Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
Anndreh
PostPosted: Mon Feb 14, 2011 3:34 pm 
Offline
Senior Newbie

Joined: Mon Feb 14, 2011 2:45 pm
Posts: 6
Hello friends,

First sorry for bad english :( I promise I'll improve :)

I'm new to the Linode but I can already tell I'm really enjoying the service.

I need to make a mini reseller cPanel-based (I have license), and therefore have to use CentOS. I'm almost finished with the settings but I came across a difficult problem to solve. I researched a lot already and nothing found. Because I ask the help of friends Linux masters to help me.

By changing the iptables settings and trying to apply them received the following error:


Quote:
Applying iptables firewall rules: iptables-restore v1.3.5: iptables-restore : unable to initializetable 'security'

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information .
[FAILED]
root@server [~]# iptables-restore < new-firewall-config
iptables-restore v1.3.5: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information .
root@server [~]# iptables-restore < new-firewall-config
iptables-restore v1.3.5: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.


So I went back to normal settings and when I run

Code:
service iptables restart


and the error appears again:


Quote:
Applying iptables firewall rules: iptables-restore v1.3.5: iptables-restore: unable to initializetable 'security'

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]



What's happening? How can the iptables accept my new setup?

Thanks in advance.
Regards!

Anndreh.
Top
   
Reply with quote  
hoopycat
 Post subject:
PostPosted: Tue Feb 15, 2011 9:34 am 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
What does the file 'new-firewall-config' contain?

_________________
Code:
/* TODO: need to add signature to posts */
Top
   
Reply with quote  
Anndreh
 Post subject:
PostPosted: Tue Feb 15, 2011 3:39 pm 
Offline
Senior Newbie

Joined: Mon Feb 14, 2011 2:45 pm
Posts: 6
hoopycat wrote:
What does the file 'new-firewall-config' contain?


Sorry hoopycat

Here new-firewall-config code:

Code:
*filter
 
#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
 
#  Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
#  Allows all outbound traffic
#  You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
 
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
 
#  Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
 
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
 
# Allows svnserve connections from anywhere
-A INPUT -p tcp --dport 3690 -j ACCEPT
 
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
 
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
 
COMMIT
Top
   
Reply with quote  
otherbbs
 Post subject:
PostPosted: Wed Feb 16, 2011 1:23 am 
Offline
Senior Member

Joined: Sun Oct 30, 2005 7:52 pm
Posts: 97
Code:
 -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

This is the second time I've seen this typo in the past month. The correct syntax should be:

-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT

--
Travis
Top
   
Reply with quote  
Anndreh
 Post subject:
PostPosted: Wed Feb 16, 2011 6:50 am 
Offline
Senior Newbie

Joined: Mon Feb 14, 2011 2:45 pm
Posts: 6
otherbbs wrote:
This is the second time I've seen this typo in the past month. The correct syntax should be:

-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT

--
Travis


Hi Travis,

Thanks for the help. In fact there was a syntax error in code. Already corrected.

But now when I run iptables-restore command an "no command specified" error is returned, see:

Code:
root@server [~]# iptables-restore new-firewall-config
iptables-restore v1.3.5: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.


Never seen this error before, maybe because I have always used Debian. What may be happening?

Thanks again.

Regards,
Andre.
Top
   
Reply with quote  
mnordhoff
 Post subject:
PostPosted: Wed Feb 16, 2011 6:54 am 
Offline
Senior Member

Joined: Sat May 03, 2008 4:01 pm
Posts: 569
Website: http://www.mattnordhoff.com/
You left out the <: "iptables-restore <new-firewall-config".

_________________
Matt Nordhoff (aka Peng on IRC)
Top
   
Reply with quote  
Anndreh
 Post subject:
PostPosted: Wed Feb 16, 2011 8:02 am 
Offline
Senior Newbie

Joined: Mon Feb 14, 2011 2:45 pm
Posts: 6
mnordhoff wrote:
You left out the <: "iptables-restore <new-firewall-config".


Hi!

Sorry, I forgot that. But...

Code:
root@server [~]# iptables-restore < new-firewall-config
iptables-restore v1.3.5: no command specified
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.


The same result :(
Any suggestions?
Top
   
Reply with quote  
otherbbs
 Post subject:
PostPosted: Thu Feb 17, 2011 2:36 am 
Offline
Senior Member

Joined: Sun Oct 30, 2005 7:52 pm
Posts: 97
Anndreh wrote:
Any suggestions?

Flush the iptables rules, then manually add each iptable rule. If you don't get any errors, then use iptables-save to save to the working rules to a file you can use with iptables-restore.

--
Travis
Top
   
Reply with quote  
Anndreh
 Post subject:
PostPosted: Thu Feb 17, 2011 10:18 am 
Offline
Senior Newbie

Joined: Mon Feb 14, 2011 2:45 pm
Posts: 6
otherbbs wrote:
Anndreh wrote:
Any suggestions?

Flush the iptables rules, then manually add each iptable rule. If you don't get any errors, then use iptables-save to save to the working rules to a file you can use with iptables-restore.

--
Travis


Hi Travis,

Thank you for this suggestion! Now it's works fine!

The question will remain: why can not I use iptables-restore?
But what matters is that it is working now. Thanks guys!

Topic closed.
Top
   
Reply with quote  
otherbbs
 Post subject:
PostPosted: Thu Feb 17, 2011 1:26 pm 
Offline
Senior Member

Joined: Sun Oct 30, 2005 7:52 pm
Posts: 97
Anndreh wrote:
The question will remain: why can not I use iptables-restore?

Does the working firewall rules file created by iptables-save work with iptables-restore?

If it does, then I would guess there is something in the file we are not seeing, the restore script is choking on. You could diff the differences between the failing file and the working iptables-save file to see.

--
Travis
Top
   
Reply with quote  
Anndreh
 Post subject:
PostPosted: Thu Feb 17, 2011 2:48 pm 
Offline
Senior Newbie

Joined: Mon Feb 14, 2011 2:45 pm
Posts: 6
otherbbs wrote:
Does the working firewall rules file created by iptables-save work with iptables-restore?

If it does, then I would guess there is something in the file we are not seeing, the restore script is choking on. You could diff the differences between the failing file and the working iptables-save file to see.

--
Travis


Hi Travis,

The interesting thing is that now the iptables-restore is working normally with the saved file. I believe the problem occurred because I have put a code with error sitaxe.

Thank you again, now all problems are solved!!!

Regards.
Anndreh.
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group