Getting bad interpreter error
mazdaracer
plug-discuss@lists.plug.phoenix.az.us
Wed, 11 Dec 2002 09:08:16 -0800
Yes to all!
iptables -L returns empty fields
ls -lt on /etc/rc.d returns rwx on rc.firewall-2.4
which sh returns /bin/sh
and finally while in /etc/rc.d:
./rc.firewall-2.4 returns
: bad interpreter: No such file or directory
Wierd. I had 7.3 installed at one point a while back and all was good,
well almost but that's another story! :)
pete
Craig White wrote:
>
> As root - bad interpreter?
>
> chmod 700 rc.firewall-2.4 (to make sure of privileges)
>
> does 'which sh' return /bin/sh ?
>
> and just for fun...
>
> iptables -L (see if the rules aren't in place already)
>
> Craig
>
> On Wed, 2002-12-11 at 00:00, mazdaracer wrote:
> > On executing /etc/rc.d/rc.firewall-2.4 I get a bad interpreter message.
> >
> > I can execute the tripwire install ok, but not this one.
> >
> > script attached.
> >
> > pete
> > ----
> >
>
> > #!/bin/sh
> > #
> > # rc.firewall-2.4
> > FWVER=0.70
> > #
> > # Initial SIMPLE IP Masquerade test for 2.4.x kernels
> > # using IPTABLES.
> > #
> > # Once IP Masquerading has been tested, with this simple
> > # ruleset, it is highly recommended to use a stronger
> > # IPTABLES ruleset either given later in this HOWTO or
> > # from another reputable resource.
> > #
> > #
> > #
> > # Log:
> > # 0.70 - Added commented option for IRC nat module
> > # - Added additional use of environment variables
> > # - Added additional formatting
> > # 0.63 - Added support for the IRC IPTABLES module
> > # 0.62 - Fixed a typo on the MASQ enable line that used eth0
> > # instead of $EXTIF
> > # 0.61 - Changed the firewall to use variables for the internal
> > # and external interfaces.
> > # 0.60 - 0.50 had a mistake where the ruleset had a rule to DROP
> > # all forwarded packets but it didn't have a rule to ACCEPT
> > # any packets to be forwarded either
> > # - Load the ip_nat_ftp and ip_conntrack_ftp modules by default
> > # 0.50 - Initial draft
> > #
> >
> > echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"
> >
> >
> > # The location of the iptables and kernel module programs
> > #
> > # If your Linux distribution came with a copy of iptables,
> > # most likely all the programs will be located in /sbin. If
> > # you manually compiled iptables, the default location will
> > # be in /usr/local/sbin
> > #
> > # ** Please use the "whereis iptables" command to figure out
> > # ** where your copy is and change the path below to reflect
> > # ** your setup
> > #
> > IPTABLES=/sbin/iptables
> > #IPTABLES=/usr/local/sbin/iptables
> > DEPMOD=/sbin/depmod
> > INSMOD=/sbin/insmod
> >
> >
> > #Setting the EXTERNAL and INTERNAL interfaces for the network
> > #
> > # Each IP Masquerade network needs to have at least one
> > # external and one internal network. The external network
> > # is where the natting will occur and the internal network
> > # should preferably be addressed with a RFC1918 private address
> > # scheme.
> > #
> > # For this example, "eth0" is external and "eth1" is internal"
> > #
> > # NOTE: If this doesnt EXACTLY fit your configuration, you must
> > # change the EXTIF or INTIF variables above. For example:
> > #
> > # EXTIF="ppp0"
> > #
> > # if you are a modem user.
> > #
> > EXTIF="eth0"
> > INTIF="eth1"
> > echo " External Interface: $EXTIF"
> > echo " Internal Interface: $INTIF"
> >
> >
> > #======================================================================
> > #== No editing beyond this line is required for initial MASQ testing ==
> >
> >
> > echo -en " loading modules: "
> >
> > # Need to verify that all modules have all required dependencies
> > #
> > echo " - Verifying that all kernel modules are ok"
> > $DEPMOD -a
> >
> > # With the new IPTABLES code, the core MASQ functionality is now either
> > # modular or compiled into the kernel. This HOWTO shows ALL IPTABLES
> > # options as MODULES. If your kernel is compiled correctly, there is
> > # NO need to load the kernel modules manually.
> > #
> > # NOTE: The following items are listed ONLY for informational reasons.
> > # There is no reason to manual load these modules unless your
> > # kernel is either mis-configured or you intentionally disabled
> > # the kernel module autoloader.
> > #
> >
> > # Upon the commands of starting up IP Masq on the server, the
> > # following kernel modules will be automatically loaded:
> > #
> > # NOTE: Only load the IP MASQ modules you need. All current IP MASQ
> > # modules are shown below but are commented out from loading.
