Re: [bwm-tools-tech] firewall rules problems
Brought to you by:
nkukard
Menu
▾
▴
Re: [bwm-tools-tech] firewall rules problems
|
From: Kobe L. <ko...@pu...> - 2004-03-22 17:01:06
|
I'm not familiar with RH9. But I see iptables-restore segfaulting I believe. can you reload the rules manually by typing /sbin/iptables-restore <your iprules file> to load multiple rule files use the --noflush option for optables-restore. and check what's happening. Since I have no idea what the RH init script is doing behind the screens, I see all strange grepping stuff happening. Greetz Kobe ----- Original Message ----- From: "Santiago J. Ruano Rincón" <san...@av...> To: <ko...@mo...> Cc: <bwm...@li...> Sent: Friday, March 19, 2004 10:07 PM Subject: [bwm-tools-tech] firewall rules problems > Hi > > after compiling bwm_tools in a redhat 9.0 box, we have tried to follow the > http://www.murder4al.be/ guide, but we've hade problems with the iptables rules. > > this is the config file we are using: > > <firewall> > # Configuracion global y clases de acceso > <global> > <class name="otro_salida"> > <address name="otro_tcp_salida" src-iface="eth1" proto="tcp"/> > <address name="otro_udp_salida" src-iface="eth1" proto="udp"/> > </class> > <class name="otro_salida_nat"> > <address name="otro_tcp_salida" src-iface="eth1" dst="! > 172.16.0.0/16"/> > </class> > <class name="macondo_salida"> > <address name="macondo_tcp_salida" src-iface="eth1" > proto="tcp" src="172.16.130.133" dst="! 172.16.0.0/16"/> > <address name="macondo_udp_salida" src-iface="eth1" > proto="udp" src="172.16.130.133" dst="! 172.16.0.0/16"/> > </class> > </global> > > > #Flujos de Trafico > <traffic> > <flow name="salida_total_ip_real" stats-len="5" queue-size="262144" > queue-len="400" max-rate="16288" burst-rate="1024" report-timeout="60"> > <flow name="macondo_salida" max-rate="10240" queue-size="16384" stats-len="5" > report-timeout="60"> > <queue prio="40" nfmark="1001"> > macondo_salida; > </queue> > </flow> > <flow name="otro_salida" max-rate="2048" burst-rate="6144" queue-size="32768" > stats-len="5" report-timeout="60"> > <queue prio="90" nfmark="1008"> > otro_salida; > </queue> > </flow> > </flow> > </traffic> > </firewall> > > after bwm_firewall: > > # Generated using BWM Firewall v0.1.8: DATE > *mangle > :OUTPUT ACCEPT > :INPUT ACCEPT > :FORWARD ACCEPT > -A FORWARD --destination ! 172.16.0.0/16 --source 172.16.130.133 --protocol tcp > --in-interface eth1 -j MARK --set-mark 1001 > -A FORWARD --destination ! 172.16.0.0/16 --source 172.16.130.133 --protocol udp > --in-interface eth1 -j MARK --set-mark 1001 > -A FORWARD --protocol tcp --in-interface eth1 -j MARK --set-mark 1008 > -A FORWARD --protocol udp --in-interface eth1 -j MARK --set-mark 1008 > COMMIT > *filter > :OUTPUT ACCEPT > :bwmd - > :INPUT ACCEPT > :FORWARD ACCEPT > -A bwmd -m mark ! --mark 0 -j QUEUE > COMMIT > > and trying to restart iptables. > > Flushing all current rules and user defined chains: [ OK ] > Clearing all current rules and user defined chains: [ OK ] > Applying iptables firewall rules: /etc/init.d/iptables: line 205: 4496 Done > grep -v "^[[:space:]]*#" $IPTABLES_CONFIG > 4497 | grep -v '^[[:space:]]*$' > 4498 Segmentation fault | /sbin/iptables-restore -c > [FAILED] > > what's wrong? > > any help would be appreciated. > > Santiago J. Ruano Rincón > > Avatar Ltda. > ParqueSoft Popayán > +57-2 8221214 > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > bwm-tools-tech mailing list > bwm...@li... > https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech > |
