Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have got a problem with my iptables. Setting this firewall up is a part of a school project. Problem is everything worked when i left the machine last week, now when i try to start iptables i get this message:
iptables: Chain already exists
iptables v1.2.6a: Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so:
cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
As far as i know, noone have had access to the machine through the weekend as the school have been closed, so i got no idea what happend or what to do to fix this, my iptables script looks like this:
#Laver en ny kæde
iptables -N block
#Tillader alt lokal traffik
iptables -A INPUT -i lo -j ACCEPT
#Router pakker fra 172.17.1.0 til 217.60.180.25
iptables -t nat -A POSTROUTING -s 172.17.1.0/24 -d "!" 172.17.1.0/24 -j SNAT --to $EXTIP
#Router pakker fra 172.17.2.0 til 217.60.180.25
iptables -t nat -A POSTROUTING -s 172.17.2.0/24 -d "!" 172.17.2.0/24 -j SNAT --to $EXTIP
#Router pakker fra 172.17.1.0 til 172.17.2.0
iptables -t nat -A PREROUTING -d 172.17.1.0/24 -j DNAT --to $INTIP
#Router pakker fra 172.17.2.0 til 172.17.1.0
iptables -t nat -A PREROUTING -d 172.17.2.0/24 -j DNAT --to $DMZIP
#Tillader forbindelser der er oprettet
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
#Tillader nye forbindelser der kommer fra internt netværk (eth1 og eth2)
iptables -A block -m state --state NEW -i eth1 -j ACCEPT
iptables -A block -m state --state NEW -i eth2 -j ACCEPT
#Kobler block kæden på INPUT OG FORWARD
iptables -A INPUT -j block
iptables -A FORWARD -j block
#Ãbner for port 21,22,25,80 og 110 pÃ¥ eth0
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -i eth0 -j ACCEPT
#Tillader Forwarding af port 21,25,80 og 110
iptables -A FORWARD -p tcp --dport 21 -i eth0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -i eth0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -i eth0 -j ACCPET
iptables -A FORWARD -p tcp --dport 110 -i eth0 -j ACCEPT
#Forwarder alle pakker der kommer på port 21,25,80 og 110 til den respektive server
iptables -t nat -A PREROUTING -p tcp --dport 21 -d 217.60.180.25 -j DNAT --to 172.17.1.10
iptables -t nat -A PREROUTING -p tcp --dport 25 -d 217.60.180.25 -j DNAT --to 172.17.1.10
iptables -t nat -A PREROUTING -p tcp --dport 80 -d 217.60.180.25 -j DNAT --to 172.17.1.10
iptables -t nat -A PREROUTING -p tcp --dport 110 -d 217.60.180.25 -j DNAT --to 172.17.1.10
And im running Red Hat 8.0 if thats any relevant information
iptables: Chain already exists
Might need to add flush rules at the beginning in case you already have some rules defined when you run the script.
iptables v1.2.6a: Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so:
There's your hint, look how ACCEPT is spelled in the above error message (or miss-spelled in this case)
Code:
#Ip Adresses
DMZIP=172.17.2.1
INTIP=172.17.1.1
EXTIP=217.60.180.25
#Tillad Forwaring af Pakker
echo "1" > /proc/sys/net/ipv4/ip_forward
#Lukker alt INPUT og FORWARD
iptables -P INPUT DROP
iptables -P FORWARD DROP
#Tillader OUTPUT traffik
iptables -P OUTPUT ACCEPT
#Sletter gammel konfiguration
iptables -F
iptables -t nat -F
#Laver en ny kæde
iptables -N block
#Tillader alt lokal traffik
iptables -A INPUT -i lo -j ACCEPT
#Router pakker fra 172.17.1.0 til 217.60.180.25
iptables -t nat -A POSTROUTING -s 172.17.1.0/24 -d "!" 172.17.1.0/24 -j SNAT --to $EXTIP
#Router pakker fra 172.17.2.0 til 217.60.180.25
iptables -t nat -A POSTROUTING -s 172.17.2.0/24 -d "!" 172.17.2.0/24 -j SNAT --to $EXTIP
#Router pakker fra 172.17.1.0 til 172.17.2.0
iptables -t nat -A PREROUTING -d 172.17.1.0/24 -j DNAT --to $INTIP
#Router pakker fra 172.17.2.0 til 172.17.1.0
iptables -t nat -A PREROUTING -d 172.17.2.0/24 -j DNAT --to $DMZIP
#Tillader forbindelser der er oprettet
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
#Tillader nye forbindelser der kommer fra internt netværk (eth1 og eth2)
iptables -A block -m state --state NEW -i eth1 -j ACCEPT
iptables -A block -m state --state NEW -i eth2 -j ACCEPT
#Kobler block kæden på INPUT OG FORWARD
iptables -A INPUT -j block
iptables -A FORWARD -j block
#Ãbner for port 21,22,25,80 og 110 pÃ¥ eth0
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -i eth0 -j ACCEPT
#Tillader Forwarding af port 21,25,80 og 110
iptables -A FORWARD -p tcp --dport 21 -i eth0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -i eth0 -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -i eth0 -j ACCPET <-----------------------------
iptables -A FORWARD -p tcp --dport 110 -i eth0 -j ACCEPT
Originally posted by Capt_Caveman
iptables: Chain already exists
Might need to add flush rules at the beginning in case you already have some rules defined when you run the script.
iptables v1.2.6a: Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so:
There's your hint, look how ACCEPT is spelled in the above error message (or miss-spelled in this case)
Hope that helps.
Thanks alot, didnt even notice that, works fine again now..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.