store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Tue May 21, 2013 3:12 am

View unanswered posts | View active topics


Board index » Atomicorp Yum Repository Forums » General Help and Development Discussion

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
aus-city
 Post subject: Help with iptables
Unread postPosted: Mon Apr 30, 2012 3:26 am 
Offline
Forum Regular
Forum Regular

Joined: Thu Oct 26, 2006 11:56 pm
Posts: 665
I get an error on line 59 (thats COMMIT??)

[root@primary ~]# /etc/init.d/iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: mangle nat filte[ OK ]
iptables: Unloading modules: iptable_mangle iptable_nat iptable_filter iptable_mangle iptable_nat iptable_filter ip_tables [FAILED]
iptables: Applying firewall rules: iptables-restore: line 59 failed
[FAILED]


*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50001 -j DNAT --to-destination 192.168.0.14:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50002 -j DNAT --to-destination 192.168.0.15:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50003 -j DNAT --to-destination 192.168.0.16:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50004 -j DNAT --to-destination 192.168.0.17:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50005 -j DNAT --to-destination 192.168.0.18:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50006 -j DNAT --to-destination 192.168.0.19:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50007 -j DNAT --to-destination 192.168.0.20:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50008 -j DNAT --to-destination 192.168.0.21:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50009 -j DNAT --to-destination 192.168.0.22:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50010 -j DNAT --to-destination 192.168.0.23:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50011 -j DNAT --to-destination 192.168.0.5:1979
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50012 -j DNAT --to-destination 192.168.0.8:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50013 -j DNAT --to-destination 192.168.0.9:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50014 -j DNAT --to-destination 192.168.0.11:80
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50015 -j DNAT --to-destination 192.168.0.12:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50016 -j DNAT --to-destination 192.168.0.13:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50017 -j DNAT --to-destination 10.0.0.10:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50018 -j DNAT --to-destination 10.0.10.10:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50019 -j DNAT --to-destination 192.168.0.6:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50021 -j DNAT --to-destination 192.168.0.14:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50022 -j DNAT --to-destination 192.168.0.15:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50023 -j DNAT --to-destination 192.168.0.16:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50024 -j DNAT --to-destination 192.168.0.17:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50025 -j DNAT --to-destination 192.168.0.18:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50026 -j DNAT --to-destination 192.168.0.19:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50027 -j DNAT --to-destination 192.168.0.20:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50028 -j DNAT --to-destination 192.168.0.21:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50029 -j DNAT --to-destination 192.168.0.22:9001
-A PREROUTING -i eth2 -p tcp -m tcp --dport 50030 -j DNAT --to-destination 192.168.0.23:9001
-A PREROUTING -i eth2 -p udp -m udp --dport 88 -j DNAT --to-destination 192.168.0.30
-A PREROUTING -i eth2 -p tcp -m tcp --dport 3074 -j DNAT --to-destination 192.168.0.30
-A PREROUTING -i eth2 -p udp -m udp --dport 3074 -j DNAT --to-destination 192.168.0.30
-A PREROUTING -i eth2 -p tcp -m tcp --dport 27177 -j DNAT --to-destination 192.168.0.36
-A PREROUTING -i eth2 -p udp -m udp --dport 27177 -j DNAT --to-destination 192.168.0.36
-A PREROUTING -i eth2 -p tcp -m tcp --dport 27178 -j DNAT --to-destination 192.168.0.36
-A PREROUTING -i eth2 -p udp -m udp --dport 27178 -j DNAT --to-destination 192.168.0.36
-A PREROUTING -i eth2 -p udp -m udp --dport 1701 -j DNAT --to-destination 192.168.0.36
-A POSTROUTING -o eth+ -j MASQUERADE
-A POSTROUTING -s 192.168.0.30/32 -p udp -m udp --sport 88 -j MASQUERADE --to-ports 88
-A POSTROUTING -s 192.168.0.30/32 -p tcp -m tcp --sport 3074 -j MASQUERADE --to-ports 3074
-A POSTROUTING -s 192.168.0.30/32 -p udp -m udp --sport 3074 -j MASQUERADE --to-ports 3074
-A POSTROUTING -s 192.168.0.36/32 -p tcp -m tcp --sport 27177 -j MASQUERADE --to-ports 27177
-A POSTROUTING -s 192.168.0.36/32 -p udp -m udp --sport 27177 -j MASQUERADE --to-ports 27177
-A POSTROUTING -s 192.168.0.36/32 -p tcp -m tcp --sport 27178 -j MASQUERADE --to-ports 27178
-A POSTROUTING -s 192.168.0.36/32 -p udp -m udp --sport 27178 -j MASQUERADE --to-ports 27178
-A POSTROUTING -s 192.168.0.36/32 -p udp -m udp --sport 1701 -j MASQUERADE --to-ports 1701
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:ASL-BLACKLIST - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth+ -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1194 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 123 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 123 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1723 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1900 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1900 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 30000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 49200 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth+ -j ACCEPT
-A FORWARD -o eth+ -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Top
 Profile  
 
mikeshinn
 Post subject: Re: Help with iptables
Unread postPosted: Tue May 01, 2012 7:15 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3243
Location: Chantilly, VA
Quote:
iptables: Unloading modules: iptable_mangle iptable_nat iptable_filter iptable_mangle iptable_nat iptable_filter ip_tables [FAILED]


Thats normal if ASL is configured to lock the kernel and harmless.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
aus-city
 Post subject: Re: Help with iptables
Unread postPosted: Tue May 01, 2012 9:41 pm 
Offline
Forum Regular
Forum Regular

Joined: Thu Oct 26, 2006 11:56 pm
Posts: 665
Hi Mike,

Many thanks! I was looking it over and over and could not figure out why a second commit on the next set of rules was a line failed.

As everything seems to be working.

Thanks again!
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 

Board index » Atomicorp Yum Repository Forums » General Help and Development Discussion

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group