Re: Why would these rules cause errors only sometimes?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Boryan Yotov <yotov@prosyst.com>
To: Tasha Smith <natasha3641@yahoo.com>,
	"'netfilter@lists.netfilter.org'" <netfilter@lists.netfilter.org>
Subject: Re: Why would these rules cause errors only sometimes?
Date: Thu, 24 Oct 2002 09:59:04 +0200	[thread overview]
Message-ID: <3DB7A848.50201@prosyst.com> (raw)
In-Reply-To: 20021024044638.87841.qmail@web40707.mail.yahoo.com

Sorry I didn't read your mail until the end :)
Concerning the dynamic IP address a little trick should do the work 
until you got "pump" working:

in your /etc/rc.d/rc.iptables or whatever shell script you use to setup 
your firewall you could use the following to retrieve you ipaddress:

#!/bin/sh
....
#The following could work for ppp device as well just change it a little :)
eth0_address=`ifconfig eth0 | grep "inet addr" | awk '{print $2}' | sed 
's/addr://'`

....
#And simple rule should look like:
iptables -A INPUT -p tcp -d $eth0_address --dport 80 -j REJECT 
--reject-with tcp-reset

Note: of course you need to restart your firewall rules after you gain a 
new IP address on that interface but atleast you don't need to edit your 
rules again :)

Tasha Smith wrote:

>Hiii,
>
>Can someone tell me why these rules will only casue errors "sometimes"? I ran my
>script before and it worked fine. But then i added a few more log polocies
>and drop rules and then i get errors. I know its these rules casue when i #
>commented them out the script it ran properly again and it happened before but
>it fixed itself somehow. Here are the rules that are casue the error:
>
>iptables -A OUPUT -o eth0 -p tcp \
>         -s eth0 --sport 1024:65535 \
>         --dport 80 -j ACCEPT
>iptables -A INPUT -i eth0 -p tcp \
>         --sport 80 \
>         -d eth0 --dport 1024:65535 -j ACCEPT
>
>
>iptables -A INPUT -i eth0 -p udp \
>         -s 122.xx.xxx.xx  --sport 67 \
>         --dport 68 -j ACCEPT
>iptables -A OUTPUT -o eth0 -p udp \
>         -s eth0 --sport 68 \
>         -d 122.xx.xxx.xx --dport 67 -j ACCEPT
>
>
>Here the error i get:
>iptables v1.2.7a: host/network  `eth0' not found
>Try iptables `iptables -h' or `iptables --help for more infomation'
>iptables v1.2.7a: host/network  `eth0' not found
>Try iptables `iptables -h' or `iptables --help for more infomation'
>iptables v1.2.7a: host/network  `eth0' not found
>Try iptables `iptables -h' or `iptables --help for more infomation'
>
>Here are the rules i added and they work fine when i comment out the above
>rules!
>iptables -t nat --policy PREROUTING -j DROP
>iptables -t nat --policy OUPUT -j DROP
>iptables -t nat --policy POSTROUTING -j DROP
>
>
>how can i fix this? thanks guys! i have a dynamic ip address and i cant get pump
>to work thats why i using eth0 instaead of an IP adress! 
>
>
>__________________________________________________
>Do you Yahoo!?
>Y! Web Hosting - Let the expert host your web site
>http://webhosting.yahoo.com/
>
>
>
>  
>

     prev parent reply	other threads:[~2002-10-24  7:59 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-24  4:46 Why would these rules cause errors only sometimes? Tasha Smith
2002-10-24  7:30 ` Boryan Yotov
2002-10-24  7:44 ` Tasha Smith
2002-10-24 22:00   ` Alistair Tonner
2002-10-25  2:54     ` Tasha Smith
2002-10-25  7:47       ` Antony Stone
2002-10-28 16:53     ` Antony Stone
2002-10-24  7:59 ` Boryan Yotov [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DB7A848.50201@prosyst.com \
    --to=yotov@prosyst.com \
    --cc=natasha3641@yahoo.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.