You are not logged in.

#1 2004-09-07 09:21:43

dunix
Member
Registered: 2004-08-13
Posts: 35

Running into a wall with Iptables.rules

I trying to set up an arch box with 2 NIC's and get another arch box to get forward to the internet via the first box, i have installed iptables and config'd rc.conf as it needs to be

But when i try to /etc/rc.d/iptables start it says Cannot load iptables rules: /etc/iptables/iptables.rules is missing!

and i have a iptables.rules file taken from simple_firewall

# this drops all tcp connections not in established or related state
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j DROP
COMMIT

Could any of you give me a poke in the right direction ?


Dunix the new Devil amongst Devils

Offline

#2 2004-09-07 18:48:31

IceRAM
Member
From: Bucharest, Romania
Registered: 2004-03-04
Posts: 772
Website

Re: Running into a wall with Iptables.rules

Note: I have no idea what's the format of iptables.rules (and I have no reason to learn this since there is iptables-save/load)

1. use an application to build the firewall rules (gShield/Firestarter/KMyFirewall)
2. once you have everything set, use

iptables-save > /etc/iptables/iptables.rules

3. now you have the previously generated rules saved so that they can be loaded every time your computer boots with the iptables daemon (it's actually a script which calls iptables-load

Offline

#3 2004-09-08 06:12:32

dunix
Member
Registered: 2004-08-13
Posts: 35

Re: Running into a wall with Iptables.rules

Hmm,  im trying to make my server run without X, so would be nice if it could be done without it.


Dunix the new Devil amongst Devils

Offline

#4 2004-09-08 06:18:01

ghostwalker
Member
From: Tacoma, WA
Registered: 2004-07-28
Posts: 140

Re: Running into a wall with Iptables.rules

I find that using a gui to setup a firewall is much easier. I use firestarter. It is simple and sets up more than the firewall parameters also some sysctrl parms.

Walt


P4 2.8Ghz @ 2.8Ghz SL6WT
Zalman CNPS7000-Cu
865PE Neo-2 LS BIOs 2.4
512mb Mushkin Level II
160GB Maxtor HD
Geforce 4 440MX
Antec 3700 1 exhaust and 1 intake fans
Linux 2.6.x
Linux user 314187
ArchLinux

Offline

#5 2004-09-08 06:18:46

ghostwalker
Member
From: Tacoma, WA
Registered: 2004-07-28
Posts: 140

Re: Running into a wall with Iptables.rules

This site may be of help also:

http://jetblackz.freeprohost.com/


P4 2.8Ghz @ 2.8Ghz SL6WT
Zalman CNPS7000-Cu
865PE Neo-2 LS BIOs 2.4
512mb Mushkin Level II
160GB Maxtor HD
Geforce 4 440MX
Antec 3700 1 exhaust and 1 intake fans
Linux 2.6.x
Linux user 314187
ArchLinux

Offline

#6 2004-09-08 08:38:08

IceRAM
Member
From: Bucharest, Romania
Registered: 2004-03-04
Posts: 772
Website

Re: Running into a wall with Iptables.rules

dunix wrote:

Hmm,  im trying to make my server run without X, so would be nice if it could be done without it.

Use gShield (you can find the PKGBUILD) by searching the forums. It is completely config file based, also suitable for servers.

Offline

#7 2004-09-09 02:44:13

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: Running into a wall with Iptables.rules

or...just use iptables...
the rules really aren't that bad..


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#8 2004-09-09 05:44:58

dunix
Member
Registered: 2004-08-13
Posts: 35

Re: Running into a wall with Iptables.rules

Right but i tryed to use iptables, but it didn't want to start, it said the .rules file was missing tho it was there...


Dunix the new Devil amongst Devils

Offline

#9 2004-09-09 18:23:12

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: Running into a wall with Iptables.rules

that is only because it is trying to load a saved iptables rule-set. As part of the iptables install, there should be a file in there called something like rules.basic or something (in the same directory). Just rename this file to what you need (iptables.rules) and then start iptables. Then you can begin creating your ruleset.

I generally prefer to make a shell script (bash) that has my rules in it. The first part of the script clears old rules out, then starts creating the new rules.
This way you can incrementally add things, and even test them on another machine.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

Board footer

Powered by FluxBB