OpenEMM Technical Support Forum

The purpose of these forums is to get and give free technical support for OpenEMM. Spammers and their posts will be removed without prior warning.
https://forum.openemm.org/

iptables setup on CentOS 5

https://forum.openemm.org/viewtopic.php?t=1057

Page 1 of 1

iptables setup on CentOS 5

Posted: Sun Mar 01, 2009 3:01 pm
by shl0m0
I want to run OpenEMM as follows:
- using the internal MTA
- with port 80 redirecting to 8080

Following the instructions in the installation guide, I set up my iptables. The /etc/sysconfig/iptables file was empty before I installed OpenEMM. Now my /etc/sysconfig/iptables file looks like this:

Code: Select all

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth+ -p tcp --dport 80 -j REDIRECT --to-port 8080
COMMIT 
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8025 -j ACCEPT 
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT 
-A PREROUTING -i eth+ -p tcp --dport 25 -j REDIRECT --to-port 8025
COMMIT
But I get the following error message when I do /etc/init.d/iptables restart:

Code: Select all

Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter nat                [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: Bad argument `COMMIT'
Error occurred at line: 6
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                           [FAILED]
I am not familiar with iptables at all. Can someone please help me figure this out?

Posted: Mon Mar 02, 2009 4:57 pm
by maschoff
You should put the second last line (-a prerouting ...) before the first COMMIT because it belongs into this section.

helps, but still not there yet

Posted: Mon Mar 02, 2009 6:04 pm
by shl0m0
Thanks for the tip. It helps, but only a little.

Now my iptables looks like this:

Code: Select all

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth+ -p tcp --dport 80 -j REDIRECT --to-port 8080
-A PREROUTING -i eth+ -p tcp --dport 25 -j REDIRECT --to-port 8025
COMMIT 
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8025 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT
COMMIT
and /etc/init.d/iptables restart complains of this:

Code: Select all

Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter nat                [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: Bad argument `COMMIT'
Error occurred at line: 7
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                           [FAILED]
I'd appreciate further help.

Posted: Mon Mar 02, 2009 9:41 pm
by maschoff
After the first COMMIT insert a new line

*filter

If this does not help you should consult your admin. Your iptables looks very different from any iptables we have seen so far.

Posted: Tue Mar 03, 2009 10:15 am
by shl0m0
Thanks. That didn't change anything, I still get the same error message.

My iptables started out empty.

Could you please post an example iptables from a working RedHat or CentOS OpenEMM installation, and I can work from there?

Thanks.

Posted: Tue Mar 03, 2009 10:30 am
by maschoff

Code: Select all

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8044 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
This is an excerpt from our iptables.

Posted: Tue Mar 03, 2009 10:39 am
by shl0m0
Excellent! I used most of that *filter section in my iptables, and it parses just fine upon restart.

Thanks for the help!

Re: iptables setup on CentOS 5

Posted: Mon Feb 15, 2016 7:18 am
by waleeed
Following the instructions in the installation guide, I set up my iptables. The /etc/sysconfig/iptables file was empty before I installed OpenEMM. Now my /etc/sysconfig/iptables file looks like this:
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited