LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-23-2003, 09:32 PM   #1
bripage
Member
 
Registered: Jan 2002
Location: Moorpark
Distribution: SLACK 8!
Posts: 230

Rep: Reputation: 30
rc.inet2... -f or -x options?!?


what is the difference in this...




if [ -x /usr/sbin/iptables ] ;then
/usr/sbin/iptables -t nat -A POSTROUTING -o pppO -j MASQUERADE
echo "Loading IPTABLES: /usr/sbin/iptables"
fi




or




if [ -f /usr/sbin/iptables ] ;then
/usr/sbin/iptables -t nat -A POSTROUTING -o pppO -j MASQUERADE
echo "Loading IPTABLES: /usr/sbin/iptables"
fi



The only thing different it the -f or -x option .. .I dont understand what the difference these to make. Which one do I have to have to perfomr the function I want correctly?
 
Old 04-23-2003, 09:50 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
-x checks for existence,
-f checks for existence and whether it's a regular
file ...

So if somebody created a pipe or a symlink
/usr/sbin/iptabes the latter snippet wouldn't run it :)

Cheers,
Tink
 
Old 04-23-2003, 09:55 PM   #3
bripage
Member
 
Registered: Jan 2002
Location: Moorpark
Distribution: SLACK 8!
Posts: 230

Original Poster
Rep: Reputation: 30
now... for some reason everytime I start my box.... when it somes time to load the section for ip tables ... I get a response :

/usr/sbin/iptables: Enabling: command not found


What am I doing wrong here?
 
Old 04-23-2003, 10:02 PM   #4
bripage
Member
 
Registered: Jan 2002
Location: Moorpark
Distribution: SLACK 8!
Posts: 230

Original Poster
Rep: Reputation: 30
Well.. I wrote it this way:


if [ -x /usr/sbin/iptables ] ; then
echo "Starting iptables: /usr/sbin/iptables . /usr/sbin/iptables -t nat -A POSTROUTING -o pppO -j MASQUERADE
fi


Then I restarted, and I didnt get that message.. so I asumed that it worked.
 
Old 04-23-2003, 10:03 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Guess I'd need a bigger chunk of
your script to be able to tell, :) and
a bit more of the output context.

Cheers,
Tink
 
Old 04-23-2003, 10:07 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
To see whether it worked or not, do
iptables -L
in a shell ... if you see some sensible
output it might have ;)

However, I miss the closing " in your
snippet and would be quite surprised
if it worked ;)

Cheers,
Tink
 
Old 04-23-2003, 10:13 PM   #7
bripage
Member
 
Registered: Jan 2002
Location: Moorpark
Distribution: SLACK 8!
Posts: 230

Original Poster
Rep: Reputation: 30
yeah the " was in there.. at least on the nix box.. I just forgot it here. But... when I used the iptables -L command, I got:


/usr/sbin/iptables: Enabling: command not found


Ok now Im really confused!
 
Old 04-23-2003, 10:18 PM   #8
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
That's odd, indeed ... are the modules for
iptables loaded? Never seen that one before :)

Try
lsmod
and post the output...


Cheers,
Tink
 
Old 04-23-2003, 10:24 PM   #9
bripage
Member
 
Registered: Jan 2002
Location: Moorpark
Distribution: SLACK 8!
Posts: 230

Original Poster
Rep: Reputation: 30
lsmod results:


Module Size Used by Not tainted
pcmcia_core 40896 0
natsemi 15752 1
8139too 13792 1
mii 1008 0 [8139too]



should I just try to do this in the rc.local file?

Last edited by bripage; 04-23-2003 at 10:29 PM.
 
Old 04-23-2003, 11:37 PM   #10
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Try a

modprobe iptable_filter

and see what it says ... it looks as if
the modules aren't loaded. Or did you
build iptables into the kernel as a fixed
part rather than as modules?

Cheers,
Tink
 
Old 04-23-2003, 11:47 PM   #11
bripage
Member
 
Registered: Jan 2002
Location: Moorpark
Distribution: SLACK 8!
Posts: 230

Original Poster
Rep: Reputation: 30
the modprobe iptable_filter turns up nothing at all.



Hmm...now when I do "iptables -L" I get :

Chain INPUt (policy ACCEPT)
target prot opt source destination

Chain FORWARD ( policy ACCEPT)
" "

Chain OUTPUT (policy ACCEPT)
" "





I got this after I tried doing it and I got a message saying that 1.2.6 might be out dated to the protocol. So I went and upgraded to 1.2.8. now my rc.inet2 section looks like this:



if [ -x /usr/local/sbin/iptables ] ; then
echo "loading iptables: /usr/local/sbin/iptables"
/usr/local/sbin/iptables start -t nat -A POSTROUTING -o pppO -j MASQUERADE
fi



I still dont see anything different in my lsmod read out though. So I really dont know if I acutally did anything or not.

Last edited by bripage; 04-23-2003 at 11:48 PM.
 
Old 04-24-2003, 12:01 AM   #12
bripage
Member
 
Registered: Jan 2002
Location: Moorpark
Distribution: SLACK 8!
Posts: 230

Original Poster
Rep: Reputation: 30
Well.. now after I did the modprobe iptable_filter, I have these showing up:


iptabe_filter 1728 0 (unused)
ip_tables 10432 0 [iptable_filter]



I could just for the modprobe in rc.modules couldnt I? If I did... would that be it?
 
Old 04-24-2003, 02:00 AM   #13
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
My recommendation would be to get yourself
a full-fledged iptables script, say from http://www.linuxguruz.com/iptables/
or so ... if that line with the postrouting
is all you did you're quite a way away
from a working firewall...

Most firewall scripts will load the required
modules for you.

One tool I quite liked is http://easyfwgen.morizot.net/gen/
You feed it with the information of your
setup, and it generates a firewall script
for you

As you are in Slack you could put a
rc.firewall into /etc/rc.d
and have your rc.local call it.


Cheers,
Tink
 
Old 04-24-2003, 01:54 PM   #14
bripage
Member
 
Registered: Jan 2002
Location: Moorpark
Distribution: SLACK 8!
Posts: 230

Original Poster
Rep: Reputation: 30
I got it working. Apperently there was a "." infront of the whole startup line. It just kept screwing it it up. Now, the modules load smothly and so does IP TABLES. The only thing left is to check to make sure that my rc.firewall script is loading and I dont how exaclty to check that. It seems to load fine to me.
 
Old 04-24-2003, 05:02 PM   #15
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Again, iptables -L will list all chains & rules...

If you get more than just
Code:
root@darkstar: ~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
your chains are loaded and active.

If you are online from that box it's safe
to assume that your rules make some
sort of sense ;)

Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
What are my other options? JiggaJerry Fedora 15 03-21-2005 03:53 PM
Lost internet connection after editing rc.inet2 BajaNick Linux - Networking 3 07-04-2004 10:34 PM
Kernel 2.6.2 options question - LOCKED options ? tvojvodi Linux - General 0 02-17-2004 04:23 AM
Slack 9.1 rc.inet2 init script azar92 Slackware 2 10-08-2003 06:41 PM
rc.local - inet1 or inet2 - which one to use? Ryan_Sutton Linux - General 5 07-09-2002 04:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration