Getting bad interpreter error

mazdaracer plug-discuss@lists.plug.phoenix.az.us
Wed, 11 Dec 2002 09:08:16 -0800


Yes to all!

iptables -L returns empty fields

ls -lt on /etc/rc.d returns rwx on rc.firewall-2.4

which sh returns /bin/sh

and finally while in /etc/rc.d:
./rc.firewall-2.4 returns
: bad interpreter: No such file or directory

Wierd. I had 7.3 installed at one point a while back and all was good,
well almost but that's another story! :)

pete




Craig White wrote:
> 
> As root - bad interpreter?
> 
> chmod 700 rc.firewall-2.4 (to make sure of privileges)
> 
> does 'which sh' return /bin/sh ?
> 
> and just for fun...
> 
> iptables -L (see if the rules aren't in place already)
> 
> Craig
> 
> On Wed, 2002-12-11 at 00:00, mazdaracer wrote:
> > On executing /etc/rc.d/rc.firewall-2.4 I get a bad interpreter message.
> >
> > I can execute the tripwire install ok, but not this one.
> >
> > script attached.
> >
> > pete
> > ----
> >
> 
> > #!/bin/sh
> > #
> > # rc.firewall-2.4
> > FWVER=0.70
> > #
> > #               Initial SIMPLE IP Masquerade test for 2.4.x kernels
> > #               using IPTABLES.
> > #
> > #               Once IP Masquerading has been tested, with this simple
> > #               ruleset, it is highly recommended to use a stronger
> > #               IPTABLES ruleset either given later in this HOWTO or
> > #               from another reputable resource.
> > #
> > #
> > #
> > # Log:
> > #       0.70 - Added commented option for IRC nat module
> > #            - Added additional use of environment variables
> > #            - Added additional formatting
> > #       0.63 - Added support for the IRC IPTABLES module
> > #       0.62 - Fixed a typo on the MASQ enable line that used eth0
> > #              instead of $EXTIF
> > #       0.61 - Changed the firewall to use variables for the internal
> > #              and external interfaces.
> > #       0.60 - 0.50 had a mistake where the ruleset had a rule to DROP
> > #              all forwarded packets but it didn't have a rule to ACCEPT
> > #              any packets to be forwarded either
> > #            - Load the ip_nat_ftp and ip_conntrack_ftp modules by default
> > #       0.50 - Initial draft
> > #
> >
> > echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"
> >
> >
> > # The location of the iptables and kernel module programs
> > #
> > #   If your Linux distribution came with a copy of iptables,
> > #   most likely all the programs will be located in /sbin.  If
> > #   you manually compiled iptables, the default location will
> > #   be in /usr/local/sbin
> > #
> > # ** Please use the "whereis iptables" command to figure out
> > # ** where your copy is and change the path below to reflect
> > # ** your setup
> > #
> > IPTABLES=/sbin/iptables
> > #IPTABLES=/usr/local/sbin/iptables
> > DEPMOD=/sbin/depmod
> > INSMOD=/sbin/insmod
> >
> >
> > #Setting the EXTERNAL and INTERNAL interfaces for the network
> > #
> > #  Each IP Masquerade network needs to have at least one
> > #  external and one internal network.  The external network
> > #  is where the natting will occur and the internal network
> > #  should preferably be addressed with a RFC1918 private address
> > #  scheme.
> > #
> > #  For this example, "eth0" is external and "eth1" is internal"
> > #
> > #  NOTE:  If this doesnt EXACTLY fit your configuration, you must
> > #         change the EXTIF or INTIF variables above. For example:
> > #
> > #               EXTIF="ppp0"
> > #
> > #            if you are a modem user.
> > #
> > EXTIF="eth0"
> > INTIF="eth1"
> > echo "   External Interface:  $EXTIF"
> > echo "   Internal Interface:  $INTIF"
> >
> >
> > #======================================================================
> > #== No editing beyond this line is required for initial MASQ testing ==
> >
> >
> > echo -en "   loading modules: "
> >
> > # Need to verify that all modules have all required dependencies
> > #
> > echo "  - Verifying that all kernel modules are ok"
> > $DEPMOD -a
> >
> > # With the new IPTABLES code, the core MASQ functionality is now either
> > # modular or compiled into the kernel.  This HOWTO shows ALL IPTABLES
> > # options as MODULES.  If your kernel is compiled correctly, there is
> > # NO need to load the kernel modules manually.
> > #
> > #  NOTE: The following items are listed ONLY for informational reasons.
> > #        There is no reason to manual load these modules unless your
> > #        kernel is either mis-configured or you intentionally disabled
> > #        the kernel module autoloader.
> > #
> >
> > # Upon the commands of starting up IP Masq on the server, the
> > # following kernel modules will be automatically loaded:
> > #
> > # NOTE:  Only load the IP MASQ modules you need.  All current IP MASQ
> > #        modules are shown below but are commented out from loading.
> > # ===============================================================
> >
> > echo "----------------------------------------------------------------------"
> >
> > #Load the main body of the IPTABLES module - "iptable"
> > #  - Loaded automatically when the "iptables" command is invoked
> > #
> > #  - Loaded manually to clean up kernel auto-loading timing issues
> > #
> > echo -en "ip_tables, "
> > $INSMOD ip_tables
> >
> >
> > #Load the IPTABLES filtering module - "iptable_filter"
> > #  - Loaded automatically when filter policies are activated
> >
> >
> > #Load the stateful connection tracking framework - "ip_conntrack"
> > #
> > # The conntrack  module in itself does nothing without other specific
> > # conntrack modules being loaded afterwards such as the "ip_conntrack_ftp"
> > # module
> > #
> > #  - This module is loaded automatically when MASQ functionality is
> > #    enabled
> > #
> > #  - Loaded manually to clean up kernel auto-loading timing issues
> > #
> > echo -en "ip_conntrack, "
> > $INSMOD ip_conntrack
> >
> >
> > #Load the FTP tracking mechanism for full FTP tracking
> > #
> > # Enabled by default -- insert a "#" on the next line to deactivate
> > #
> > echo -en "ip_conntrack_ftp, "
> > $INSMOD ip_conntrack_ftp
> >
> >
> > #Load the IRC tracking mechanism for full IRC tracking
> > #
> > # Enabled by default -- insert a "#" on the next line to deactivate
> > #
> > echo -en "ip_conntrack_irc, "
> > $INSMOD ip_conntrack_irc
> >
> >
> > #Load the general IPTABLES NAT code - "iptable_nat"
> > #  - Loaded automatically when MASQ functionality is turned on
> > #
> > #  - Loaded manually to clean up kernel auto-loading timing issues
> > #
> > echo -en "iptable_nat, "
> > $INSMOD iptable_nat
> >
> >
> > #Loads the FTP NAT functionality into the core IPTABLES code
> > # Required to support non-PASV FTP.
> > #
> > # Enabled by default -- insert a "#" on the next line to deactivate
> > #
> > echo -en "ip_nat_ftp, "
> > $INSMOD ip_nat_ftp
> >
> >
> > #Loads the IRC NAT functionality into the core IPTABLES code
> > # Require to support NAT of IRC DCC requests
> > #
> > # Disabled by default -- remove the "#" on the next line to activate
> > #
> > #echo -e "ip_nat_irc"
> > #$INSMOD ip_nat_irc
> >
> > echo "----------------------------------------------------------------------"
> >
> > # Just to be complete, here is a list of the remaining kernel modules
> > # and their function.  Please note that several modules should be only
> > # loaded by the correct master kernel module for proper operation.
> > # --------------------------------------------------------------------
> > #
> > #    ipt_mark       - this target marks a given packet for future action.
> > #                     This automatically loads the ipt_MARK module
> > #
> > #    ipt_tcpmss     - this target allows to manipulate the TCP MSS
> > #                     option for braindead remote firewalls.
> > #                     This automatically loads the ipt_TCPMSS module
> > #
> > #    ipt_limit      - this target allows for packets to be limited to
> > #                     to many hits per sec/min/hr
> > #
> > #    ipt_multiport  - this match allows for targets within a range
> > #                     of port numbers vs. listing each port individually
> > #
> > #    ipt_state      - this match allows to catch packets with various
> > #                     IP and TCP flags set/unset
> > #
> > #    ipt_unclean    - this match allows to catch packets that have invalid
> > #                     IP/TCP flags set
> > #
> > #    iptable_filter - this module allows for packets to be DROPped,
> > #                     REJECTed, or LOGged.  This module automatically
> > #                     loads the following modules:
> > #
> > #                     ipt_LOG - this target allows for packets to be
> > #                               logged
> > #
> > #                     ipt_REJECT - this target DROPs the packet and returns
> > #                                  a configurable ICMP packet back to the
> > #                                  sender.
> > #
> > #    iptable_mangle - this target allows for packets to be manipulated
> > #                     for things like the TCPMSS option, etc.
> >
> > echo ".  Done loading modules."
> >
> >
> >
> > #CRITICAL:  Enable IP forwarding since it is disabled by default since
> > #
> > #           Redhat Users:  you may try changing the options in
> > #                          /etc/sysconfig/network from:
> > #
> > #                       FORWARD_IPV4=false
> > #                             to
> > #                       FORWARD_IPV4=true
> > #
> > echo "   enabling forwarding.."
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> >
> >
> > # Dynamic IP users:
> > #
> > #   If you get your IP address dynamically from SLIP, PPP, or DHCP,
> > #   enable this following option.  This enables dynamic-address hacking
> > #   which makes the life with Diald and similar programs much easier.
> > #
> > #echo "   enabling DynamicAddr.."
> > #echo "1" > /proc/sys/net/ipv4/ip_dynaddr
> >
> >
> > # Enable simple IP forwarding and Masquerading
> > #
> > #  NOTE:  In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
> > #
> > #  NOTE #2:  The following is an example for an internal LAN address in the
> > #            192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
> > #            connecting to the Internet on external interface "eth0".  This
> > #            example will MASQ internal traffic out to the Internet but not
> > #            allow non-initiated traffic into your internal network.
> > #
> > #
> > #         ** Please change the above network numbers, subnet mask, and your
> > #         *** Internet connection interface name to match your setup
> > #
> >
> >
> > #Clearing any previous configuration
> > #
> > #  Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
> > #    The default for FORWARD is DROP
> > #
> > echo "   clearing any existing rules and setting default policy.."
> > $IPTABLES -P INPUT ACCEPT
> > $IPTABLES -F INPUT
> > $IPTABLES -P OUTPUT ACCEPT
> > $IPTABLES -F OUTPUT
> > $IPTABLES -P FORWARD DROP
> > $IPTABLES -F FORWARD
> > $IPTABLES -t nat -F
> >
> > echo "   FWD: Allow all connections OUT and only existing and related ones IN"
> > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
> > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
> > $IPTABLES -A FORWARD -j LOG
> >
> > echo "   Enabling SNAT (MASQUERADE) functionality on $EXTIF"
> > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
> >
> >
> >
> > echo -e "\nDone.\n"
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss