You are not logged in.
Pages: 1
I trying to set up an arch box with 2 NIC's and get another arch box to get forward to the internet via the first box, i have installed iptables and config'd rc.conf as it needs to be
But when i try to /etc/rc.d/iptables start it says Cannot load iptables rules: /etc/iptables/iptables.rules is missing!
and i have a iptables.rules file taken from simple_firewall
# this drops all tcp connections not in established or related state
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j DROP
COMMIT
Could any of you give me a poke in the right direction ?
Dunix the new Devil amongst Devils
Offline
Note: I have no idea what's the format of iptables.rules (and I have no reason to learn this since there is iptables-save/load)
1. use an application to build the firewall rules (gShield/Firestarter/KMyFirewall)
2. once you have everything set, use
iptables-save > /etc/iptables/iptables.rules
3. now you have the previously generated rules saved so that they can be loaded every time your computer boots with the iptables daemon (it's actually a script which calls iptables-load
:: / my web presence
Offline
Hmm, im trying to make my server run without X, so would be nice if it could be done without it.
Dunix the new Devil amongst Devils
Offline
I find that using a gui to setup a firewall is much easier. I use firestarter. It is simple and sets up more than the firewall parameters also some sysctrl parms.
Walt
P4 2.8Ghz @ 2.8Ghz SL6WT
Zalman CNPS7000-Cu
865PE Neo-2 LS BIOs 2.4
512mb Mushkin Level II
160GB Maxtor HD
Geforce 4 440MX
Antec 3700 1 exhaust and 1 intake fans
Linux 2.6.x
Linux user 314187
ArchLinux
Offline
This site may be of help also:
P4 2.8Ghz @ 2.8Ghz SL6WT
Zalman CNPS7000-Cu
865PE Neo-2 LS BIOs 2.4
512mb Mushkin Level II
160GB Maxtor HD
Geforce 4 440MX
Antec 3700 1 exhaust and 1 intake fans
Linux 2.6.x
Linux user 314187
ArchLinux
Offline
Hmm, im trying to make my server run without X, so would be nice if it could be done without it.
Use gShield (you can find the PKGBUILD) by searching the forums. It is completely config file based, also suitable for servers.
:: / my web presence
Offline
or...just use iptables...
the rules really aren't that bad..
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Right but i tryed to use iptables, but it didn't want to start, it said the .rules file was missing tho it was there...
Dunix the new Devil amongst Devils
Offline
that is only because it is trying to load a saved iptables rule-set. As part of the iptables install, there should be a file in there called something like rules.basic or something (in the same directory). Just rename this file to what you need (iptables.rules) and then start iptables. Then you can begin creating your ruleset.
I generally prefer to make a shell script (bash) that has my rules in it. The first part of the script clears old rules out, then starts creating the new rules.
This way you can incrementally add things, and even test them on another machine.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
Pages: 1