linux - Software 0 09-10-2005 09:52 AM
Port 80 forwarding to port 22 with iptables zahoo Linux - Networking 3 02-22-2005 08:22 AM
port forwarding and packet forwarding syrtsardo Linux - Newbie 2 07-03-2003 11:37 AM


All times are GMT -5. The time now is 01:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration