-----Original Message----- From: Nathanael Noblet [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 2:10 PM To: [EMAIL PROTECTED] Subject: Re: (clug-talk) Stuck with RH9 iptables install
> Can you post part of the iptables script? Sure. Here is the top of the script: IPTABLES="/sbin/iptables" INTERNET_IP=10.0.0.1 # Internet IP address - actually our local machine for testing OFFICE_IP=192.168.1.1 # Office IP address INTERNET_CARD="eth1" # External interface OFFICE_CARD="eth0" # Office interface DOMAINADD="10.0.0" # Assumes Class C domain. Replace this with your own. FTP_SERVER="192.168.1.250" # FTP Server IP address SOURCEPORTS="32769:65535" DESTPORTS="33434:33523" SSH_SERVER="192.168.1.23" MAIL_SERVER="192.168.1.250" HTTP_SERVER="192.168.1.250 TS_SERVER="192.168.1.250" DNS1="199.185.220.36" DNS2="199.185.220.52" echo "===========================================" echo "FTP SERVER = $FTP_SERVER" echo "MAIL SERVER = $MAIL_SERVER" echo "TERMINAL SERVICES SERVER = $TS_SERVER" echo "SSH SERVER = $SSH_SERVER" echo "ALEXS home IP = $ALEX_HOME" echo "DNS1 = $DNS1" echo "DNS2 = $DNS2" echo "===========================================" # Samba. Uncomment and supply the specific hostname, IP or subnet. # also, uncomment lines for SMBD below. # # SMBNW="192.168.0.0/16" # ------ Mandatory) # Load needed modules. echo "Starting all modules (ip_tables,ip_conntrack,ip_conntrack_ftp,ip_nat_ftp,iptable_nat)." /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp /sbin/modprobe iptable_nat # Uncomment for a router or gateway. # ------ Mandatory) # Flush all rules in all chains, zero them out, and remove user defined chains. echo FLUSH all tables. $IPTABLES -F $IPTABLES -t nat -F $IPTABLES -t mangle -F $IPTABLES -Z $IPTABLES -t nat -Z $IPTABLES -t mangle -Z $IPTABLES -X ... There are a few disturbing things that happen when I run this script (through /sbin/service iptables start): 1. Every blank line that does not start with # produces an error like this: : command not founds: line 11: 2. Lines that start with $IPTABLES (such as in the bottom part of the above sample) produce this error: : No such file or directory84: /sbin/iptables But, as I said in my first message, /sbin/iptables DOES exist on my system. And it is a binary file with "execute" permission ON. And what's more, the very same script on another Linux machine (RH7.2) works without a hitch. However, it seems to me that the major problem is the missing "ip_nat_ftp" module that the script complains about. Following the advice of Juan Alberto Cirez, I attempted to rebuild the kernel and iptables. Hopeless task, since the on-line Tutorials invariably refer to Red Hat 7 and below. For example, they would tell you to run "make" command with "pending-matches" or "patch-o-matic" options - but the actual "make" on RH9 refuses to recognize these options. Perhaps, these commands work fine on RH7, but it is a poor consolation for me at the moment. So, if you or anyone else who reads this message gets some idea about the mess I am in, I would love to hear it. Thank you for looking into this matter. Alex. P.S. I will be working late in the office tonight, so if you want you can call me 252-3282. I am in Calgary.
