LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   iptables will not start -error on line 18 (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-will-not-start-error-on-line-18-a-846773/)

blakman1313 11-26-2010 05:48 PM

iptables will not start -error on line 18
 
good day all,

I'm a linux noob, only know about enough to be dangerous...I am trying to get my Fedora Core firewall to work - I actually didn't know it wasn't until I started poking around in the GUI (I use both CLI and GUI) - so I used the CLI to try and start it and got the following:

[root@linuxbox ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore v1.3.0: Line 18 seems to have a -t table option.

Error occurred at line: 18
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
[root@linuxbox ~]#

I'm not sure what they mean by line 18, but below is a copy of my config file:

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -t nat -o ham0 -j MASQUERADE
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5800 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5801 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

If anyone can assist, just let me know what other info I may need to make this clear and I'll gladly provide it.

blakman1313 11-26-2010 05:50 PM

Oh, I forgot to add, when I try to start using the GUI, it just freezes (hourglass)...

repo 11-26-2010 06:21 PM

Quote:

-A RH-Firewall-1-INPUT -t nat -o ham0 -j MASQUERADE
What is ham0 ?

Kind regards

blakman1313 11-30-2010 02:48 PM

Reply to REPO - Ham0
 
To be honest I have no idea what "ham0" is - my ethernet ports are labeled "eth0" and "eth1"....

[root@linuxbox ~]# ip addr
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:da:b7:fe:78 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.4/24 brd 192.168.0.255 scope global eth0
inet6 fe80::250:daff:feb7:fe78/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:da:2a:4b:0d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.200/24 brd 192.168.1.255 scope global eth1
inet6 fe80::250:daff:fe2a:4b0d/64 scope link
valid_lft forever preferred_lft forever

...however I'm noticing another port that I did not realize existed, and now am wondering if my box has been compromised:

4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0

My network is setup up like this:

linuxbox(Fedora) -->netgear router (192.168.0.x, for SAMBA access on my internal LAN) and a direct connection to my LEAF FW (192.168.1.x. 2 NICs total) --> firewall (LEAF) -->Comcast modem

blakman1313 11-30-2010 10:03 PM

Further to Repo - sit0
 
Sorry, forgive my ignorance, but I did a web search and found this:

sit is use to setup of point-to-point tunnel.

sit is an acronym for "simple internet transition" and is basically a device capable of encapsulating ipv6 in ipv4 datagrams.

Believe it or not I do understand that (well, a little), at least enough to know it's not an attack or compromise. And sorry to have gotten off-track, still waiting for an answer to why my linuxbox firewall won't start...

blakman1313 11-30-2010 10:11 PM

Ham0
 
A good time back, before it was picked up by LogMeIn, I had attempted an install of Hamachi for linux on this particular machine. It never worked as planned, and I found another way to access my linux distro box from outside of my home network.

Another websearch found that Ham0 is an attempt by the Hamachi program to rename the eth port chosen (this is all assumption from what I've read) -

"So I put it on one of my CC gateway boxes (Home 3.2), but the virtual interface (ham0) seems to live outside the firewall. Kinda defeats the purpose of the whole Hamachi thing..
My simple question is ; How do I tell the CC box that the ham0 interface is a LAN interface, and that is lives inside the firewall, so I can use it for accessing Samba shares?"


All times are GMT -5. The time now is 12:01 PM.