iptables setup on CentOS 5

Use this forum for questions regarding installation, upgrading and configuration of OpenEMM

Moderator: moderator

iptables setup on CentOS 5

Postby shl0m0 » Sun Mar 01, 2009 3:01 pm

I want to run OpenEMM as follows:
- using the internal MTA
- with port 80 redirecting to 8080

Following the instructions in the installation guide, I set up my iptables. The /etc/sysconfig/iptables file was empty before I installed OpenEMM. Now my /etc/sysconfig/iptables file looks like this:

Code: Select all
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth+ -p tcp --dport 80 -j REDIRECT --to-port 8080
COMMIT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8025 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT
-A PREROUTING -i eth+ -p tcp --dport 25 -j REDIRECT --to-port 8025
COMMIT


But I get the following error message when I do /etc/init.d/iptables restart:

Code: Select all
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter nat                [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: Bad argument `COMMIT'
Error occurred at line: 6
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                           [FAILED]


I am not familiar with iptables at all. Can someone please help me figure this out?
shl0m0
 
Posts: 4
Joined: Sun Mar 01, 2009 2:45 pm

Postby maschoff » Mon Mar 02, 2009 4:57 pm

You should put the second last line (-a prerouting ...) before the first COMMIT because it belongs into this section.
OpenEMM Maintainer
maschoff
Site Admin
 
Posts: 2131
Joined: Thu Aug 03, 2006 10:20 am
Location: Munich, Germany

helps, but still not there yet

Postby shl0m0 » Mon Mar 02, 2009 6:04 pm

Thanks for the tip. It helps, but only a little.

Now my iptables looks like this:
Code: Select all
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth+ -p tcp --dport 80 -j REDIRECT --to-port 8080
-A PREROUTING -i eth+ -p tcp --dport 25 -j REDIRECT --to-port 8025
COMMIT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8025 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT
COMMIT

and /etc/init.d/iptables restart complains of this:
Code: Select all
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter nat                [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: Bad argument `COMMIT'
Error occurred at line: 7
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                           [FAILED]


I'd appreciate further help.
shl0m0
 
Posts: 4
Joined: Sun Mar 01, 2009 2:45 pm

Postby maschoff » Mon Mar 02, 2009 9:41 pm

After the first COMMIT insert a new line

*filter

If this does not help you should consult your admin. Your iptables looks very different from any iptables we have seen so far.
OpenEMM Maintainer
maschoff
Site Admin
 
Posts: 2131
Joined: Thu Aug 03, 2006 10:20 am
Location: Munich, Germany

Postby shl0m0 » Tue Mar 03, 2009 10:15 am

Thanks. That didn't change anything, I still get the same error message.

My iptables started out empty.

Could you please post an example iptables from a working RedHat or CentOS OpenEMM installation, and I can work from there?

Thanks.
shl0m0
 
Posts: 4
Joined: Sun Mar 01, 2009 2:45 pm

Postby maschoff » Tue Mar 03, 2009 10:30 am

Code: Select all
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8044 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

This is an excerpt from our iptables.
OpenEMM Maintainer
maschoff
Site Admin
 
Posts: 2131
Joined: Thu Aug 03, 2006 10:20 am
Location: Munich, Germany

Postby shl0m0 » Tue Mar 03, 2009 10:39 am

Excellent! I used most of that *filter section in my iptables, and it parses just fine upon restart.

Thanks for the help!
shl0m0
 
Posts: 4
Joined: Sun Mar 01, 2009 2:45 pm

Re: iptables setup on CentOS 5

Postby waleeed » Mon Feb 15, 2016 7:18 am

Following the instructions in the installation guide, I set up my iptables. The /etc/sysconfig/iptables file was empty before I installed OpenEMM. Now my /etc/sysconfig/iptables file looks like this:
waleeed
 
Posts: 1
Joined: Mon Feb 15, 2016 7:16 am


Return to Installation & Upgrades

Who is online

Users browsing this forum: Google [Bot] and 3 guests