help with iptables

help with iptables

[Tahmid Quazi]

[-- Attachment #1: Type: text/plain, Size: 690 bytes --]

Hi
 
I am trying to use the iptables command on an iPaq running Familiar. The kernel version is 2.4.18-rmk3-hh6. 
The kernel does not have netfilter configured so for any functionality I need, I have to install a module.
 
I have installed the following modules:
iptable_filter
ip_tables
 
successfully. ( i can see them when i type /proc/modules)
 
But when i try a simple iptables command (i got this from the "howto" document)
/ # iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP
 
I get the following output:

iptables: No such file or directory
 
Please could someone tell me what i am doing wrong or missing.
 
Many thanks in advance for your help!
 
-- tahmid


[-- Attachment #2: HTML --]
[-- Type: text/html, Size: 1603 bytes --]

Help with iptables

[Tahmid Quazi]

[-- Attachment #1: Type: text/plain, Size: 690 bytes --]

Hi
 
I am trying to use the iptables command on an iPaq running Familiar. The kernel version is 2.4.18-rmk3-hh6. 
The kernel does not have netfilter configured so for any functionality I need, I have to install a module.
 
I have installed the following modules:
iptable_filter
ip_tables
 
successfully. ( i can see them when i type /proc/modules)
 
But when i try a simple iptables command (i got this from the "howto" document)
/ # iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP
 
I get the following output:

iptables: No such file or directory
 
Please could someone tell me what i am doing wrong or missing.
 
Many thanks in advance for your help!
 
-- tahmid


[-- Attachment #2: HTML --]
[-- Type: text/html, Size: 1583 bytes --]

RE: Help with iptables

[Aldo S. Lagana]

[-- Attachment #1: Type: text/plain, Size: 1118 bytes --]

Sounds like the iptables command is not in the path - I think it needs to be
in /sbin

 

iptables: No such file or directory

 

if there was an issue with non-loaded modules, you would probably see a
symbol reference error.

 

 

 

  _____  

From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Tahmid Quazi
Sent: Tuesday, June 03, 2003 5:22 AM
To: netfilter@lists.samba.org

 

Hi

 

I am trying to use the iptables command on an iPaq running Familiar. The
kernel version is 2.4.18-rmk3-hh6. 

The kernel does not have netfilter configured so for any functionality I
need, I have to install a module.

 

I have installed the following modules:

iptable_filter

ip_tables

 

successfully. ( i can see them when i type /proc/modules)

 

But when i try a simple iptables command (i got this from the "howto"
document)

/ # iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP

 

I get the following output:


iptables: No such file or directory

 

Please could someone tell me what i am doing wrong or missing.

 

Many thanks in advance for your help!

 

-- tahmid


[-- Attachment #2: Type: text/html, Size: 6874 bytes --]

Re: Help with iptables

[Jerry M. Howell II]

On Tue, Jun 03, 2003 at 11:22:08AM +0200, Tahmid Quazi wrote:
> Hi
>  
> I am trying to use the iptables command on an iPaq running Familiar. The kernel version is 2.4.18-rmk3-hh6. 
> The kernel does not have netfilter configured so for any functionality I need, I have to install a module.
>  
> I have installed the following modules:
> iptable_filter
> ip_tables
>  
> successfully. ( i can see them when i type /proc/modules)
>  
> But when i try a simple iptables command (i got this from the "howto" document)
> / # iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP
>  
> I get the following output:
> 
> iptables: No such file or directory
>  
> Please could someone tell me what i am doing wrong or missing.
>  
> Many thanks in advance for your help!
>  
Try something like

/sbin/iptables /usr/sbin/iptables or usr/local/sbin/iptables

it's probably not in your path
-- 
Jerry M. Howell II

Help with iptables

[Bryan Dyson]

[-- Attachment #1: Type: text/plain, Size: 680 bytes --]


Hi folks,

I've got my iptables setup and working with one small glitch. My ISP
says I'm an open proxy.
What I'm trying to do is set a rule in iptables that will drop port 3128
requests coming from the outside but still allow my internal network to
use the proxy on this port.
I've tried the following, but they seem to shut down routing of e-mail
from the internal mail server:

-A PREROUTING -I eth1 -p tcp -m tcp --dport 3128 -j DROP
And
-A PREROUTING -I x.x.x.x (public IP) -p tcp -m -tcp --dport 3128 -j DROP


If anyone could help I'd appreciate it.

Bryan Dyson
LAN/db Administrator
Solana Beach Presbyterian Church
858-509-2580
Shelby 5.4.1472



[-- Attachment #2: Type: text/html, Size: 1501 bytes --]

Re: Help with iptables

[John A. Sullivan III]

On Wed, 2003-12-10 at 18:45, Bryan Dyson wrote:
> Hi folks,
> 
> I've got my iptables setup and working with one small glitch. My ISP
> says I'm an open proxy.
> What I'm trying to do is set a rule in iptables that will drop port
> 3128 requests coming from the outside but still allow my internal
> network to use the proxy on this port.
> 
> I've tried the following, but they seem to shut down routing of e-mail
> from the internal mail server:
> 
> -A PREROUTING -I eth1 -p tcp -m tcp --dport 3128 -j DROP
> And
> -A PREROUTING -I x.x.x.x (public IP) -p tcp -m -tcp --dport 3128 -j
> DROP
<snip>

If it helps, here are some excerpts from a file I pass to
iptables-restore -n (minus the comments) to activate my proxy:

*filter
-A INPUT -i eth0 -p tcp -m tcp --dport 3128 -j ACCEPT
	#allow the proxy to receive traffic from the internal devices (eth0 is
the private interface in my set up)
-A OUTPUT -o eth0 -p tcp -m tcp --sport 3128 -j ACCEPT
	#allow the proxy to respond to the internal clients
-A OUTPUT -p 6 -m tcp --dport 80 -m state --state NEW -j ACCEPT
	#allow the proxy to talk to the web servers of the world! Of course,
there is a corresponding --state RELATED, ESTABLISHED -j ACCEPT
somewhere else in the configuration
COMMIT
*nat
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
3128
	#Cause the redirection from the internal interface (eth0 in my case)
COMMIT

All filter table policies are DROP so if I do not explicitly allow it,
it is denied.
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 

Re: Help with iptables

[Michael Gale]

Hello,

	Why not run squid only on the internal interface .. can you not provide squid with the IP or interface to listen on ?

Also iptables -A INPUT -i external_interface -p tcp --dport 3128 -j DROP

should do the trick .... if you set a default policy to DROP and only pass the things you want. That would be better :)

iptables --policy INPUT ACCEPT
iptables --policy OUTPUT ACCEPT
iptables --policy FORWARD ACCEPT 

Michael.


On Wed, 10 Dec 2003 15:45:52 -0800
"Bryan Dyson" <lan_administrator@solanapres.org> wrote:

> 
> Hi folks,
> 
> I've got my iptables setup and working with one small glitch. My ISP
> says I'm an open proxy.
> What I'm trying to do is set a rule in iptables that will drop port 3128
> requests coming from the outside but still allow my internal network to
> use the proxy on this port.
> I've tried the following, but they seem to shut down routing of e-mail
> from the internal mail server:
> 
> -A PREROUTING -I eth1 -p tcp -m tcp --dport 3128 -j DROP
> And
> -A PREROUTING -I x.x.x.x (public IP) -p tcp -m -tcp --dport 3128 -j DROP
> 
> 
> If anyone could help I'd appreciate it.
> 
> Bryan Dyson
> LAN/db Administrator
> Solana Beach Presbyterian Church
> 858-509-2580
> Shelby 5.4.1472
> 
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation