Yes to all! iptables -L returns empty fields ls -lt on /etc/rc.d returns rwx on rc.firewall-2.4 which sh returns /bin/sh and finally while in /etc/rc.d: ./rc.firewall-2.4 returns : bad interpreter: No such file or directory Wierd. I had 7.3 installed at one point a while back and all was good, well almost but that's another story! :) pete Craig White wrote: > > As root - bad interpreter? > > chmod 700 rc.firewall-2.4 (to make sure of privileges) > > does 'which sh' return /bin/sh ? > > and just for fun... > > iptables -L (see if the rules aren't in place already) > > Craig > > On Wed, 2002-12-11 at 00:00, mazdaracer wrote: > > On executing /etc/rc.d/rc.firewall-2.4 I get a bad interpreter message. > > > > I can execute the tripwire install ok, but not this one. > > > > script attached. > > > > pete > > ---- > > > > > #!/bin/sh > > # > > # rc.firewall-2.4 > > FWVER=0.70 > > # > > # Initial SIMPLE IP Masquerade test for 2.4.x kernels > > # using IPTABLES. > > # > > # Once IP Masquerading has been tested, with this simple > > # ruleset, it is highly recommended to use a stronger > > # IPTABLES ruleset either given later in this HOWTO or > > # from another reputable resource. > > # > > # > > # > > # Log: > > # 0.70 - Added commented option for IRC nat module > > # - Added additional use of environment variables > > # - Added additional formatting > > # 0.63 - Added support for the IRC IPTABLES module > > # 0.62 - Fixed a typo on the MASQ enable line that used eth0 > > # instead of $EXTIF > > # 0.61 - Changed the firewall to use variables for the internal > > # and external interfaces. > > # 0.60 - 0.50 had a mistake where the ruleset had a rule to DROP > > # all forwarded packets but it didn't have a rule to ACCEPT > > # any packets to be forwarded either > > # - Load the ip_nat_ftp and ip_conntrack_ftp modules by default > > # 0.50 - Initial draft > > # > > > > echo -e "\n\nLoading simple rc.firewall version $FWVER..\n" > > > > > > # The location of the iptables and kernel module programs > > # > > # If your Linux distribution came with a copy of iptables, > > # most likely all the programs will be located in /sbin. If > > # you manually compiled iptables, the default location will > > # be in /usr/local/sbin > > # > > # ** Please use the "whereis iptables" command to figure out > > # ** where your copy is and change the path below to reflect > > # ** your setup > > # > > IPTABLES=/sbin/iptables > > #IPTABLES=/usr/local/sbin/iptables > > DEPMOD=/sbin/depmod > > INSMOD=/sbin/insmod > > > > > > #Setting the EXTERNAL and INTERNAL interfaces for the network > > # > > # Each IP Masquerade network needs to have at least one > > # external and one internal network. The external network > > # is where the natting will occur and the internal network > > # should preferably be addressed with a RFC1918 private address > > # scheme. > > # > > # For this example, "eth0" is external and "eth1" is internal" > > # > > # NOTE: If this doesnt EXACTLY fit your configuration, you must > > # change the EXTIF or INTIF variables above. For example: > > # > > # EXTIF="ppp0" > > # > > # if you are a modem user. > > # > > EXTIF="eth0" > > INTIF="eth1" > > echo " External Interface: $EXTIF" > > echo " Internal Interface: $INTIF" > > > > > > #====================================================================== > > #== No editing beyond this line is required for initial MASQ testing == > > > > > > echo -en " loading modules: " > > > > # Need to verify that all modules have all required dependencies > > # > > echo " - Verifying that all kernel modules are ok" > > $DEPMOD -a > > > > # With the new IPTABLES code, the core MASQ functionality is now either > > # modular or compiled into the kernel. This HOWTO shows ALL IPTABLES > > # options as MODULES. If your kernel is compiled correctly, there is > > # NO need to load the kernel modules manually. > > # > > # NOTE: The following items are listed ONLY for informational reasons. > > # There is no reason to manual load these modules unless your > > # kernel is either mis-configured or you intentionally disabled > > # the kernel module autoloader. > > # > > > > # Upon the commands of starting up IP Masq on the server, the > > # following kernel modules will be automatically loaded: > > # > > # NOTE: Only load the IP MASQ modules you need. All current IP MASQ > > # modules are shown below but are commented out from loading. > > # =============================================================== > > > > echo "----------------------------------------------------------------------" > > > > #Load the main body of the IPTABLES module - "iptable" > > # - Loaded automatically when the "iptables" command is invoked > > # > > # - Loaded manually to clean up kernel auto-loading timing issues > > # > > echo -en "ip_tables, " > > $INSMOD ip_tables > > > > > > #Load the IPTABLES filtering module - "iptable_filter" > > # - Loaded automatically when filter policies are activated > > > > > > #Load the stateful connection tracking framework - "ip_conntrack" > > # > > # The conntrack module in itself does nothing without other specific > > # conntrack modules being loaded afterwards such as the "ip_conntrack_ftp" > > # module > > # > > # - This module is loaded automatically when MASQ functionality is > > # enabled > > # > > # - Loaded manually to clean up kernel auto-loading timing issues > > # > > echo -en "ip_conntrack, " > > $INSMOD ip_conntrack > > > > > > #Load the FTP tracking mechanism for full FTP tracking > > # > > # Enabled by default -- insert a "#" on the next line to deactivate > > # > > echo -en "ip_conntrack_ftp, " > > $INSMOD ip_conntrack_ftp > > > > > > #Load the IRC tracking mechanism for full IRC tracking > > # > > # Enabled by default -- insert a "#" on the next line to deactivate > > # > > echo -en "ip_conntrack_irc, " > > $INSMOD ip_conntrack_irc > > > > > > #Load the general IPTABLES NAT code - "iptable_nat" > > # - Loaded automatically when MASQ functionality is turned on > > # > > # - Loaded manually to clean up kernel auto-loading timing issues > > # > > echo -en "iptable_nat, " > > $INSMOD iptable_nat > > > > > > #Loads the FTP NAT functionality into the core IPTABLES code > > # Required to support non-PASV FTP. > > # > > # Enabled by default -- insert a "#" on the next line to deactivate > > # > > echo -en "ip_nat_ftp, " > > $INSMOD ip_nat_ftp > > > > > > #Loads the IRC NAT functionality into the core IPTABLES code > > # Require to support NAT of IRC DCC requests > > # > > # Disabled by default -- remove the "#" on the next line to activate > > # > > #echo -e "ip_nat_irc" > > #$INSMOD ip_nat_irc > > > > echo "----------------------------------------------------------------------" > > > > # Just to be complete, here is a list of the remaining kernel modules > > # and their function. Please note that several modules should be only > > # loaded by the correct master kernel module for proper operation. > > # -------------------------------------------------------------------- > > # > > # ipt_mark - this target marks a given packet for future action. > > # This automatically loads the ipt_MARK module > > # > > # ipt_tcpmss - this target allows to manipulate the TCP MSS > > # option for braindead remote firewalls. > > # This automatically loads the ipt_TCPMSS module > > # > > # ipt_limit - this target allows for packets to be limited to > > # to many hits per sec/min/hr > > # > > # ipt_multiport - this match allows for targets within a range > > # of port numbers vs. listing each port individually > > # > > # ipt_state - this match allows to catch packets with various > > # IP and TCP flags set/unset > > # > > # ipt_unclean - this match allows to catch packets that have invalid > > # IP/TCP flags set > > # > > # iptable_filter - this module allows for packets to be DROPped, > > # REJECTed, or LOGged. This module automatically > > # loads the following modules: > > # > > # ipt_LOG - this target allows for packets to be > > # logged > > # > > # ipt_REJECT - this target DROPs the packet and returns > > # a configurable ICMP packet back to the > > # sender. > > # > > # iptable_mangle - this target allows for packets to be manipulated > > # for things like the TCPMSS option, etc. > > > > echo ". Done loading modules." > > > > > > > > #CRITICAL: Enable IP forwarding since it is disabled by default since > > # > > # Redhat Users: you may try changing the options in > > # /etc/sysconfig/network from: > > # > > # FORWARD_IPV4=false > > # to > > # FORWARD_IPV4=true > > # > > echo " enabling forwarding.." > > echo "1" > /proc/sys/net/ipv4/ip_forward > > > > > > # Dynamic IP users: > > # > > # If you get your IP address dynamically from SLIP, PPP, or DHCP, > > # enable this following option. This enables dynamic-address hacking > > # which makes the life with Diald and similar programs much easier. > > # > > #echo " enabling DynamicAddr.." > > #echo "1" > /proc/sys/net/ipv4/ip_dynaddr > > > > > > # Enable simple IP forwarding and Masquerading > > # > > # NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT. > > # > > # NOTE #2: The following is an example for an internal LAN address in the > > # 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask > > # connecting to the Internet on external interface "eth0". This > > # example will MASQ internal traffic out to the Internet but not > > # allow non-initiated traffic into your internal network. > > # > > # > > # ** Please change the above network numbers, subnet mask, and your > > # *** Internet connection interface name to match your setup > > # > > > > > > #Clearing any previous configuration > > # > > # Unless specified, the defaults for INPUT and OUTPUT is ACCEPT > > # The default for FORWARD is DROP > > # > > echo " clearing any existing rules and setting default policy.." > > $IPTABLES -P INPUT ACCEPT > > $IPTABLES -F INPUT > > $IPTABLES -P OUTPUT ACCEPT > > $IPTABLES -F OUTPUT > > $IPTABLES -P FORWARD DROP > > $IPTABLES -F FORWARD > > $IPTABLES -t nat -F > > > > echo " FWD: Allow all connections OUT and only existing and related ones IN" > > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT > > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT > > $IPTABLES -A FORWARD -j LOG > > > > echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF" > > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE > > > > > > > > echo -e "\nDone.\n" > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss