LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Iptables Problem (http://www.linuxquestions.org/questions/slackware-14/iptables-problem-4175456178/)

mutt4xtreme 03-30-2013 02:58 PM

Iptables Problem
 
I cannot get Iptables to work, i used the command #which iptables to see if it could find it and it says


"which: no itables in (/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib/kde4/libexec:/usr/lib/qt/bin:/usr/share/texmf/bin)"


In the package manager it says iptables is installed, is there any way to reinstall it to fix the problem I am having? I tried to reinstall it myself but it doesn't put the files in sbin or any of the normal locations the files should be in.

rg3 03-30-2013 03:14 PM

It may be a cut&paste problem, but the text you posted says "no itables" instead of "no iptables" (missing p). Other than that, /usr/sbin is in the search path, so I'd either check the iptables package is really installed, or there's a missing symlink:

lrwxrwxrwx 1 root root 13 Feb 6 18:50 /usr/sbin/iptables -> xtables-multi

mutt4xtreme 03-30-2013 03:45 PM

I accidently put it in wrong, it says it is installed but there are no files in the /usr/sbin/iptables/ the file is empty. The whole reason I want to get this to work is to use APF Firewall and it requires iptables to be installed. And APF Firewall cannot find the required files for it to work. So could you possibly guide me through how to reinstall iptables or somehow fix this. Thanks

Woodsman 03-30-2013 04:49 PM

This should get you going:

slackpkg update
slackpkg upgrade-all

mutt4xtreme 03-30-2013 05:33 PM

I tried that and here is what i got:


root@MTI1997-Linux:~# slackpkg update

You do not have any mirror selected in /etc/slackpkg/mirrors
Please edit that file and uncomment ONE mirror. Slackpkg
only works with ONE mirror selected.


root@MTI1997-Linux:~# slackpkg upgrade-all

This appears to be the first time you have run slackpkg.
Before you install|upgrade|reinstall anything, you need to uncomment
ONE mirror in /etc/slackpkg/mirrors and run:

# slackpkg update

You can see more information about slackpkg functions in slackpkg manpage.

Woodsman 03-30-2013 05:50 PM

Edit /etc/slackpkg/mirrors to uncomment a mirror closest to you.

mutt4xtreme 03-30-2013 06:18 PM

I did all that and when I try to run apf firewall still it says it still cant find iptables, it is looking in /sbin/iptables/ and that is not a directory at all. But there is iptable files in /usr/local/sbin/

Richard Cranium 03-30-2013 07:05 PM

Try "slackpkg reinstall iptables" as root.

If that doesn't work, then please post the results of the command
Code:

df -h

mutt4xtreme 03-30-2013 07:12 PM

Still doesn't work, iptables put the files under /usr/sbin/ and apf is looking under /sbin/

Woodsman 03-30-2013 07:20 PM

When the iptables package is installed correctly, the which command should show the following on Slackware:

which iptables
/usr/sbin/iptables

From where did you get this apf firewall? From what I see searching the web, this is some kind of firewall configuration script. That script is not part of the stock Slackware. More than likely the APF firewall script presumes a location of /sbin/iptables rather than /usr/sbin/iptables, which would explain the failure.

A traditional way of configuring iptables in Slackware is to use the following web page, which will generate an rc.firewall script for Slackware:

http://www.slackware.com/~alien/efg/

mutt4xtreme 03-30-2013 07:34 PM

I got apf from this site http://www.rfxn.com I guess ill figure this out later, I made the rc.firewall script and put it in the right directory and im guessing iptables should start everytime I run slackware.

Woodsman 03-30-2013 07:53 PM

Make sure you chmod +x /etc/rc.d/rc.firewall. :)

mutt4xtreme 03-30-2013 08:11 PM

I did chmod 755 etc/rc.d/rc.firewall/ and then restarted. To make sure it was working I put in iptables -L -n and it outputted a bunch of things, whihc im guessing it is working now.


root@MTI1997-Linux:~# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
bad_packets all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 224.0.0.1
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
tcp_inbound tcp -- 0.0.0.0/0 0.0.0.0/0
udp_inbound udp -- 0.0.0.0/0 0.0.0.0/0
icmp_packets icmp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 4 prefix "INPUT packet died: "

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy DROP)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
ACCEPT all -- 127.0.0.1 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG flags 0 level 4 prefix "OUTPUT packet died: "

Chain bad_packets (1 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "Invalid packet: "
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
bad_tcp_packets tcp -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain bad_tcp_packets (1 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW LOG flags 0 level 4 prefix "New not syn: "
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 LOG flags 0 level 4 prefix "Stealth scan: "
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F LOG flags 0 level 4 prefix "Stealth scan: "
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 LOG flags 0 level 4 prefix "Stealth scan: "
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37 LOG flags 0 level 4 prefix "Stealth scan: "
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 LOG flags 0 level 4 prefix "Stealth scan: "
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 LOG flags 0 level 4 prefix "Stealth scan: "
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0

Chain icmp_packets (1 references)
target prot opt source destination
LOG icmp -f 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "ICMP Fragment: "
DROP icmp -f 0.0.0.0/0 0.0.0.0/0
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11
RETURN icmp -- 0.0.0.0/0 0.0.0.0/0

Chain tcp_inbound (1 references)
target prot opt source destination
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0

Chain tcp_outbound (0 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0

Chain udp_inbound (1 references)
target prot opt source destination
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
RETURN udp -- 0.0.0.0/0 0.0.0.0/0

Chain udp_outbound (0 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0

Richard Cranium 03-31-2013 09:58 PM

You might find the output of
Code:

iptables-save
to be easier to read.

kikinovak 04-01-2013 02:27 AM

Slackware puts iptables in /usr/sbin, whereas distributions like Debian put it in /sbin. Your script isn't portable, meaning it doesn't contain a line like:

Code:

IPT=$(which iptables)
So that's why it doesn't work.

Advice: don't bother with your script, and simply write an iptables firewall yourself. It's easier than you might think.


All times are GMT -5. The time now is 01:05 AM.