Linode Forum
https://forum.linode.com/

iptables debian stable problem
https://forum.linode.com/viewtopic.php?f=19&t=798		 Page 1 of 1
Author:  hthb [ Fri Apr 09, 2004 2:47 pm ]
Post subject:  iptables debian stable problem
When I run my firewall BASH script, this error comes up: Unknown arg --destination-port

Then I replaced every --destination-port with -dport, and then it complains about : Bad Argument '22' (22 being the SSH port).

This works perfectly at home on my Knoppix debian box.

Any ideas?
Author:  caker [ Fri Apr 09, 2004 3:44 pm ]
Post subject: 
I'll venture to guess iptables versions are different??

What's the full line that you're trying to execute?

From the Debian iptables man page:

Code:
MATCH EXTENSIONS
       tcp
              These extensions are loaded if `--protocol tcp' is specified. It
              provides the following options:
(snip)
              --destination-port [!] port[:port]
                     Destination port or port range specification.  The flag --dport 
                     is a convenient alias for this option.


-Chris
Author:  hthb [ Fri Apr 09, 2004 4:47 pm ]
Post subject:  here comes the original line
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --destination-port ssh -j LOG --log-level 1 --log-prefix STRING -m limit
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp --destination-port ssh -j ACCEPT


The other line is just the same, but with -dport instead of --destination-port and 22 instead of ssh.

The version on both debians (the knoppix and stable) is 1.2.9.

Hope this clarifies...
Author:  caker [ Fri Apr 09, 2004 5:14 pm ]
Post subject: 
Code:
li-20:~# cat /etc/debian_version 
3.0
li-20:~# uname -a
Linux li-20.members.linode.com 2.4.25-linode24-1um #2 Sun Mar 28 15:14:01 EST 2004 i686 unknown
li-20:~# apt-get install iptables
Reading Package Lists... Done
Building Dependency Tree... Done
Sorry, iptables is already the newest version.
li-20:~# iptables -V
iptables v1.2.6a
li-20:~# iptables -A INPUT -s 192.168.1.0 -p tcp --destination-port ssh -j LOG --log-level 1 --log-prefix STRING -m limit 
li-20:~# iptables -A INPUT -s 192.168.1.0 -p tcp --destination-port ssh -j ACCEPT 
li-20:~#


Seems to have worked for me... ?

Maybe some funky-ness in your script?

-Chris
Author:  hthb [ Fri Apr 09, 2004 6:19 pm ]
Post subject:  Ok, fixed
I executed my script line by line, and the last line was causing problems!

Thanks for the help. Happy holidays. :)
Author:  smerritt [ Fri Apr 09, 2004 10:07 pm ]
Post subject: 
One little note: if you want to use -m owner with Debian stable, you'll need to compile iptables against a new kernel source. Somewhere around 2.4.20, they added another member to a struct that iptables uses, breaking old iptables binaries.

It's pretty simple, IIRC. I just downloaded the latest kernel from kernel.org, unpacked it, downloaded the latest iptables, and told the iptables build process where the kernel source was. If you do this, install in /usr/local instead of /usr so you don't overwrite Debian's iptables. Otherwise, if Debian releases a new iptables version that's still older than your hand-compiled one, the update will overwrite yours and break your firewall scripts.
Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/