I have got a problem with my iptables. Setting this firewall up is a part of a school project. Problem is everything worked when i left the machine last week, now when i try to start iptables i get this message:

iptables: Chain already exists
iptables v1.2.6a: Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so:
cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.


As far as i know, noone have had access to the machine through the weekend as the school have been closed, so i got no idea what happend or what to do to fix this, my iptables script looks like this:

#!/bin/sh

#Ip Adresses
DMZIP=172.17.2.1
INTIP=172.17.1.1
EXTIP=217.60.180.25

#Tillad Forwaring af Pakker
echo "1" > /proc/sys/net/ipv4/ip_forward

#Lukker alt INPUT og FORWARD
iptables -P INPUT DROP
iptables -P FORWARD DROP

#Tillader OUTPUT traffik
iptables -P OUTPUT ACCEPT
#Sletter gammel konfiguration
iptables -F
iptables -t nat -F

#Laver en ny kæde
iptables -N block
#Tillader alt lokal traffik
iptables -A INPUT -i lo -j ACCEPT

#Router pakker fra 172.17.1.0 til 217.60.180.25
iptables -t nat -A POSTROUTING -s 172.17.1.0/24 -d "!" 172.17.1.0/24 -j SNAT --to $EXTIP

#Router pakker fra 172.17.2.0 til 217.60.180.25
iptables -t nat -A POSTROUTING -s 172.17.2.0/24 -d "!" 172.17.2.0/24 -j SNAT --to $EXTIP

#Router pakker fra 172.17.1.0 til 172.17.2.0
iptables -t nat -A PREROUTING -d 172.17.1.0/24 -j DNAT --to $INTIP

#Router pakker fra 172.17.2.0 til 172.17.1.0
iptables -t nat -A PREROUTING -d 172.17.2.0/24 -j DNAT --to $DMZIP

#Tillader forbindelser der er oprettet
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT

#Tillader nye forbindelser der kommer fra internt netværk (eth1 og eth2)
iptables -A block -m state --state NEW -i eth1 -j ACCEPT
iptables -A block -m state --state NEW -i eth2 -j ACCEPT

#Kobler block kæden på INPUT OG FORWARD
iptables -A INPUT -j block
iptables -A FORWARD -j block

#Ãbner for port 21,22,25,80 og 110 pÃ¥ eth0
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -i eth0 -j ACCEPT

#Tillader Forwarding af port 21,25,80 og 110
iptables -A FORWARD -p tcp --dport 21 -i eth0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -i eth0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -i eth0 -j ACCPET
iptables -A FORWARD -p tcp --dport 110 -i eth0 -j ACCEPT

#Forwarder alle pakker der kommer på port 21,25,80 og 110 til den respektive server
iptables -t nat -A PREROUTING -p tcp --dport 21 -d 217.60.180.25 -j DNAT --to 172.17.1.10
iptables -t nat -A PREROUTING -p tcp --dport 25 -d 217.60.180.25 -j DNAT --to 172.17.1.10
iptables -t nat -A PREROUTING -p tcp --dport 80 -d 217.60.180.25 -j DNAT --to 172.17.1.10
iptables -t nat -A PREROUTING -p tcp --dport 110 -d 217.60.180.25 -j DNAT --to 172.17.1.10

And im running Red Hat 8.0 if thats any relevant information

iptables: Chain already exists
Might need to add flush rules at the beginning in case you already have some rules defined when you run the script.

iptables v1.2.6a: Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so:
There's your hint, look how ACCEPT is spelled in the above error message (or miss-spelled in this case)

Hope that helps.

Thanks alot, didnt even notice that, works fine again now..

It's always the little things that get you with iptables