On Sun, 15 Oct 2006 17:15:23 +0000
Alberto Negri <negri@xxxxxxxxxxx> wrote:
any suggestions?
am i wrong Mailing list?
ping :)
Alberto
> hi all,
>
> i post here after spoke with people into #iptables irc channel
> in particular with "Taube". At the end of my problem explanation
> he suggested me to use a script instead of iptables-{save,restore}
> commands, but reading iptables tutorial in particular here:
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html#SAVEANDRESTORE
> i get the advice to use iptables-{save,restore} instead of a bash script...now i
> thought to post here...
> So now my problem:
>
> Using iptables-{save,restore} on a gentoo box iptables crashes at start up.
> my error message(doing /etc/init.d/iptables start):
>
> * Caching service
> dependencies ...
> [ ok ]
> * Loading iptables state and starting firewall ...
> /etc/init.d/iptables: line 57: 9820 Segmentation fault
> ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS}
> <"${iptables_save}" [ !! ]
>
> where my iptables rule file is(cat /etc/conf.d/iptables| grep -v ^$ | grep -v ^#):
>
> IPTABLES_SAVE="/var/lib/iptables/firewall"
> SAVE_RESTORE_OPTIONS="-c"
> SAVE_ON_STOP="yes"
>
> contents of firewall file(cat /var/lib/iptables/firewall)[i dropped some my comments, starting with
> '#' before post]:
> (Taube told me it is right...anyway i post it)
> # Generated by iptables-save v1.3.5 on Sun Oct 8 18:08:12 2006
> *raw
> :PREROUTING ACCEPT
> :OUTPUT ACCEPT
> COMMIT
> # Completed on Sun Oct 8 18:08:12 2006
> # Generated by iptables-save v1.3.5 on Sun Oct 8 18:08:12 2006
> *nat
> :PREROUTING ACCEPT
> :POSTROUTING ACCEPT
> :OUTPUT ACCEPT
> -A POSTROUTING -o ppp0 -j MASQUERADE
> COMMIT
> # Completed on Sun Oct 8 18:08:12 2006
> # Generated by iptables-save v1.3.5 on Sun Oct 8 18:08:12 2006
> *mangle
> :PREROUTING ACCEPT
> :INPUT ACCEPT
> :FORWARD ACCEPT
> :OUTPUT ACCEPT
> :POSTROUTING ACCEPT
> COMMIT
> # Completed on Sun Oct 8 18:08:12 2006
> # Generated by iptables-save v1.3.5 on Sun Oct 8 18:08:12 2006
> *filter
> :INPUT DROP
> :FORWARD DROP
> :OUTPUT DROP
> :INBOUND -
> :LOG_FILTER -
> :LSI -
> :LSO -
> :OUTBOUND -
> -A INPUT -p tcp -m tcp --dport 2001 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2667 -j ACCEPT
> -A INPUT -p icmp -m limit --limit 10/min -j ACCEPT
> -A INPUT -i eth1 -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -s 193.70.192.25 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 193.70.192.25 -p udp -j ACCEPT
> -A INPUT -s 212.48.4.15 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 212.48.4.15 -p udp -j ACCEPT
> -A INPUT -s 62.211.69.150 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 62.211.69.150 -p udp -j ACCEPT
> -A INPUT -s 62.101.80.80 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 62.101.80.80 -p udp -j ACCEPT
> -A INPUT -s 130.136.1.110 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> -A INPUT -s 130.136.1.110 -p udp -j ACCEPT
> -A FORWARD -j ACCEPT
> -A OUTPUT -o ppp0 -j OUTBOUND
> -A OUTPUT -o eth1 -j OUTBOUND
> -A OUTPUT -d 193.70.192.25 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 193.70.192.25 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 212.48.4.15 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 212.48.4.15 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.211.69.150 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.211.69.150 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.101.80.80 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 62.101.80.80 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 130.136.1.110 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -d 130.136.1.110 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTBOUND -j ACCEPT
> COMMIT
> # Completed on Sun Oct 8 18:08:12 2006
>
>
> where those are DNS:
> 193.70.192.25
> 212.48.4.15
> 62.211.69.150
> 62.101.80.80
> 130.136.1.110
>
> theese are my gentoo configurations options(emerge --info):
>
> Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686)
> =================================================================
> System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 1800+
> Gentoo Base System version 1.12.5
> Last Sync: Sun, 15 Oct 2006 10:30:01 +0000
> distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
> ccache version 2.3 [enabled]
> app-admin/eselect-compiler: [Not Present]
> dev-java/java-config: 1.3.7, 2.0.30
> dev-lang/python: 2.4.3-r4
> dev-python/pycrypto: 2.0.1-r5
> dev-util/ccache: 2.3
> dev-util/confcache: [Not Present]
> sys-apps/sandbox: 1.2.17
> sys-devel/autoconf: 2.13, 2.59-r7
> sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
> sys-devel/binutils: 2.16.1-r3
> sys-devel/gcc-config: 1.3.13-r4
> sys-devel/libtool: 1.5.22
> virtual/os-headers: 2.6.17-r1
> ACCEPT_KEYWORDS="x86"
> AUTOCLEAN="yes"
> CBUILD="i686-pc-linux-gnu"
> CFLAGS="-mtune=athlon-xp -march=athlon-xp -O2 -pipe"
> CHOST="i686-pc-linux-gnu"
> CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config
> /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/
> /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
> CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
> CXXFLAGS="-mtune=athlon-xp -march=athlon-xp -O2 -pipe"
> DISTDIR="/usr/portage/distfiles"
> FEATURES="autoconfig ccache distlocks fixpackages metadata-transfer sandbox sfperms strict"
> GENTOO_MIRRORS="ftp://lug.mtu.edu/gentoo http://mirror.phy.olemiss.edu/mirror/gentoo
> http://mirror.mcs.anl.gov/pub/gentoo/ http://mirror.uni-c.dk/pub/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ ftp://trumpetti.atm.tut.fi/gentoo/
> http://pandemonium.tiscali.de/pub/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ http://gentoo.intergenia.de ftp://files.gentoo.org http://files.gentoo.org ftp://ftp.ntua.gr/pub/linux/gentoo/ http://ftp.ntua.gr/pub/linux/gentoo/ ftp://ftp.uoi.gr/mirror/OS/gentoo/
> http://ftp.uoi.gr/mirror/OS/gentoo/ http://ftp.physics.auth.gr/pub/mirrors/gentoo/ ftp://ftp.physics.auth.gr/pub/mirrors/gentoo/ ftp://mirror.scarlet-internet.nl/pub/gentoo
> http://mirror.gentoo.no/ http://darkstar.ist.utl.pt/gentoo/ ftp://darkstar.ist.utl.pt/pub/gentoo/ http://mirror.switch.ch/ftp/mirror/gentoo/ ftp://mirror.switch.ch/mirror/gentoo/ ftp://ftp.solnet.ch/mirror/Gentoo http://gentoo.mirror.solnet.ch http://ftp.twaren.net/Linux/Gentoo/ ftp://ftp.twaren.net/Linux/Gentoo/ http://ftp.ncnu.edu.tw/Linux/Gentoo/ ftp://ftp.ncnu.edu.tw/Linux/Gentoo/ "
> LINGUAS="it"
> MAKEOPTS="-j2"
> PKGDIR="/usr/portage/packages"
> PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
> PORTAGE_TMPDIR="/var/tmp"
> PORTDIR="/usr/portage"
> PORTDIR_OVERLAY="/usr/local/overlays/xgl-coffee /usr/local/portage"
> SYNC="rsync://rsync.gentoo.org/gentoo-portage"
> USE="x86 3dnow 3dnowex X alsa arts cairo crypt cups dhcp elibc_glibc glitz gmp hal input_devices_keyboard input_devices_mouse kde kernel_linux linguas_it mmx mmxext mp3 mpeg2 mpeg4 nls nptl nvidia opengl pnp readline sse ssl userland_GNU video_cards_nvidia video_cards_vesa vorbis xmms"
> Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
>
> As into guide is written that iptables-{save,restore} tools are not
> sufficiently test as there are not sufficiently user that try them...
> i'm here :D
> I hope to give you some help to discover bugs(if it's not an error of mine ;) )...and i'm sorry if i
> make you lose your time.
> Thanks all in advance.
> Alberto
>
> --
> Undergraduate student at Computer Science, University of Bologna.
> Icq number: 79465051
> Web page: www.cs.unibo.it/~negri
> Gpg-id: 1024D/E96025D7
> Fingerprint: 2C6A 3E88 05AB 5B21 82E8 4A80 C357 1E37 E960 25D7
>
>
>
--
Undergraduate student at Computer Science, University of Bologna.
Icq number: 79465051
Web page: www.cs.unibo.it/~negri
Gpg-id: 1024D/E96025D7
Fingerprint: 2C6A 3E88 05AB 5B21 82E8 4A80 C357 1E37 E960 25D7
