# iptables help [solved]

## vaguy02

Guys,

I used to use Gentoo a while ago, but haven't used it recently. Trying to get back into it. I've written iptables scripts before and made everything work. Never really had an issue. Until now. 

I have the iptables options built into the kernel, i've emerge'd iptables, I've written the firewall script. But whenever I try to run the script it comes back with weird error messages. About how it can't find nat try insmod and also the -j ACCEPT is not valid, things of that nature. Has anyone heard of this? I will post the exact messages later this evening, but any initial thoughts?

RobertLast edited by vaguy02 on Fri Feb 02, 2007 10:08 pm; edited 1 time in total

----------

## wah

I had an interesting error message the last time I used IPTABLES - every time I tried to do a stateful command, it would fail ("invalid table" or something like that).  I thought I had put everything in the kernel, but I had left a few things out, including the state tracking feature.  When you post your error messages, can you also post relevant IPTABLES kernel configuration items?

Cheers,

W.

----------

## vaguy02

No problem, I can do a screen shot of the kernel build when I get home later. But I agree with you, my problems sounds somewhat similar to your problem about invalid tables.

----------

## .:chrome:.

run your script by hand.

one rune per time, and report here the rule that generates the error and the errorr message.

TIP: don't use scripts. use rules file /var/lib/iptables/rules-save and configure /etc/conf.d/iptables

----------

## vaguy02

Okay, I'm back now. Here is the code I'm trying to execute, simple, just found it on a page somewhere, I wanted to start back simple since it's been a while. and the error message that follows.

```

echo "Starting Firewall Script"

/sbin/iptables -F

/sbin/iptables -t nat -F

/sbin/iptables -P INPUT ACCEPT

/sbin/iptables -P OUTPUT ACCEPT

/sbin/iptables -P FORWARD DROP

export LAN=eth1

export WAN=eth0

/sbin/iptables -I INPUT l -i $(LAN) -j ACCEPT

/sbin/iptables -I INPUT l -i lo -j ACCEPT

/sbin/iptables -A INPUT -p UDP --dport bootps -i ! $(LAN) -j REJECT

/sbin/iptables -A INPUT -p UDP --dport domain -i ! $(LAN) -j REJECT

/sbin/iptables -A INPUT -p TCP -i ! $(LAN) -d 0/0 --dport 0:1023 -j DROP

/sbin/iptables -A INPUT -p UDP -i ! $(LAN) -d 0/0 --dport 0:1023 -j DROP

/sbin/iptables -I FORWARD -i $(LAN) -d 192.168.1.0/255.255.0.0 -j DROP

/sbin/iptables -A FORWARD -i $(LAN) -s 192.168.1.0/255.255.0.0 -j ACCEPT

/sbin/iptables -A FORWARD -i $(WAN) -d 192.168.1.0/255.255.0.0 -j ACCEPT

/sbin/iptables -t nat -A POSTROUTING -o $(WAN) -j MASQUERADE

echo "Finishing Firewall Script"

```

Error Message

```
tux init.d # ./firewall.sh

Starting Firewall Script

./firewall.sh: line 13: LAN: command not found

iptables v1.3.5: Invalid rule number `l'

Try `iptables -h' or 'iptables --help' for more information.

iptables v1.3.5: Invalid rule number `l'

Try `iptables -h' or 'iptables --help' for more information.

./firewall.sh: line 15: LAN: command not found

Warning: wierd character in interface `-j' (No aliases, :, ! or *).

Bad argument `REJECT'

Try `iptables -h' or 'iptables --help' for more information.

./firewall.sh: line 16: LAN: command not found

Warning: wierd character in interface `-j' (No aliases, :, ! or *).

Bad argument `REJECT'

Try `iptables -h' or 'iptables --help' for more information.

./firewall.sh: line 18: LAN: command not found

Warning: wierd character in interface `-d' (No aliases, :, ! or *).

Bad argument `0/0'

Try `iptables -h' or 'iptables --help' for more information.

./firewall.sh: line 19: LAN: command not found

Warning: wierd character in interface `-d' (No aliases, :, ! or *).

Bad argument `0/0'

Try `iptables -h' or 'iptables --help' for more information.

[/quote]Finishing Firewall Script

```

I forgot how to post images or if you can else I would post the kernel build info.

Thanks

Robert

----------

## wah

Ok, those are context errors.

For the first (LAN error) - use brackets instead of parenth.  

The second (0/0 error)- I'm not familiar with the -d 0/0 context, so I'm not sure if that's correct or not.

However, try replacing the parenths with brackets and run the script again.  Post any new errors that you may get.

Cheers,

W.

----------

## vaguy02

Nice work. Now I'm down to the 'l', apparently it doesn't like it. Any suggestions?

 *Quote:*   

> 
> 
> tux init.d # ./firewall.sh
> 
> Starting Firewall Script
> ...

 

----------

## vaguy02

Nevermind, I just deleted the l's and it worked just fine I think. Sorry to bother everyone. Just trying to get a firewall/router with gentoo up and running again after a long time.

----------

## wah

 *vaguy02 wrote:*   

> Nevermind, I just deleted the l's and it worked just fine I think. Sorry to bother everyone. Just trying to get a firewall/router with gentoo up and running again after a long time.

 

Nice work - and no bother...it's all part of a learning process!

Enjoy your firewall!

Cheers,

W.

----------

