LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-24-2003, 01:40 PM   #1
rinux
Member
 
Registered: May 2003
Posts: 44

Rep: Reputation: 15
iptables


iptables is not working ??!!!
 
Old 05-24-2003, 02:02 PM   #2
manthram
Member
 
Registered: Feb 2002
Location: Fairfax, VA
Distribution: RedHat 8, Mandrake9.1, Slack9
Posts: 456

Rep: Reputation: 31
details!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
Old 05-24-2003, 02:51 PM   #3
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Quote:
Originally posted by manthram
details!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
lol
Quote:
Originally posted by rinux
iptables is not working ??!!!
1) Not starting
2) Not blocking
3) Not masuerading
4) Something else?
 
Old 05-24-2003, 07:07 PM   #4
rinux
Member
 
Registered: May 2003
Posts: 44

Original Poster
Rep: Reputation: 15
1) Not starting
2) Not blocking

so i can't try anything else
 
Old 05-24-2003, 07:09 PM   #5
manthram
Member
 
Registered: Feb 2002
Location: Fairfax, VA
Distribution: RedHat 8, Mandrake9.1, Slack9
Posts: 456

Rep: Reputation: 31
how did you check these things? what did you try and what were the results???
 
Old 05-24-2003, 07:20 PM   #6
rinux
Member
 
Registered: May 2003
Posts: 44

Original Poster
Rep: Reputation: 15
iptables -X
iptables -F.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

IT IS SUPPOSED BEING UNABLE TO PING MYSELF AT THIS MOMENT BUT STILL I CAN
 
Old 05-24-2003, 07:23 PM   #7
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
What does this say:
service iptables status

To block pings:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
 
Old 05-24-2003, 08:19 PM   #8
rinux
Member
 
Registered: May 2003
Posts: 44

Original Poster
Rep: Reputation: 15
service iptables status or start.... give no response at all !!!! it is not a problem of blocking ping, i need to use iptables ....
 
Old 05-24-2003, 09:52 PM   #9
Crashed_Again
Senior Member
 
Registered: Dec 2002
Location: Atlantic City, NJ
Distribution: Ubuntu & Arch
Posts: 3,503

Rep: Reputation: 57
Ummm...do you have iptables installed? What distrobution are you using?
 
Old 05-24-2003, 10:12 PM   #10
rinux
Member
 
Registered: May 2003
Posts: 44

Original Poster
Rep: Reputation: 15
how could i know?? when i make ntsysv i find it between the services so i guess it is installed
i am using redhat 7.3
 
Old 05-24-2003, 10:20 PM   #11
Aussie
Senior Member
 
Registered: Sep 2001
Location: Brisvegas, Antipodes
Distribution: Slackware
Posts: 4,590

Rep: Reputation: 56
Quote:
Originally posted by rinux
how could i know?? when i make ntsysv i find it between the services so i guess it is installed
i am using redhat 7.3
Got your reading glasses on?

http://www.netfilter.org/

Start with the HOWTO's and FAQ's and then we'll be available to answer specific questions - teaching someone how to do iptables from scratch is a little beyond the scope of this board.

And it helps if your polite to people trying to help you with a problem.
 
Old 05-25-2003, 05:59 PM   #12
trently29
LQ Newbie
 
Registered: May 2003
Posts: 13

Rep: Reputation: 0
did you configure your kernel for iptables or did you install the modules?
 
Old 05-25-2003, 08:50 PM   #13
rinux
Member
 
Registered: May 2003
Posts: 44

Original Poster
Rep: Reputation: 15
how can i configure my kernel ??
should i install any modules ?? which ones ??
thanks
 
Old 05-25-2003, 09:25 PM   #14
Aussie
Senior Member
 
Registered: Sep 2001
Location: Brisvegas, Antipodes
Distribution: Slackware
Posts: 4,590

Rep: Reputation: 56
You should read the documentation at netfilter.org, we can answer specific questions you may have but you need to read the instructions first.
 
Old 05-26-2003, 12:40 AM   #15
trently29
LQ Newbie
 
Registered: May 2003
Posts: 13

Rep: Reputation: 0
the easiest way to find out if your iptables are working is write a rule then list the rules to see if it is there. Other wise you will have to see if IPTABLES is installed type chkconfig --list and see if iptables is listed and is running at level 2,3,4,5 .

next do lsmod and see if any modules like ip_conntrack is loaded.
if not then it is probably pre configured in the kernel. There are other moduals you can load. or you can configure them in the kernel.
[General Setup]
*Networking support (config_net) yes
*Sysctl support (config_sysctl) yes

[Networking options] just save yourself time and say yes to everthing!!
*Packet socket (Config_packet) yes
*Packet socket(config_packet_mmap) yes
*Kernel/User netlink socket (Config_netlink) modulated
*Routing messages (Config_rtnetlink) yes
*Network packet filtering (config_netfilter) yes
*Socket Filtering (config_filter) yes if you plan to run a dhcp server
*Unix domain sockets (config_unix) yes
*Tcp/Ip networknig (config_inet) yes
*IP:TCP syncookie support (config_syn_cookies) yes

[Networking options--> IP: Netfilter Configuration]
*Connection tracking (Config_IP_NF_conntrack) yes
*FTP protocol support (config_ip_nf_ftp) modulated
*IP tables support (config_ip_nf_tables) yes
*limit match support (config_ip_nf_match_limit) module
*netfilter mark match support (config_ip_nf_match_mac) module
*multiple port match support (config_ip_nf_match_multiport) module
*Connection state match support (Config_ip_nf_match_state) module
*Unclean match support (config_ip_nf_match_unclean) module
*Packet filtering (Config_ip_nf_filter) module
*Reject target support (config_ip_nf_target_reject) module
*Full Nat (config_ip_nf_nat) module
*Masquerade target support (config_ip_nf_target_masquerade) module
*Packet mangling (config_ip_nf_mangle) module
*LOG target support (config_ip_nf_target_log) module
*TCPMSS target support(config_ip_nf_target_tcpmss) module
*ipchains 2.2 style support (optional if you have an existing ipchains rulset)
(config_ip_nf_compat_ipchains) module
*ipfwadm 2.0 style support (optional if you have an existing ipfwadm ruleset)
(config_ip_nf_compat_ipfwadm) module

[Network device support]
*Network device support (config_netdevices) yes
*Dummy net driver support (config_dummy) yes

[File Systems)
*/proc filesystem support (config_proc_fs) yes

those are the settings in the kernel
then you have to compile it
but it is easier to load moduals with a script
here is an example
http://www.oceanpark.com/notes/firewall_example.html
search around and read alot there are some pretty good firewall scripts around.
=)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 06:25 AM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 03:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 07:08 AM
iptables book wich one can you pll recomment to be an iptables expert? linuxownt Linux - General 2 06-26-2003 05:38 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 08:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration