iptables script

nopcoder · 01-07-2006, 09:41 AM

Hi

I have the following script for network gateway setup. How come I can't run it directly via "sh" BUT I can manually type each line in the terminal and execute them fine?

The script file: firewall.sh

Code:

#!/bin/sh

PATH=/usr/sbin:/sbin:/bin:/usr/bin

#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT


# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth0 -o eth0 -j REJECT

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

When tried to run directly:

Code:

# sh firewall.sh

: command not found:
: command not found:
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
: command not found2:
'ptables v1.2.11: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
: command not found5:
: command not found6:
'ptables v1.2.11: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.2.11: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.2.11: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
: command not found1:
'ptables v1.2.11: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
: command not found4:
'ptables v1.2.11: Invalid target name `MASQUERADE
Try `iptables -h' or 'iptables --help' for more information.
: command not found7:
'ptables v1.2.11: Invalid target name `REJECT
Try `iptables -h' or 'iptables --help' for more information.
: command not found0:

Other info: I am running Debian 3.1 and iptables 1.2.11-10

michaelk · 01-07-2006, 09:55 AM

What editor did you use to create the script?

nopcoder · 01-07-2006, 11:44 AM

ahhh problem solved (with help from the author of the script actually). The file had carriage returns, but thx anyway =)

dvarius · 01-07-2006, 07:37 PM

So what have you done because I have the same problem

michaelk · 01-08-2006, 10:35 AM

dvarius,
From nopcoder's last post I would say he created the file on a windows PC. DOS/windows end of line character is different then unix for ASCII text files i.e. <CR><LF> vs <LF>.

If you open the file for editing in linux and see ^M at the end of each line then this is your problem. Here are a couple of methods to correct the problem, Use the dos2unix utility or vim and use the set command i.e set ff=unix and save the file.

nopcoder · 01-08-2006, 09:54 PM

Precisly

As michaelk mentioned the file was created in windows (interesting how that os always manages to annoy) and I ran the following command to fix it:
perl -pi.bak -e 's/\r\n/\n/' <insert filename here>

NOTE: please do change <insert filename here> to whatever is appropriate

fotoguy · 01-09-2006, 03:00 AM

Good practice to never open or create files in windows if there intended to run on a unix/linux box. I had the same trouble with some scripts last year.