adamolb
(usa Fedora)
Enviado em 04/03/2009 - 10:28h
Tenho atualmente um Servidor Firewall Linux Red Hat 7.2, estou com um novo Servidor para substituir este que já esta bem ultrapassado, porem quando copio o script de firewall iptables e tento startar no novo Servidor (Fedora Core 8) apresenta erros, já no Red Hat 7.2 executa normalmente.
Segue script iptables:
# Generated by iptables-save v1.2.3 on Sun May 25 21:28:47 2003
*mangle
:PREROUTING ACCEPT [272:15737]
:OUTPUT ACCEPT [151:11002]
COMMIT
# Completed on Sun May 25 21:28:47 2003
# Generated by iptables-save v1.2.3 on Sun May 25 21:28:47 2003
*nat
:PREROUTING ACCEPT [90:5520]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.254.0/255.255.255.0 -d 10.3.0.0/255.255.0.0 -j MASQUERADE
COMMIT
# Completed on Sun May 25 21:28:47 2003
# Generated by iptables-save v1.2.3 on Sun May 25 21:28:47 2003
*filter
:INPUT DROP [85:5100]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:VPN - [0:0]
-A INPUT -d 200.232.9.5 -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -d 200.232.9.5 -p 47 -j ACCEPT
-A INPUT -s 192.168.254.0/255.255.255.0 -p icmp -j ACCEPT
-A INPUT -s 200.206.232.200 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 200.168.57.189 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 200.161.31.32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -d 200.232.9.30 -p udp -m udp --dport 1645 -j ACCEPT
-A INPUT -d 200.232.9.30 -p udp -m udp --dport 1646 -j ACCEPT
-A FORWARD -s 192.168.254.0/255.255.255.0 -d 10.3.0.0/255.255.0.0 -j VPN
-A FORWARD -s 10.3.0.0/255.255.0.0 -d 192.168.254.0/255.255.255.0 -j VPN
-A OUTPUT -s 200.232.9.5 -p tcp -m tcp --sport 1723 -j ACCEPT
-A OUTPUT -s 200.232.9.5 -p 47 -j ACCEPT
-A OUTPUT -d 192.168.254.0/255.255.255.0 -p icmp -j ACCEPT
-A OUTPUT -d 200.206.232.200 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -d 200.168.57.189 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -d 200.161.31.32 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -s 200.232.9.30 -p udp -m udp --sport 1645 -j ACCEPT
-A OUTPUT -s 200.232.9.30 -p udp -m udp --sport 1646 -j ACCEPT
-A VPN -j DROP
COMMIT
# Completed on Sun May 25 21:28:47 2003
Segue mensagens de erro ao tentar startar iptables:
[root@localhost sysconfig]# service iptables restart
/etc/sysconfig/iptables-config: line 2: *mangle: command not found
/etc/sysconfig/iptables-config: line 3: :PREROUTING: command not found
/etc/sysconfig/iptables-config: line 4: :OUTPUT: command not found
/etc/sysconfig/iptables-config: line 5: COMMIT: command not found
/etc/sysconfig/iptables-config: line 8: *nat: command not found
/etc/sysconfig/iptables-config: line 9: :PREROUTING: command not found
/etc/sysconfig/iptables-config: line 10: :POSTROUTING: command not found
/etc/sysconfig/iptables-config: line 11: :OUTPUT: command not found
/etc/sysconfig/iptables-config: line 12: -A: command not found
/etc/sysconfig/iptables-config: line 13: COMMIT: command not found
/etc/sysconfig/iptables-config: line 16: *filter: command not found
/etc/sysconfig/iptables-config: line 17: :INPUT: command not found
/etc/sysconfig/iptables-config: line 18: :FORWARD: command not found
/etc/sysconfig/iptables-config: line 19: :OUTPUT: command not found
/etc/sysconfig/iptables-config: line 20: :VPN: command not found
/etc/sysconfig/iptables-config: line 21: -A: command not found
/etc/sysconfig/iptables-config: line 22: -A: command not found
/etc/sysconfig/iptables-config: line 23: -A: command not found
/etc/sysconfig/iptables-config: line 24: -A: command not found
/etc/sysconfig/iptables-config: line 25: -A: command not found
/etc/sysconfig/iptables-config: line 26: -A: command not found
/etc/sysconfig/iptables-config: line 27: -A: command not found
/etc/sysconfig/iptables-config: line 28: -A: command not found
/etc/sysconfig/iptables-config: line 29: -A: command not found
/etc/sysconfig/iptables-config: line 30: -A: command not found
/etc/sysconfig/iptables-config: line 31: -A: command not found
/etc/sysconfig/iptables-config: line 32: -A: command not found
/etc/sysconfig/iptables-config: line 33: -A: command not found
/etc/sysconfig/iptables-config: line 34: -A: command not found
/etc/sysconfig/iptables-config: line 35: -A: command not found
/etc/sysconfig/iptables-config: line 36: -A: command not found
/etc/sysconfig/iptables-config: line 37: -A: command not found
/etc/sysconfig/iptables-config: line 38: -A: command not found
/etc/sysconfig/iptables-config: line 39: -A: command not found
/etc/sysconfig/iptables-config: line 40: COMMIT: command not found
Se puder ajudar agradeço,