Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. Tenho atualmente um Servidor Firewall Linux Red Hat 7.2, estou com um novo Servidor para substituir este que já esta bem ultrapassado, porem quando copio o script de firewall iptables e tento startar no novo Servidor (Fedora Core 8) apresenta erros, já no Red Hat 7.2 executa normalmente.

    Segue script iptables:

    # Generated by iptables-save v1.2.3 on Sun May 25 21:28:47 2003
    *mangle
    :PREROUTING ACCEPT [272:15737]
    :OUTPUT ACCEPT [151:11002]
    COMMIT
    # Completed on Sun May 25 21:28:47 2003
    # Generated by iptables-save v1.2.3 on Sun May 25 21:28:47 2003
    *nat
    :PREROUTING ACCEPT [90:5520]
    :POSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A POSTROUTING -s 192.168.254.0/255.255.255.0 -d 10.3.0.0/255.255.0.0 -j MASQUERADE
    COMMIT
    # Completed on Sun May 25 21:28:47 2003
    # Generated by iptables-save v1.2.3 on Sun May 25 21:28:47 2003
    *filter
    :INPUT DROP [85:5100]
    :FORWARD DROP [0:0]
    :OUTPUT DROP [0:0]
    :VPN - [0:0]
    -A INPUT -d 200.232.9.5 -p tcp -m tcp --dport 1723 -j ACCEPT
    -A INPUT -d 200.232.9.5 -p 47 -j ACCEPT
    -A INPUT -s 192.168.254.0/255.255.255.0 -p icmp -j ACCEPT
    -A INPUT -s 200.206.232.200 -p tcp -m tcp --dport 22 -j ACCEPT
    -A INPUT -s 200.168.57.189 -p tcp -m tcp --dport 22 -j ACCEPT
    -A INPUT -s 200.161.31.32 -p tcp -m tcp --dport 22 -j ACCEPT
    -A INPUT -d 200.232.9.30 -p udp -m udp --dport 1645 -j ACCEPT
    -A INPUT -d 200.232.9.30 -p udp -m udp --dport 1646 -j ACCEPT
    -A FORWARD -s 192.168.254.0/255.255.255.0 -d 10.3.0.0/255.255.0.0 -j VPN
    -A FORWARD -s 10.3.0.0/255.255.0.0 -d 192.168.254.0/255.255.255.0 -j VPN
    -A OUTPUT -s 200.232.9.5 -p tcp -m tcp --sport 1723 -j ACCEPT
    -A OUTPUT -s 200.232.9.5 -p 47 -j ACCEPT
    -A OUTPUT -d 192.168.254.0/255.255.255.0 -p icmp -j ACCEPT
    -A OUTPUT -d 200.206.232.200 -p tcp -m tcp --sport 22 -j ACCEPT
    -A OUTPUT -d 200.168.57.189 -p tcp -m tcp --sport 22 -j ACCEPT
    -A OUTPUT -d 200.161.31.32 -p tcp -m tcp --sport 22 -j ACCEPT
    -A OUTPUT -s 200.232.9.30 -p udp -m udp --sport 1645 -j ACCEPT
    -A OUTPUT -s 200.232.9.30 -p udp -m udp --sport 1646 -j ACCEPT
    -A VPN -j DROP
    COMMIT
    # Completed on Sun May 25 21:28:47 2003

    Segue mensagens de erro ao tentar startar iptables:

    [root@localhost sysconfig]# service iptables restart
    /etc/sysconfig/iptables-config: line 2: *mangle: command not found
    /etc/sysconfig/iptables-config: line 3: :PREROUTING: command not found
    /etc/sysconfig/iptables-config: line 4: :OUTPUT: command not found
    /etc/sysconfig/iptables-config: line 5: COMMIT: command not found
    /etc/sysconfig/iptables-config: line 8: *nat: command not found
    /etc/sysconfig/iptables-config: line 9: :PREROUTING: command not found
    /etc/sysconfig/iptables-config: line 10: :POSTROUTING: command not found
    /etc/sysconfig/iptables-config: line 11: :OUTPUT: command not found
    /etc/sysconfig/iptables-config: line 12: -A: command not found
    /etc/sysconfig/iptables-config: line 13: COMMIT: command not found
    /etc/sysconfig/iptables-config: line 16: *filter: command not found
    /etc/sysconfig/iptables-config: line 17: :INPUT: command not found
    /etc/sysconfig/iptables-config: line 18: :FORWARD: command not found
    /etc/sysconfig/iptables-config: line 19: :OUTPUT: command not found
    /etc/sysconfig/iptables-config: line 20: :VPN: command not found
    /etc/sysconfig/iptables-config: line 21: -A: command not found
    /etc/sysconfig/iptables-config: line 22: -A: command not found
    /etc/sysconfig/iptables-config: line 23: -A: command not found
    /etc/sysconfig/iptables-config: line 24: -A: command not found
    /etc/sysconfig/iptables-config: line 25: -A: command not found
    /etc/sysconfig/iptables-config: line 26: -A: command not found
    /etc/sysconfig/iptables-config: line 27: -A: command not found
    /etc/sysconfig/iptables-config: line 28: -A: command not found
    /etc/sysconfig/iptables-config: line 29: -A: command not found
    /etc/sysconfig/iptables-config: line 30: -A: command not found
    /etc/sysconfig/iptables-config: line 31: -A: command not found
    /etc/sysconfig/iptables-config: line 32: -A: command not found
    /etc/sysconfig/iptables-config: line 33: -A: command not found
    /etc/sysconfig/iptables-config: line 34: -A: command not found
    /etc/sysconfig/iptables-config: line 35: -A: command not found
    /etc/sysconfig/iptables-config: line 36: -A: command not found
    /etc/sysconfig/iptables-config: line 37: -A: command not found
    /etc/sysconfig/iptables-config: line 38: -A: command not found
    /etc/sysconfig/iptables-config: line 39: -A: command not found

  2. iptables-config nao eh arquivo das regras.. eh a configuração do script...

    as regras fica em /etc/sysconfig/iptables

    vc prcisa restaurar o seu iptables-config (re-instale o pacote iptables)



  3. Olá, fiz o que vc sugeriu amigo, dei um service iptables restart (deu tudo ok) e subiu as regras direitinho, porém ao ativar o iptables no ntsysv e reiniciar o PC ele ficou parado na inicialização "Applying iptables firewall rules" (por mais ou menos 16 minutos).
    Ou seja deu na mesma.

  4. sim.. vc deve ter algum problema.. restaurou as confs originais e testou ?

    tem q analisar o porque ele esta parando.. tlavez nao seja nem o iptables... pode ser um outro processo anterior ou posterior....






Tópicos Similares

  1. iptables-restore
    Por adamolb no fórum Sistemas Operacionais
    Respostas: 0
    Último Post: 01-04-2009, 14:19
  2. Bridge + Iptables + Squid Remoto
    Por Machado no fórum Servidores de Rede
    Respostas: 2
    Último Post: 26-08-2003, 09:04
  3. IPTABLES (problemas c DHCP)
    Por redrum_pp no fórum Servidores de Rede
    Respostas: 2
    Último Post: 16-07-2002, 08:17
  4. IpTables e CheckPoint VPN
    Por chedid no fórum Servidores de Rede
    Respostas: 0
    Último Post: 26-06-2002, 21:10
  5. problemas iptables
    Por cyberrato no fórum Servidores de Rede
    Respostas: 1
    Último Post: 07-06-2002, 10:47

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L