[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipchains-list
Subject:    Re: Ipchains rules not working?
From:       raf <raf () raf ! org>
Date:       2001-10-11 21:44:59
[Download RAW message or body]

Arthur DiSegna wrote:

> I am trying to create a router to divide 2 subnets. I have edited the
> /etc/sysconfig/ipchains file to include variable and rules but the error out
> when I run ./ipchains start from /etc/rc.d/init.d/
> 
> In the first few lines I include my variables like:
> 
> subnet_1="eth1"
> subnet_2="eth2"
> loopback_int="lo"
> loopback="127.0.0.1"
> class_a="10.0.0.0/8"
> 
> And so on....
> 
> Then my first fule is:
> 
> ipchains input -j DENY
> ipchains output -j DENY
> ipchains forward -j REJECT
> 
> And so on....
> 
> The problem is when I run ./ipchains start I get errors when it hits the
> first variable subnet_1="eth1". If I try and # the first 3 lines out I get
> errors on ipchains input -j DENY or ipchains -A input -j DENY. If I try
> running ipchains input -j DENY right from the command line it goes through.
> Also when I type in the variable subnet_1="eth1" from the command line it
> seems to work also. But when I type a line like ipchains -A input -i
> $subnet_1 -s 0/0 -d 0/0 -j ACCEPT -l I get an error because it doesn't
> recognize the $subnet_1 variable. I hope I am being clear enough and
> explaining it properly...
> 
> Thanks in advance..
> SISCO (Security Identification Systems Corporation) develops and installs
> software and hardware access control solutions for commercial and government
> facilities.  Our high-speed photo identification and tracking systems
> address security concerns and help reduce liability for corporations
> worldwide.

i think i was wrong about editing this file with an editor.
i had a look at an rh7.x system at work yesterday and it seems
that the the /etc/sysconfig/ipchains file is supposed to be
created by typing in all of your ipchains commands and then
doing /etc/rc.d/init.d/ipchains save. i don't know what format
the file wqould then contain. it's probably text because
/etc/rc.d/init.d/ipchains does run sed over it. but start by
doing the "ipchains save" to get a better idea of what is expected.
it's using the ipchains-save and ipchains-restore utilities.

raf

[prev in list] [next in list] [prev in thread] [next in thread]