* Problem with nat table in iptables
@ 2004-05-27 18:23 Jorge Davila
2004-05-27 19:55 ` Antony Stone
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Jorge Davila @ 2004-05-27 18:23 UTC (permalink / raw)
To: netfilter
Hi!
When I insert a new rule in the chain INPUT and save/restart iptables my
firewall lost the nat table.
Someone have an idea about how recover the nat table?
Thanks,
Jorge Dávila.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Problem with nat table in iptables
2004-05-27 18:23 Problem with nat table in iptables Jorge Davila
@ 2004-05-27 19:55 ` Antony Stone
2004-05-27 20:43 ` Jorge Davila
2004-05-27 19:56 ` Alexander Stein
2004-05-28 20:50 ` Jorge Davila
2 siblings, 1 reply; 7+ messages in thread
From: Antony Stone @ 2004-05-27 19:55 UTC (permalink / raw)
To: netfilter
On Thursday 27 May 2004 7:23 pm, Jorge Davila wrote:
> Hi!
>
> When I insert a new rule in the chain INPUT and save/restart iptables my
> firewall lost the nat table.
>
> Someone have an idea about how recover the nat table?
Do you mean you lost the nat table itself, and now you can't put any rules
into it, or do you mean you've lost the rules in the nat table and want to
get them back again?
If it's the first, try insmod iptable_nat.
If it's the second, how are you saving / restarting iptables? There must be
something strange about soem script if it keeps the filter rules but not the
nat rules.
If it's neither of the above, please give us more details of exactly what
you're doing (eg: cut & paste from a console to show us the problem in
action), and we'll see if we can help.
Regards,
Antony.
--
Success is a lousy teacher. It seduces smart people into thinking they can't
lose.
- William H Gates III
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Problem with nat table in iptables
2004-05-27 18:23 Problem with nat table in iptables Jorge Davila
2004-05-27 19:55 ` Antony Stone
@ 2004-05-27 19:56 ` Alexander Stein
2004-05-28 20:50 ` Jorge Davila
2 siblings, 0 replies; 7+ messages in thread
From: Alexander Stein @ 2004-05-27 19:56 UTC (permalink / raw)
To: netfilter
Jorge Davila schrieb:
> When I insert a new rule in the chain INPUT and save/restart iptables my
> firewall lost the nat table.
>
> Someone have an idea about how recover the nat table?
How do you save/restart your iptables? If you use a script, please look
inside it and/or post it. I had the same issue with that.
greets
Alexander
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Problem with nat table in iptables
2004-05-27 19:55 ` Antony Stone
@ 2004-05-27 20:43 ` Jorge Davila
2004-05-27 20:48 ` Antony Stone
0 siblings, 1 reply; 7+ messages in thread
From: Jorge Davila @ 2004-05-27 20:43 UTC (permalink / raw)
To: netfilter
I lost the nat table and I can put rules ....
I try insmod iptable_nat but the messages in /var/log/messages is:
/lib/modules/2.4.22-1.2188.nptl/kernel/net/ipv4/netfilter/iptable_nat.o:
insmod iptable_nat failed
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Problem with nat table in iptables
2004-05-27 20:43 ` Jorge Davila
@ 2004-05-27 20:48 ` Antony Stone
2004-05-27 21:19 ` Jorge Davila
0 siblings, 1 reply; 7+ messages in thread
From: Antony Stone @ 2004-05-27 20:48 UTC (permalink / raw)
To: netfilter
On Thursday 27 May 2004 9:43 pm, Jorge Davila wrote:
> I lost the nat table and I can put rules ....
I'm sorry, I don't understand the problem.
Please show us your original rules (iptables -L -nvx; iptables -L -t nat
-nvx), then add your rule to the INPUT chain, save and restore the ruleset,
and show us the problem. Copy & paste all the above so we can see what you
mean (I know that might be a long email but people who don't care can ignore
it; those of us who can help will benefit from the information).
Regards,
Antony.
--
The idea that Bill Gates appeared like a knight in shining armour to lead all
customers out of a mire of technological chaos neatly ignores the fact that
it was he who, by peddling second-rate technology, led them into it in the
first place.
- Douglas Adams in The Guardian, 25th August 1995
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Problem with nat table in iptables
2004-05-27 20:48 ` Antony Stone
@ 2004-05-27 21:19 ` Jorge Davila
0 siblings, 0 replies; 7+ messages in thread
From: Jorge Davila @ 2004-05-27 21:19 UTC (permalink / raw)
To: netfilter
The rule than I want add to the INPUT chain is:
iptables -I INPUT 2 -s 192.168.0.0/255.255.255.0 -d 64.152.73.182 -j DROP
When execute the above command and then
iptables-save
and restart iptables the nat table has disappeared
This the output of
iptables -L -nvx; iptables -L -t nat -nvx
iptables -L -nvx; iptables -L -t nat -nvx
Chain INPUT (policy DROP 158 packets, 8534 bytes)
pkts bytes target prot opt in out
source destination
179 12124 bad_tcp_packets tcp -- * *
0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo *
127.0.0.1 0.0.0.0/0
2 88 ACCEPT all -- * *
192.168.0.0/24 0.0.0.0/0
0 0 ACCEPT all -- eth1 *
192.168.0.1 0.0.0.0/0
0 0 ACCEPT all -- lo *
192.168.0.1 0.0.0.0/0
24 2612 ACCEPT all -- lo *
216.6.48.95 0.0.0.0/0
0 0 ACCEPT udp -- eth1 *
0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
22 1624 ACCEPT all -- * *
0.0.0.0/0 216.6.48.95 state RELATED,ESTABLISHED
149 7980 tcp_packets tcp -- eth0 *
0.0.0.0/0 0.0.0.0/0
12 743 udp_packets udp -- eth0 *
0.0.0.0/0 0.0.0.0/0
0 0 icmp_packets icmp -- eth0 *
0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- eth0 *
0.0.0.0/0 224.0.0.0/8
6 300 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG
flags 0 level 7 prefix `IPT INPUT packet died: '
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out
source destination
0 0 bad_tcp_packets tcp -- * *
0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth0 *
0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG
flags 0 level 7 prefix `IPT FORWARD packet died: '
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out
source destination
49 18380 bad_tcp_packets tcp -- * *
0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * *
127.0.0.1 0.0.0.0/0
1 48 ACCEPT all -- * *
192.168.0.1 0.0.0.0/0
51 17531 ACCEPT all -- * *
216.6.48.95 0.0.0.0/0
0 0 LOG all -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 3 LOG
flags 0 level 7 prefix `IPT OUTPUT packet died: '
Chain allowed (8 references)
pkts bytes target prot opt in out
source destination
2 120 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02
0 0 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- * *
0.0.0.0/0 0.0.0.0/0
Chain bad_tcp_packets (3 references)
pkts bytes target prot opt in out
source destination
0 0 REJECT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW
reject-with tcp-reset
44 7465 LOG tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW
LOG flags 0 level 4 prefix `Nuevo no syn: '
44 7465 DROP tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW
Chain icmp_packets (1 references)
pkts bytes target prot opt in out
source destination
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 11
Chain tcp_packets (1 references)
pkts bytes target prot opt in out
source destination
0 0 allowed tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 allowed tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:25
2 120 allowed tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 allowed tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 allowed tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 allowed tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 allowed tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:993
0 0 allowed tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:995
Chain udp_packets (1 references)
pkts bytes target prot opt in out
source destination
1 69 ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:123
0 0 ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:2074
0 0 ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:4000
0 0 DROP udp -- eth0 *
0.0.0.0/0 216.6.48.255 udp dpts:135:139
0 0 DROP udp -- eth0 *
0.0.0.0/0 255.255.255.255 udp dpts:67:68
Chain PREROUTING (policy ACCEPT 181 packets, 12774 bytes)
pkts bytes target prot opt in out
source destination
0 0 REDIRECT tcp -- eth1 *
192.168.0.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT 1 packets, 68 bytes)
pkts bytes target prot opt in out
source destination
2 147 SNAT all -- * eth0
0.0.0.0/0 0.0.0.0/0 to:216.6.48.95
Chain OUTPUT (policy ACCEPT 33 packets, 4472 bytes)
pkts bytes target prot opt in out
source destination
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Problem with nat table in iptables
2004-05-27 18:23 Problem with nat table in iptables Jorge Davila
2004-05-27 19:55 ` Antony Stone
2004-05-27 19:56 ` Alexander Stein
@ 2004-05-28 20:50 ` Jorge Davila
2 siblings, 0 replies; 7+ messages in thread
From: Jorge Davila @ 2004-05-28 20:50 UTC (permalink / raw)
To: netfilter
Jorge Davila wrote:
> Hi!
>
> When I insert a new rule in the chain INPUT and save/restart iptables
> my firewall lost the nat table.
>
> Someone have an idea about how recover the nat table?
>
> Thanks,
>
> Jorge Dávila.
>
The problem has been resolved... the nat was "eliminated" when I try to
see the firewall configuration simultaneously with webmin and command
line after insert the rule. :)
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2004-05-28 20:50 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-05-27 18:23 Problem with nat table in iptables Jorge Davila
2004-05-27 19:55 ` Antony Stone
2004-05-27 20:43 ` Jorge Davila
2004-05-27 20:48 ` Antony Stone
2004-05-27 21:19 ` Jorge Davila
2004-05-27 19:56 ` Alexander Stein
2004-05-28 20:50 ` Jorge Davila
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox