Firewall questions I promised you.
Bruce McDonald
brucemcdonal at mindspring.com
Mon May 31 10:21:31 UTC 2004
Hello all,
I have written my firewall rules using the examples in Linux Firewall Second
Edition by Robert Zeigler. Now, when I run the script I get a couple of
errors.
One is:
Bad argument `22'
Try `iptables -h' or 'iptables --help' for more information.
This shows up after lines like:
if [ "$CONNECTION_TRACKING" = "1" ]; then
iptables -A local-tcp-client-request -p tcp \
-d $SSH_CLIENT --dport 22 \
--syn -m state --state NEW \
-j ACCEPT
fi
iptables -A local-tcp-client-request -p tcp \
-d $SSH_CLIENT --dport 22 \
-j ACCEPT
and:
if [ "$CONNECTION_TRACKING" = "1" ]; then
iptables -A remote-tcp-client-request -p tcp \
-s $SSH_CLIENT --destination-port 22 \
-m state --state NEW \
-j ACCEPT
fi
iptables -A remote-tcp-client-request -p tcp \
-s $SSH_CLIENT --destination-port 22 \
-j ACCEPT
I played with the order of the items on the line and did manage to get rid
of Bad argument 22 by moving the (in the trial case I used a destination
port line) --dport22 ahead of the destination itself. This did generate a
different complaint, which I have forgotten in the intervening time.
So, is there an error in the order of the layout of the iptables lines I
have listed above?
My next error is:
iptables v1.2.7a: host/network `yahoo.com' not found
Try `iptables -h' or 'iptables --help' for more information.
I assume this means the firewall is halting packets to or from my DNS
server.
I still have to check a little further into this, I do have rules that are
supposed to allow the traffic. I will post them for your input once I
figure that I don't see anything at all wrong with them.
(...So expect to see them in about a day...) I fear the rules may be for
server to server traffic and not really for client to server.
Thanks for any help.
Regards,
Bruce McDonald
More information about the Redhat-install-list
mailing list