From: Alberto Negri <negri@cs.unibo.it>
To: netfilter@lists.netfilter.org
Subject: Re: hi all
Date: Mon, 16 Oct 2006 11:02:01 +0000 [thread overview]
Message-ID: <20061016110201.58e06085@localhost> (raw)
In-Reply-To: <20061015171523.3ac5ebe3@localhost>
On Sun, 15 Oct 2006 17:15:23 +0000
Alberto Negri <negri@cs.unibo.it> wrote:
any suggestions?
am i wrong Mailing list?
ping :)
Alberto
> hi all,
>
> i post here after spoke with people into #iptables irc channel
> in particular with "Taube". At the end of my problem explanation
> he suggested me to use a script instead of iptables-{save,restore}
> commands, but reading iptables tutorial in particular here:
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html#SAVEANDRESTORE
> i get the advice to use iptables-{save,restore} instead of a bash script...now i
> thought to post here...
> So now my problem:
>
> Using iptables-{save,restore} on a gentoo box iptables crashes at start up.
> my error message(doing /etc/init.d/iptables start):
>
> * Caching service
> dependencies ...
> [ ok ]
> * Loading iptables state and starting firewall ...
> /etc/init.d/iptables: line 57: 9820 Segmentation fault
> ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS}
> <"${iptables_save}" [ !! ]
>
> where my iptables rule file is(cat /etc/conf.d/iptables| grep -v ^$ | grep -v ^#):
>
> IPTABLES_SAVE="/var/lib/iptables/firewall"
> SAVE_RESTORE_OPTIONS="-c"
> SAVE_ON_STOP="yes"
>
> contents of firewall file(cat /var/lib/iptables/firewall)[i dropped some my comments, starting with
> '#' before post]:
> (Taube told me it is right...anyway i post it)
> # Generated by iptables-save v1.3.5 on Sun Oct 8 18:08:12 2006
> *raw
> :PREROUTING ACCEPT
> :OUTPUT ACCEPT
> COMMIT
> # Completed on Sun Oct 8 18:08:12 2006
> # Generated by iptables-save v1.3.5 on Sun Oct 8 18:08:12 2006
> *nat
> :PREROUTING ACCEPT
> :POSTROUTING ACCEPT
> :OUTPUT ACCEPT
> -A POSTROUTING -o ppp0 -j MASQUERADE
> COMMIT
> # Completed on Sun Oct 8 18:08:12 2006
> # Generated by iptables-save v1.3.5 on Sun Oct 8 18:08:12 2006
> *mangle
> :PREROUTING ACCEPT
> :INPUT ACCEPT
> :FORWARD ACCEPT
> :OUTPUT ACCEPT
> :POSTROUTING ACCEPT
> COMMIT
> # Completed on Sun Oct 8 18:08:12 2006
> # Generated by iptables-save v1.3.5 on Sun Oct 8 18:08:12 2006
> *filter
> :INPUT DROP
> :FORWARD DROP
> :OUTPUT DROP
> :INBOUND -
> :LOG_FILTER -
> :LSI -
> :LSO -
> :OUTBOUND -
> -A INPUT -p tcp -m tcp --dport 2001 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2667 -j ACCEPT
> -A INPUT -p icmp -m limit --limit 10/min -j ACCEPT
> -A INPUT -i eth1 -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -s 193.70.192.25 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 193.70.192.25 -p udp -j ACCEPT
> -A INPUT -s 212.48.4.15 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 212.48.4.15 -p udp -j ACCEPT
> -A INPUT -s 62.211.69.150 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 62.211.69.150 -p udp -j ACCEPT
> -A INPUT -s 62.101.80.80 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 62.101.80.80 -p udp -j ACCEPT
> -A INPUT -s 130.136.1.110 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 130.136.1.110 -p udp -j ACCEPT
> -A FORWARD -j ACCEPT
> -A OUTPUT -o ppp0 -j OUTBOUND
> -A OUTPUT -o eth1 -j OUTBOUND
> -A OUTPUT -d 193.70.192.25 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 193.70.192.25 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 212.48.4.15 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 212.48.4.15 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.211.69.150 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.211.69.150 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.101.80.80 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.101.80.80 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 130.136.1.110 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 130.136.1.110 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTBOUND -j ACCEPT
> COMMIT
> # Completed on Sun Oct 8 18:08:12 2006
>
>
> where those are DNS:
> 193.70.192.25
> 212.48.4.15
> 62.211.69.150
> 62.101.80.80
> 130.136.1.110
>
> theese are my gentoo configurations options(emerge --info):
>
> Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686)
> =================================================================
> System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 1800+
> Gentoo Base System version 1.12.5
> Last Sync: Sun, 15 Oct 2006 10:30:01 +0000
> distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
> ccache version 2.3 [enabled]
> app-admin/eselect-compiler: [Not Present]
> dev-java/java-config: 1.3.7, 2.0.30
> dev-lang/python: 2.4.3-r4
> dev-python/pycrypto: 2.0.1-r5
> dev-util/ccache: 2.3
> dev-util/confcache: [Not Present]
> sys-apps/sandbox: 1.2.17
> sys-devel/autoconf: 2.13, 2.59-r7
> sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
> sys-devel/binutils: 2.16.1-r3
> sys-devel/gcc-config: 1.3.13-r4
> sys-devel/libtool: 1.5.22
> virtual/os-headers: 2.6.17-r1
> ACCEPT_KEYWORDS="x86"
> AUTOCLEAN="yes"
> CBUILD="i686-pc-linux-gnu"
> CFLAGS="-mtune=athlon-xp -march=athlon-xp -O2 -pipe"
> CHOST="i686-pc-linux-gnu"
> CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
> /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/
> /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
> CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
> CXXFLAGS="-mtune=athlon-xp -march=athlon-xp -O2 -pipe"
> DISTDIR="/usr/portage/distfiles"
> FEATURES="autoconfig ccache distlocks fixpackages metadata-transfer sandbox sfperms strict"
> GENTOO_MIRRORS="ftp://lug.mtu.edu/gentoo http://mirror.phy.olemiss.edu/mirror/gentoo
> http://mirror.mcs.anl.gov/pub/gentoo/ http://mirror.uni-c.dk/pub/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ ftp://trumpetti.atm.tut.fi/gentoo/
> http://pandemonium.tiscali.de/pub/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ http://gentoo.intergenia.de ftp://files.gentoo.org http://files.gentoo.org ftp://ftp.ntua.gr/pub/linux/gentoo/ http://ftp.ntua.gr/pub/linux/gentoo/ ftp://ftp.uoi.gr/mirror/OS/gentoo/
> http://ftp.uoi.gr/mirror/OS/gentoo/ http://ftp.physics.auth.gr/pub/mirrors/gentoo/ ftp://ftp.physics.auth.gr/pub/mirrors/gentoo/ ftp://mirror.scarlet-internet.nl/pub/gentoo
> http://mirror.gentoo.no/ http://darkstar.ist.utl.pt/gentoo/ ftp://darkstar.ist.utl.pt/pub/gentoo/ http://mirror.switch.ch/ftp/mirror/gentoo/ ftp://mirror.switch.ch/mirror/gentoo/ ftp://ftp.solnet.ch/mirror/Gentoo http://gentoo.mirror.solnet.ch http://ftp.twaren.net/Linux/Gentoo/ ftp://ftp.twaren.net/Linux/Gentoo/ http://ftp.ncnu.edu.tw/Linux/Gentoo/ ftp://ftp.ncnu.edu.tw/Linux/Gentoo/ "
> LINGUAS="it"
> MAKEOPTS="-j2"
> PKGDIR="/usr/portage/packages"
> PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
> PORTAGE_TMPDIR="/var/tmp"
> PORTDIR="/usr/portage"
> PORTDIR_OVERLAY="/usr/local/overlays/xgl-coffee /usr/local/portage"
> SYNC="rsync://rsync.gentoo.org/gentoo-portage"
> USE="x86 3dnow 3dnowex X alsa arts cairo crypt cups dhcp elibc_glibc glitz gmp hal input_devices_keyboard input_devices_mouse kde kernel_linux linguas_it mmx mmxext mp3 mpeg2 mpeg4 nls nptl nvidia opengl pnp readline sse ssl userland_GNU video_cards_nvidia video_cards_vesa vorbis xmms"
> Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
>
> As into guide is written that iptables-{save,restore} tools are not
> sufficiently test as there are not sufficiently user that try them...
> i'm here :D
> I hope to give you some help to discover bugs(if it's not an error of mine ;) )...and i'm sorry if i
> make you lose your time.
> Thanks all in advance.
> Alberto
>
> --
> Undergraduate student at Computer Science, University of Bologna.
> Icq number: 79465051
> Web page: www.cs.unibo.it/~negri
> Gpg-id: 1024D/E96025D7
> Fingerprint: 2C6A 3E88 05AB 5B21 82E8 4A80 C357 1E37 E960 25D7
>
>
>
--
Undergraduate student at Computer Science, University of Bologna.
Icq number: 79465051
Web page: www.cs.unibo.it/~negri
Gpg-id: 1024D/E96025D7
Fingerprint: 2C6A 3E88 05AB 5B21 82E8 4A80 C357 1E37 E960 25D7
next prev parent reply other threads:[~2006-10-16 11:02 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-15 17:15 hi all Alberto Negri
2006-10-16 11:02 ` Alberto Negri [this message]
2006-10-16 11:57 ` Rob Sterenborg
2006-10-16 12:24 ` Alberto Negri
2006-10-16 12:51 ` Rob Sterenborg
2006-10-16 17:26 ` Alberto Negri
2006-10-16 21:26 ` Martijn Lievaart
[not found] <1706258471456406832-webhooks-bot@alsa-project.org>
2024-01-26 8:41 ` Hi All GitHub issues - opened
-- strict thread matches above, loose matches on Subject: below --
2012-02-10 12:21 Hi, all James W.
2010-03-15 10:11 Hi all Aditya Pendyala
2010-03-05 10:14 Hi All Fabio Giovagnini
2006-08-26 12:10 hi all Deepak Kandhare
2006-10-19 2:19 ` Mark Williamson
2004-12-27 11:46 Srinivas Naga Vutukuri
2004-12-01 11:16 Sujeet Kumar
2004-12-27 11:46 ` Erik Mouw
[not found] <200402260000.i1Q00WjH029069@mx7.andrew.cmu.edu>
2004-02-26 0:03 ` Hi all Deepesh Hinduja
2004-02-25 23:40 Deepesh Hinduja
2003-07-05 8:26 hi all Juanjo Marín
2003-07-05 7:02 Manikandan
2003-07-05 7:38 ` Riley Williams
2003-07-05 14:24 ` Jeffrey J. Nonken
2003-07-09 17:48 ` Fname Lname
2003-07-09 19:26 ` Riley Williams
2003-07-09 21:45 ` Michael McConnell
2003-07-05 10:18 ` pctips
2003-07-05 10:33 ` Gábor Lénárt
2001-12-05 17:03 Hi all rohit prasad
2001-12-05 17:13 ` Roy Sigurd Karlsbakk
2001-10-31 12:38 BARBASSAT David
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061016110201.58e06085@localhost \
--to=negri@cs.unibo.it \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.