On 01/05/06, Toby Cubitt <[EMAIL PROTECTED]> wrote:
I was confused because the error below is from the gentoo iptables
init script, not from your script.
> ==============================
> # /etc/init.d/iptables restart
> * Loading iptables state and starting firewall ...
> iptables-restore v1.3.4: iptables-restore: unable to initializetable 'nat'
>
> Error occurred at line: 8
> Try `iptables-restore -h' or 'iptables-restore --help' for more
> information. [ !! ]
> ==============================
That's right. My script is not particularly verbose..
============================
# ./fw_script.sh start
Starting firewall...
============================
Checking if rules are initialised, everything looks OK as far as I can tell:
============================
# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- !eth0 any anywhere
anywhere
0 0 ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED
0 0 DROP tcp -- eth0 any anywhere
anywhere
1 229 DROP udp -- eth0 any anywhere
anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 774 packets, 144K bytes)
pkts bytes target prot opt in out source destination
============================
It looks like it's trying to define NAT rules, even though you don't
use NAT. Maybe the old rules saved by gentoo's iptables init script
included some NAT rules?
Hmm, I don't know. Where would it get its NAT rules from? My fw
script? As Daniel guides us in his commented script I have entered
NAT=" " (blank), to disable NATing.
If, after I start the fw script I run /etc/init.d/iptables save, I get:
============================
# /etc/init.d/iptables save
* Saving iptables state ...
============================
No errors here.
When I run ./fw_script.sh stop it comes back with this error:
============================
# ./fw_script.sh stop
Stopping firewall...
iptables v1.3.4: can't initialize iptables table `nat': Table does not
exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
============================
Despite this error message the fw is stopped because iptables -L -v
shows that the chains are flushed.
Does running "/etc/init.d/iptables stop", then running your script,
then running "/etc/init.d/iptables save", then
"/etc/init.d/iptables start" help at all?
Let's see:
============================
# /etc/init.d/iptables stop
* ERROR: "iptables" has not yet been started.
# ./fw_script.sh start
Starting firewall...
# /etc/init.d/iptables save
* Saving iptables state ...
# /etc/init.d/iptables start
* Loading iptables state and starting firewall ...
============================
No problem. Rebooting thereafter comes up *without* the error. So
the error is caused by the state in which the iptables are saved using
the ./fw_script stop command. Something's amiss with the script then,
given the latest kernel chages.
Thanks for all your responses. I am getting there! :-) Any more ideas?
--
Regards,
Mick
--
[email protected] mailing list
