LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-16-2015, 11:38 AM   #1
Rodrigo Gomes
LQ Newbie
 
Registered: Jun 2015
Posts: 4

Rep: Reputation: Disabled
Question Iptables if-pre-up blocking my network interfaces - Debian


Good day

First i'd like to say that i'm a completely noob at this Linux universe, so forgive me if this questions seems really stupid

I installed Debian at a laptop to be a torrent box + DLNA server, i had a Raspberry Pi doing this but I reached a high number of seeding and I had to upgrade it, anyway everything was running fine when I decided to mess with iptables, now I can't start any network interface, when I try ifup wlan0 or eth0 I get this message, "failed o exec /etc/network/if-pre-up.d/iptables: no such file (...) exited with return code 1."

The file is there with 777 permission and root as owner, I searched all over the internet looking for a solution, but i can't find a answer.

If anyone can give me the direction to follow I'll appreciate.

Thank you
 
Old 06-16-2015, 11:59 AM   #2
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 608

Rep: Reputation: 301Reputation: 301Reputation: 301Reputation: 301
Quote:
when I decided to mess with iptables
In what way?
You're saying it worked, then it didn't work but not detailing what you might of done to cause that.
 
Old 06-16-2015, 12:31 PM   #3
Rodrigo Gomes
LQ Newbie
 
Registered: Jun 2015
Posts: 4

Original Poster
Rep: Reputation: Disabled
Sefyir thank you for reply.

After install everything was working, I could use wlan and eth.

I used this guide to set some rules at iptables (https://www.lisenet.com/2014/configu...ian-wheezy-pc/)

Code:
# iptables -t filter -nL

# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X

# nano /etc/iptables.up.rules
Add these lines to the file

*filter
-F INPUT
-F OUTPUT
-F FORWARD

-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT

-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A OUTPUT -o lo -d 127.0.0.0/8 -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

COMMIT

Code:
# iptables-restore < /etc/iptables.up.rules
# nano /etc/network/if-pre-up.d/iptable
add these lines to the file

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules

Code:
# chmod 0755 /etc/network/if-pre-up.d/iptables
then I thought it could be a permission problem and changed to 0777

and that is it, now I can't start any network interface.
If I use Ifup wlan0 or ifup eth0 I get this message, "failed o exec /etc/network/if-pre-up.d/iptables: no such file (...) exited with return code 1."

I really dont know what I did, and worst than that I cant undo it.
 
Old 06-16-2015, 12:54 PM   #4
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 608

Rep: Reputation: 301Reputation: 301Reputation: 301Reputation: 301
Ok. so changing the file back to 755 would be smart since it should be owned by root anyways. Sometimes having too lax permissions will cause it to fail (running a script as root that anyone can modify is a bad idea)

From the error it looks like it is looking for /etc/network/if-pre-up.d/iptables, deciding it doesn't exist and exiting.
What happens when you run:
Code:
/etc/network/if-pre-up.d/iptables
As a fyi, if you have a policy of accepting packets (-P INPUT ACCEPT), in most cases having rules to accept packets is useless. This means the only rule that actually does anything in your INPUT is -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

Last edited by Sefyir; 06-16-2015 at 12:59 PM.
 
Old 06-16-2015, 01:11 PM   #5
Rodrigo Gomes
LQ Newbie
 
Registered: Jun 2015
Posts: 4

Original Poster
Rep: Reputation: Disabled
I run it and got this message, "/sbin/iptables-restore: bad interpreter: No such file or directory"

I checked the directory and the file is there, but I cant read it, I believe its encrypted.

About iptables rules, Is there any default rules set to apply?
 
Old 06-16-2015, 02:53 PM   #6
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 608

Rep: Reputation: 301Reputation: 301Reputation: 301Reputation: 301
So far:
If you run ifconfig to raise a device it runs your script which then results in
Code:
failed o exec /etc/network/if-pre-up.d/iptables
Checking your script reveals this line
Code:
/sbin/iptables-restore < /etc/iptables.up.rules
Running this line manually results in this error
Code:
 "/sbin/iptables-restore: bad interpreter: No such file or directory"
iptables-restore is a program, much like ssh or bash. It's not encrypted but in binary format (versus human readable format like a bash script)
I'm not sure why iptables-restore isn't being found, but if you remove that line from your code does the problem go away? Mostly to see if that isolates the problem.

This line
Code:
/sbin/iptables-restore < /etc/iptables.up.rules
from this file?
Code:
/etc/network/if-pre-up.d/iptables

Last edited by Sefyir; 06-16-2015 at 02:55 PM.
 
Old 06-17-2015, 08:35 PM   #7
Rodrigo Gomes
LQ Newbie
 
Registered: Jun 2015
Posts: 4

Original Poster
Rep: Reputation: Disabled
Hi I did it, and nothing changed.

So I tried to clean the file and use the following command

Code:
# cat > /etc/network/if-pre-up.d/iptables << EOL
#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules
EOL
Then everything back to normal, I dont know how but now its working.

Thank you Sefyir for your help
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Botched up /etc/network/if-pre-up.d/iptables, now can't boot mavrck48 Linux - Newbie 4 11-24-2013 07:12 PM
Debian 6: iptables blocking certain IP ranges on a certain port range templar Linux - Security 1 05-16-2011 11:23 AM
ifup: couldn't read interfaces file "/etc/network/interfaces" debian lenny lorimer73 Linux - Networking 1 08-24-2010 03:47 PM
iptables, and blocking all but non network traffic Argo Linux - Security 11 06-18-2007 07:42 PM
blocking Network Broadcast using IPtables ! stakhous Linux - Security 3 01-18-2005 02:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration