LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
LinkBack Search this Thread
Old 11-26-2010, 04:48 PM   #1
blakman1313
LQ Newbie
 
Registered: Feb 2010
Posts: 6

Rep: Reputation: 0
iptables will not start -error on line 18


good day all,

I'm a linux noob, only know about enough to be dangerous...I am trying to get my Fedora Core firewall to work - I actually didn't know it wasn't until I started poking around in the GUI (I use both CLI and GUI) - so I used the CLI to try and start it and got the following:

[root@linuxbox ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore v1.3.0: Line 18 seems to have a -t table option.

Error occurred at line: 18
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
[root@linuxbox ~]#

I'm not sure what they mean by line 18, but below is a copy of my config file:

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -t nat -o ham0 -j MASQUERADE
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5800 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5801 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

If anyone can assist, just let me know what other info I may need to make this clear and I'll gladly provide it.
 
Old 11-26-2010, 04:50 PM   #2
blakman1313
LQ Newbie
 
Registered: Feb 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Oh, I forgot to add, when I try to start using the GUI, it just freezes (hourglass)...
 
Old 11-26-2010, 05:21 PM   #3
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Slackware 14.0
Posts: 8,464

Rep: Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877
Quote:
-A RH-Firewall-1-INPUT -t nat -o ham0 -j MASQUERADE
What is ham0 ?

Kind regards
 
Old 11-30-2010, 01:48 PM   #4
blakman1313
LQ Newbie
 
Registered: Feb 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Reply to REPO - Ham0

To be honest I have no idea what "ham0" is - my ethernet ports are labeled "eth0" and "eth1"....

[root@linuxbox ~]# ip addr
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:da:b7:fe:78 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.4/24 brd 192.168.0.255 scope global eth0
inet6 fe80::250:daff:feb7:fe78/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:da:2a:4b:0d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.200/24 brd 192.168.1.255 scope global eth1
inet6 fe80::250:daff:fe2a:4b0d/64 scope link
valid_lft forever preferred_lft forever

...however I'm noticing another port that I did not realize existed, and now am wondering if my box has been compromised:

4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0

My network is setup up like this:

linuxbox(Fedora) -->netgear router (192.168.0.x, for SAMBA access on my internal LAN) and a direct connection to my LEAF FW (192.168.1.x. 2 NICs total) --> firewall (LEAF) -->Comcast modem
 
Old 11-30-2010, 09:03 PM   #5
blakman1313
LQ Newbie
 
Registered: Feb 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Further to Repo - sit0

Sorry, forgive my ignorance, but I did a web search and found this:

sit is use to setup of point-to-point tunnel.

sit is an acronym for "simple internet transition" and is basically a device capable of encapsulating ipv6 in ipv4 datagrams.

Believe it or not I do understand that (well, a little), at least enough to know it's not an attack or compromise. And sorry to have gotten off-track, still waiting for an answer to why my linuxbox firewall won't start...
 
Old 11-30-2010, 09:11 PM   #6
blakman1313
LQ Newbie
 
Registered: Feb 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Ham0

A good time back, before it was picked up by LogMeIn, I had attempted an install of Hamachi for linux on this particular machine. It never worked as planned, and I found another way to access my linux distro box from outside of my home network.

Another websearch found that Ham0 is an attempt by the Hamachi program to rename the eth port chosen (this is all assumption from what I've read) -

"So I put it on one of my CC gateway boxes (Home 3.2), but the virtual interface (ham0) seems to live outside the firewall. Kinda defeats the purpose of the whole Hamachi thing..
My simple question is ; How do I tell the CC box that the ham0 interface is a LAN interface, and that is lives inside the firewall, so I can use it for accessing Samba shares?"
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] My CRL file error : PEM routines:PEM_read_bio:no start line:pem_lib jecoso Linux - Newbie 2 09-10-2010 06:00 AM
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 05:25 AM
Error:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIF al.lmco Linux - Newbie 2 03-30-2009 04:09 PM
Failed to start apache :Starting httpd: Syntax error on line 1027 of /etc/httpd/conf/ payjoe Linux - Newbie 3 09-21-2007 07:24 AM
iptables will not start - but no error blizunt7 Linux - Security 1 08-15-2007 02:40 PM


All times are GMT -5. The time now is 08:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration