I get an error on line 59 (thats COMMIT??)
[root@primary ~]# /etc/init.d/iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: mangle nat filte[ OK ]
iptables: Unloading modules: iptable_mangle iptable_nat iptable_filter iptable_mangle iptable_nat iptable_filter ip_tables [FAILED]
iptables: Applying firewall rules: iptables-restore: line 59 failed
[FAILED]
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50001 -j DNAT --to-destination 192.168.0.14:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50002 -j DNAT --to-destination 192.168.0.15:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50003 -j DNAT --to-destination 192.168.0.16:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50004 -j DNAT --to-destination 192.168.0.17:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50005 -j DNAT --to-destination 192.168.0.18:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50006 -j DNAT --to-destination 192.168.0.19:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50007 -j DNAT --to-destination 192.168.0.20:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50008 -j DNAT --to-destination 192.168.0.21:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50009 -j DNAT --to-destination 192.168.0.22:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50010 -j DNAT --to-destination 192.168.0.23:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50011 -j DNAT --to-destination 192.168.0.5:1979
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50012 -j DNAT --to-destination 192.168.0.8:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50013 -j DNAT --to-destination 192.168.0.9:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50014 -j DNAT --to-destination 192.168.0.11:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50015 -j DNAT --to-destination 192.168.0.12:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50016 -j DNAT --to-destination 192.168.0.13:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50017 -j DNAT --to-destination 10.0.0.10:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50018 -j DNAT --to-destination 10.0.10.10:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50019 -j DNAT --to-destination 192.168.0.6:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50021 -j DNAT --to-destination 192.168.0.14:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50022 -j DNAT --to-destination 192.168.0.15:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50023 -j DNAT --to-destination 192.168.0.16:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50024 -j DNAT --to-destination 192.168.0.17:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50025 -j DNAT --to-destination 192.168.0.18:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50026 -j DNAT --to-destination 192.168.0.19:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50027 -j DNAT --to-destination 192.168.0.20:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50028 -j DNAT --to-destination 192.168.0.21:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50029 -j DNAT --to-destination 192.168.0.22:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50030 -j DNAT --to-destination 192.168.0.23:9001
-A PREROUTING -i eth2 -p udp -m udp --dport 88 -j DNAT --to-destination 192.168.0.30
-A PREROUTING -i eth2 -p tcp -m tcp --dport 3074 -j DNAT --to-destination 192.168.0.30
-A PREROUTING -i eth2 -p udp -m udp --dport 3074 -j DNAT --to-destination 192.168.0.30
-A PREROUTING -i eth2 -p tcp -m tcp --dport 27177 -j DNAT --to-destination 192.168.0.36
-A PREROUTING -i eth2 -p udp -m udp --dport 27177 -j DNAT --to-destination 192.168.0.36
-A PREROUTING -i eth2 -p tcp -m tcp --dport 27178 -j DNAT --to-destination 192.168.0.36
-A PREROUTING -i eth2 -p udp -m udp --dport 27178 -j DNAT --to-destination 192.168.0.36
-A PREROUTING -i eth2 -p udp -m udp --dport 1701 -j DNAT --to-destination 192.168.0.36
-A POSTROUTING -o eth+ -j MASQUERADE
-A POSTROUTING -s 192.168.0.30/32 -p udp -m udp --sport 88 -j MASQUERADE --to-ports 88
-A POSTROUTING -s 192.168.0.30/32 -p tcp -m tcp --sport 3074 -j MASQUERADE --to-ports 3074
-A POSTROUTING -s 192.168.0.30/32 -p udp -m udp --sport 3074 -j MASQUERADE --to-ports 3074
-A POSTROUTING -s 192.168.0.36/32 -p tcp -m tcp --sport 27177 -j MASQUERADE --to-ports 27177
-A POSTROUTING -s 192.168.0.36/32 -p udp -m udp --sport 27177 -j MASQUERADE --to-ports 27177
-A POSTROUTING -s 192.168.0.36/32 -p tcp -m tcp --sport 27178 -j MASQUERADE --to-ports 27178
-A POSTROUTING -s 192.168.0.36/32 -p udp -m udp --sport 27178 -j MASQUERADE --to-ports 27178
-A POSTROUTING -s 192.168.0.36/32 -p udp -m udp --sport 1701 -j MASQUERADE --to-ports 1701
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:ASL-BLACKLIST - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth+ -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1194 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 123 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 123 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1723 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1900 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1900 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 30000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 49200 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth+ -j ACCEPT
-A FORWARD -o eth+ -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Help with iptables
-
mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Help with iptables
Thats normal if ASL is configured to lock the kernel and harmless.iptables: Unloading modules: iptable_mangle iptable_nat iptable_filter iptable_mangle iptable_nat iptable_filter ip_tables [FAILED]
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Help with iptables
Hi Mike,
Many thanks! I was looking it over and over and could not figure out why a second commit on the next set of rules was a line failed.
As everything seems to be working.
Thanks again!
Many thanks! I was looking it over and over and could not figure out why a second commit on the next set of rules was a line failed.
As everything seems to be working.
Thanks again!