Problem with configuration script

["Ethan Treviño" <etrevino@mec.edu>]

[-- Attachment #1: Type: text/plain, Size: 3397 bytes --]

Hey,
I have a RedHat 9 system with a Iptables 1.2.7a installed on it.  My
system runs DHCPD off of eth0 (which also is the only ethernet card on
that system).  I want the DHCP clients to be able to access the internet
using DHCP server, so I've been trying to set up NAT.  However, whenever
I run the script (copied below) I get the following error:
 
[root@male sysconfig]# ./myfilters 
iptables: Invalid argument
iptables v1.2.7a: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
./myfilters: line 38: ACCEPT: command not found
 
What changes do I need to make to this script to allow my system to
operate as a NAT server to my DHCP clients?
 
Thanks,
Ethan
 
//////////////////////////////////myfilters/////////////////////////////
/////////////////////////////////////
# set default (policy) rules
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
 
#IP spoofing, deny and packets on the internal network that has an
external source address.
iptables -A INPUT -j LOG -i eth0 \! -s 192.168.1.0/24
iptables -A INPUT -j DROP -i eth0 \! -s 192.168.1.0/24
iptables -A FORWARD -j DROP -i eth0 \! -s 192.168.1.0/24
 
# IP spoofing, deny any outside packets (any not on eth1) that have the
source address of the internal network
iptables -A INPUT -j DROP \! -i eth0 -s 192.168.1.0/24
iptables -A INPUT -j FORWARD \! -i eth0 -s 192.168.1.0/24
 
# IP spoofing, deny any outside packets with localhost address
# (packets not on the lo interface (any on eth0 or eth1) that have the
source address of localhost)
iptables -A INPUT -j DROP -i \! lo -s 127.0.0.0/255.0.0.0
iptables -A FORWARD -j DROP -i \! lo -s 127.0.0.0/255.0.0.0
 
# allow all incoming messages for users on your firewall system
iptables -A INPUT -j ACCEPT -i lo
 
# allow communication to the Web server (address 10.0.0.2), port www
# iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 10.0.0.2
 
# Allow established connections from Web servers to internal network
#iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp
#--sport www -s 10.0.0.2 -d 192.168.1.0/24 -j ACCEPT
 
# Prevent new connection from Web servers to internal network
#iptables -A OUTPUT -m state --state NEW -o eth0 -p tcp --sport www
#-d 192.168.1.0/24 -j DROP
 
# allow established and related outside communications to your system
# allow outside communication to the firewall, except for ICMP packets
iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -p \!
icmp -j
ACCEPT
 
# prevent outside initiated connections
iptables -A INPUT -m state --state NEW -i eth0 -j DROP
iptables -A FORWARD -m state --state NEW -i eth0 -j DROP
 
# allow all local communication to and from the firewall on eth0 from
the local network
iptables -A INPUT -j ACCEPT -p all -i eth0 -s 192.168.1.0/24
 
# Set up masquerading to allow internal machines access to outside
network
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
# Accept ICMP Ping (0 and 8) and Destination unreachable (3) messages
# Others will be rejected by INPUT and OUTPUT DROP policy
iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type echo-reply -d
209.80.243.199
iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type echo-request -d
209.80.243.199
iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type
destination-unreachable -d 209.80.243.199
 
# Turn on IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

[-- Attachment #2: Type: text/html, Size: 6167 bytes --]