> > # ===============================================================
> >
> > echo "----------------------------------------------------------------------"
> >
> > #Load the main body of the IPTABLES module - "iptable"
> > # - Loaded automatically when the "iptables" command is invoked
> > #
> > # - Loaded manually to clean up kernel auto-loading timing issues
> > #
> > echo -en "ip_tables, "
> > $INSMOD ip_tables
> >
> >
> > #Load the IPTABLES filtering module - "iptable_filter"
> > # - Loaded automatically when filter policies are activated
> >
> >
> > #Load the stateful connection tracking framework - "ip_conntrack"
> > #
> > # The conntrack module in itself does nothing without other specific
> > # conntrack modules being loaded afterwards such as the "ip_conntrack_ftp"
> > # module
> > #
> > # - This module is loaded automatically when MASQ functionality is
> > # enabled
> > #
> > # - Loaded manually to clean up kernel auto-loading timing issues
> > #
> > echo -en "ip_conntrack, "
> > $INSMOD ip_conntrack
> >
> >
> > #Load the FTP tracking mechanism for full FTP tracking
> > #
> > # Enabled by default -- insert a "#" on the next line to deactivate
> > #
> > echo -en "ip_conntrack_ftp, "
> > $INSMOD ip_conntrack_ftp
> >
> >
> > #Load the IRC tracking mechanism for full IRC tracking
> > #
> > # Enabled by default -- insert a "#" on the next line to deactivate
> > #
> > echo -en "ip_conntrack_irc, "
> > $INSMOD ip_conntrack_irc
> >
> >
> > #Load the general IPTABLES NAT code - "iptable_nat"
> > # - Loaded automatically when MASQ functionality is turned on
> > #
> > # - Loaded manually to clean up kernel auto-loading timing issues
> > #
> > echo -en "iptable_nat, "
> > $INSMOD iptable_nat
> >
> >
> > #Loads the FTP NAT functionality into the core IPTABLES code
> > # Required to support non-PASV FTP.
> > #
> > # Enabled by default -- insert a "#" on the next line to deactivate
> > #
> > echo -en "ip_nat_ftp, "
> > $INSMOD ip_nat_ftp
> >
> >
> > #Loads the IRC NAT functionality into the core IPTABLES code
> > # Require to support NAT of IRC DCC requests
> > #
> > # Disabled by default -- remove the "#" on the next line to activate
> > #
> > #echo -e "ip_nat_irc"
> > #$INSMOD ip_nat_irc
> >
> > echo "----------------------------------------------------------------------"
> >
> > # Just to be complete, here is a list of the remaining kernel modules
> > # and their function. Please note that several modules should be only
> > # loaded by the correct master kernel module for proper operation.
> > # --------------------------------------------------------------------
> > #
> > # ipt_mark - this target marks a given packet for future action.
> > # This automatically loads the ipt_MARK module
> > #
> > # ipt_tcpmss - this target allows to manipulate the TCP MSS
> > # option for braindead remote firewalls.
> > # This automatically loads the ipt_TCPMSS module
> > #
> > # ipt_limit - this target allows for packets to be limited to
> > # to many hits per sec/min/hr
> > #
> > # ipt_multiport - this match allows for targets within a range
> > # of port numbers vs. listing each port individually
> > #
> > # ipt_state - this match allows to catch packets with various
> > # IP and TCP flags set/unset
> > #
> > # ipt_unclean - this match allows to catch packets that have invalid
> > # IP/TCP flags set
> > #
> > # iptable_filter - this module allows for packets to be DROPped,
> > # REJECTed, or LOGged. This module automatically
> > # loads the following modules:
> > #
> > # ipt_LOG - this target allows for packets to be
> > # logged
> > #
> > # ipt_REJECT - this target DROPs the packet and returns
> > # a configurable ICMP packet back to the
> > # sender.
> > #
> > # iptable_mangle - this target allows for packets to be manipulated
> > # for things like the TCPMSS option, etc.
> >
> > echo ". Done loading modules."
> >
> >
> >
> > #CRITICAL: Enable IP forwarding since it is disabled by default since
> > #
> > # Redhat Users: you may try changing the options in
> > # /etc/sysconfig/network from:
> > #
> > # FORWARD_IPV4=false
> > # to
> > # FORWARD_IPV4=true
> > #
> > echo " enabling forwarding.."
> > echo "1" > /proc/sys/net/ipv4/ip_forward
> >
> >
> > # Dynamic IP users:
> > #
> > # If you get your IP address dynamically from SLIP, PPP, or DHCP,
> > # enable this following option. This enables dynamic-address hacking
> > # which makes the life with Diald and similar programs much easier.
> > #
> > #echo " enabling DynamicAddr.."
> > #echo "1" > /proc/sys/net/ipv4/ip_dynaddr
> >
> >
> > # Enable simple IP forwarding and Masquerading
> > #
> > # NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
> > #
> > # NOTE #2: The following is an example for an internal LAN address in the
> > # 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
> > # connecting to the Internet on external interface "eth0". This
> > # example will MASQ internal traffic out to the Internet but not
> > # allow non-initiated traffic into your internal network.
> > #
> > #
> > # ** Please change the above network numbers, subnet mask, and your
> > # *** Internet connection interface name to match your setup
> > #
> >
> >
> > #Clearing any previous configuration
> > #
> > # Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
> > # The default for FORWARD is DROP
> > #
> > echo " clearing any existing rules and setting default policy.."
> > $IPTABLES -P INPUT ACCEPT
> > $IPTABLES -F INPUT
> > $IPTABLES -P OUTPUT ACCEPT
> > $IPTABLES -F OUTPUT
> > $IPTABLES -P FORWARD DROP
> > $IPTABLES -F FORWARD
> > $IPTABLES -t nat -F
> >
> > echo " FWD: Allow all connections OUT and only existing and related ones IN"
> > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
> > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
> > $IPTABLES -A FORWARD -j LOG
> >
> > echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
> > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
> >
> >
> >
> > echo -e "\nDone.\n"
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss