LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-01-2006, 05:28 PM   #31
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379

Quote:
Originally Posted by MrSako
how do i make it "set right"
make it look like the one from my script... or better yet, use my script...
 
Old 08-01-2006, 05:47 PM   #32
MrSako
Member
 
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185

Original Poster
Rep: Reputation: 30
i did. the contents of iptables_script is

Quote:
#!/bin/sh

IPT="/sbin/iptables"

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 -m multiport --dports \
21,22,25,80,110,10000 -m state --state NEW -j ACCEPT
and i did chmod +x becasue i beleive you need that for it to have permission to execute
 
Old 08-01-2006, 05:49 PM   #33
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
does "/bin/sh" exist on your install?? it should be a link to your shell...
Code:
win32sux@carly:~$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 2006-07-29 17:15 /bin/sh -> bash
if not, then either make the link, or adjust the shebang (like to #!/bin/bash for example)...
 
Old 08-01-2006, 06:09 PM   #34
MrSako
Member
 
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185

Original Poster
Rep: Reputation: 30
i think i do?

> ls -l /bin/sh
lrwxr-xr-x 1 root root 4 May 26 22:56 /bin/sh -> bash


it has different permissions or something i think?
 
Old 08-01-2006, 06:16 PM   #35
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by MrSako
i did. the contents of iptables_script is
Code:
#!/bin/sh

IPT="/sbin/iptables"

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT

$IPT -A INPUT -p TCP -i eth0 -m multiport --dports \
21,22,25,80,110,10000 -m state --state NEW -j ACCEPT
and i did chmod +x becasue i beleive you need that for it to have permission to execute
i actually thought you were trying to get the cleanup/reset script to work, not this one... i thought you weren't gonna run this one until you were sure cron would cleanup all your chains at a certain time...

Quote:
Originally Posted by MrSako
i think i do?

> ls -l /bin/sh
lrwxr-xr-x 1 root root 4 May 26 22:56 /bin/sh -> bash


it has different permissions or something i think?
try setting the shebang to /bin/bash then...

i think something funny is going-on here, i'm just not sure what it is...
 
Old 08-01-2006, 06:26 PM   #36
MrSako
Member
 
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185

Original Poster
Rep: Reputation: 30
how do i set shebang to /bin/bash? whats a shebang?
 
Old 08-01-2006, 06:30 PM   #37
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by MrSako
how do i set shebang to /bin/bash? whats a shebang?
by editing the text... this is a shebang: http://en.wikipedia.org/wiki/Shebang_(Unix)

change this:
Code:
#!/bin/sh
to this:
Code:
#!/bin/bash

Last edited by win32sux; 08-01-2006 at 06:34 PM.
 
Old 08-01-2006, 06:37 PM   #38
MrSako
Member
 
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185

Original Poster
Rep: Reputation: 30
ok i get the shebanh thing now

/bin/bash still doesnt work

i remebered stuff like this you had to set when creating a user (it was called the shell) the root user is set to /bin/bash (if that matters)
 
Old 08-01-2006, 06:40 PM   #39
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
create a text file called test.sh with this content:
Code:
#!/bin/bash
echo "Testing"
make it executable:
Code:
chmod a+x test.sh
execute it like this:
Code:
./test.sh
and post the output here...

Last edited by win32sux; 08-01-2006 at 06:41 PM.
 
Old 08-01-2006, 06:45 PM   #40
MrSako
Member
 
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185

Original Poster
Rep: Reputation: 30
[root@vps local]# chmod a+x test.sh
[root@vps local]# ./test.sh
: bad interpreter: No such file or directory
 
Old 08-01-2006, 06:51 PM   #41
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by MrSako
[root@vps local]# chmod a+x test.sh
[root@vps local]# ./test.sh
: bad interpreter: No such file or directory
not sure what to tell you then my friend... i think you should wait a few hours to see if someone who knows what could be causing this behavior reads this thread and posts a solution... or maybe you'll figure it out on your own... but aside from that, you should probably open a new thread for this (software forum), cuz it's a completely different issue... once you have this sorted out, then we can continue with the iptables... you need to be able to execute shell scripts in order to work with iptables scripts... i hope you get this worked-out somehow... i personally don't have any ideas, though...
 
Old 08-01-2006, 06:58 PM   #42
MrSako
Member
 
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185

Original Poster
Rep: Reputation: 30
could this have anything to do with the enviroment variables or anything like that
i know ive had other issues with enviroment variables etc in other server problems. my VPS host did some freaky setup and aren't willing to do anything about it (im probally gonna get a new host sooner or later)
 
Old 08-01-2006, 07:01 PM   #43
MrSako
Member
 
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185

Original Poster
Rep: Reputation: 30
if i type in this line by line...


iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT

iptables -F
iptables -F -t nat
iptables -F -t mangle

iptables -X
iptables -X -t nat
iptables -X -t mangle

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -p TCP -i eth0 -m multiport --dports \ 21,22,25,80,110,10000 -m state --state NEW -j ACCEPT

would it create the same sort of affect? is there way to clear all previous rules (and test that it is)?
 
Old 08-01-2006, 07:59 PM   #44
MrSako
Member
 
Registered: May 2006
Distribution: CentOS 4.4
Posts: 185

Original Poster
Rep: Reputation: 30
ok i got it to execute

it said something like

iptables: no iptable or chain with that name exists or something

my shell closed becasue the connection timed out. and all my servers are no accesable. so something happened

in about 5 minutes lets hope i can go in and investiage

is there something i should look for?
 
Old 08-01-2006, 08:05 PM   #45
catworld
Member
 
Registered: Nov 2004
Location: Horseheads, New York
Distribution: Mandriva 2010.1 / KDE 4.5.2, Slax, Knoppix, Backtrack & etc...
Posts: 198

Rep: Reputation: 36
I had asked where you reside there MrSeko, and now wonder exactly what you're using there vis software and hardware. It sounds to me your basic setup is something I have never heard of, remotely contemplated, or understand in the least. I agree with win32sux, you have a problem beyond anything I've ever heard of. On my end, internet access is stupid-simple and iptables is a dream come true.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
10.0 creating problems with iptables ryedunn Mandriva 1 03-15-2004 12:11 AM
iptables -creating logs chrisfirestar Linux - Security 5 02-13-2004 07:17 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration