iptables
iptables is not working ??!!!:newbie:
|
details!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
Quote:
Quote:
2) Not blocking 3) Not masuerading 4) Something else? |
1) Not starting
2) Not blocking so i can't try anything else |
how did you check these things? what did you try and what were the results???
|
iptables -X
iptables -F. iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP IT IS SUPPOSED BEING UNABLE TO PING MYSELF AT THIS MOMENT BUT STILL I CAN |
What does this say:
service iptables status To block pings: echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts |
service iptables status or start.... give no response at all !!!! it is not a problem of blocking ping, i need to use iptables ....
|
Ummm...do you have iptables installed? What distrobution are you using?
|
how could i know?? when i make ntsysv i find it between the services so i guess it is installed
i am using redhat 7.3 |
Quote:
http://www.netfilter.org/ Start with the HOWTO's and FAQ's and then we'll be available to answer specific questions - teaching someone how to do iptables from scratch is a little beyond the scope of this board. And it helps if your polite to people trying to help you with a problem. |
did you configure your kernel for iptables or did you install the modules?
|
how can i configure my kernel ??
should i install any modules ?? which ones ?? thanks |
You should read the documentation at netfilter.org, we can answer specific questions you may have but you need to read the instructions first.
|
the easiest way to find out if your iptables are working is write a rule then list the rules to see if it is there. Other wise you will have to see if IPTABLES is installed type chkconfig --list and see if iptables is listed and is running at level 2,3,4,5 .
next do lsmod and see if any modules like ip_conntrack is loaded. if not then it is probably pre configured in the kernel. There are other moduals you can load. or you can configure them in the kernel. [General Setup] *Networking support (config_net) yes *Sysctl support (config_sysctl) yes [Networking options] just save yourself time and say yes to everthing!!:) *Packet socket (Config_packet) yes *Packet socket(config_packet_mmap) yes *Kernel/User netlink socket (Config_netlink) modulated *Routing messages (Config_rtnetlink) yes *Network packet filtering (config_netfilter) yes *Socket Filtering (config_filter) yes if you plan to run a dhcp server *Unix domain sockets (config_unix) yes *Tcp/Ip networknig (config_inet) yes *IP:TCP syncookie support (config_syn_cookies) yes [Networking options--> IP: Netfilter Configuration] *Connection tracking (Config_IP_NF_conntrack) yes *FTP protocol support (config_ip_nf_ftp) modulated *IP tables support (config_ip_nf_tables) yes *limit match support (config_ip_nf_match_limit) module *netfilter mark match support (config_ip_nf_match_mac) module *multiple port match support (config_ip_nf_match_multiport) module *Connection state match support (Config_ip_nf_match_state) module *Unclean match support (config_ip_nf_match_unclean) module *Packet filtering (Config_ip_nf_filter) module *Reject target support (config_ip_nf_target_reject) module *Full Nat (config_ip_nf_nat) module *Masquerade target support (config_ip_nf_target_masquerade) module *Packet mangling (config_ip_nf_mangle) module *LOG target support (config_ip_nf_target_log) module *TCPMSS target support(config_ip_nf_target_tcpmss) module *ipchains 2.2 style support (optional if you have an existing ipchains rulset) (config_ip_nf_compat_ipchains) module *ipfwadm 2.0 style support (optional if you have an existing ipfwadm ruleset) (config_ip_nf_compat_ipfwadm) module [Network device support] *Network device support (config_netdevices) yes *Dummy net driver support (config_dummy) yes [File Systems) */proc filesystem support (config_proc_fs) yes those are the settings in the kernel then you have to compile it but it is easier to load moduals with a script here is an example http://www.oceanpark.com/notes/firewall_example.html search around and read alot there are some pretty good firewall scripts around. =) |
All times are GMT -5. The time now is 01:15 PM. |