Networking :: rc.firewall problem



Hi!  I'm new to the forums but have been using DSL for a couple months... works great!

I had to reinstall all the software on a dual boot box I have, DSL and Win98SE... so I have a fresh installation of both.

But when I put the rcfirewall.dsl file in, and edited /etc/init.d/rc.firewall 's option for PERMIT="" to PERMIT="192.168.1.4" (as I have done before with no problems) it gives me several errors when initializing:

--------------------------------------------------------------------
-> Projectfiles.com Linux Firewall version 2.0rc9 running.
-> Performing sanity checks.cut: unrecognized option `--output-delimiter= '
BusyBox v1.00 (2006.01.04-23:00+0000) multi-call binary

Usage: cut [OPTION]... [FILE]...

Prints selected fields from each input FILE to standard output.

Options:
       -b LIST         Output only bytes from LIST
       -c LIST         Output only characters from LIST
       -d CHAR         Use CHAR instead of tab as the field delimiter
       -s              Output only the lines containing delimiter
       -f N            Print only these fields
       -n              Ignored

------------------------------------------------------------------------
And it repeats that a few times,  then near the end it gives me this:

------------------------------------------------------------------------

iptables v1.2.6a: invalid TCP port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.
cut: unrecognized option `--output-delimiter=:'
BusyBox v1.00 (2006.01.04-23:00+0000) multi-call binary

Usage: cut [OPTION]... [FILE]...

Prints selected fields from each input FILE to standard output.

Options:
       -b LIST         Output only bytes from LIST
       -c LIST         Output only characters from LIST
       -d CHAR         Use CHAR instead of tab as the field delimiter
       -s              Output only the lines containing delimiter
       -f N            Print only these fields
       -n              Ignored

iptables v1.2.6a: invalid UDP port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.
.. [ DONE ]
-> Successfully secured the following addresses: 192.168.1.3.

-----------------------------------------------------------------------

Sorry, I know that's alot to paste to the forum but I think you might have wanted to see it for yourself.

I get NO errors when I leave PERMIT=""
I get the above when I put PERMIT="192.1681.4"
I can't think of anything that has changed since the last installation, maybe ya'll can point me in the right direction?  I tried to read over the entire rc.firewall script but alot of it I have no idea of what it does/is.

Thanks in advance!

Superstraw
Do you have the IPTABLES.dsl, without it, rc.firewall cant build the iptables

if you do have iptables.dsl, are you trying to set it up as a firewall/router

If so you need to change the subnets from your "red" nic and "green" nic

I have done alot of firewall stuff at SmoothWall Express and done up some network graphs that might help

http://awphuch2000.dyndns.org/smoothw....iagrams
look at red green

Now if you are just protecting that one machine..believe it or not..an unmodified rc.firewall is the way to go..it AUTOMATICALLY builds a stateful firewall on that box..think of it as like zonealarm, or any standard Windows  firewall the only thing to remember that it allows EVERYTHING out, and blocks EVERYTHING not initiated from internal requests, in which it builds and "ESTABLISHED/RELATED" type communication, which means it only accepts back traffic from where it originally talked to

Brian
AwPhuch
I didn't specifically download iptables.dsl but I checked the version of iptables installed already and its the same as the .dsl file.

I'm just trying to add a little more protection to it than my netgear router already has.  I'm not to thrilled about the router because it doesn't log traffic like I want it to, it only logs websites, nothing else. (but hey it was free) although it does block everything from what portscans are telling me.

Am I being too paranoid?  Should I even be running a firewall on this box if it's behind a router already?

I will check up on smoothwall as you suggested, maybe I can find something there that would be educational for me, I love learning about all this stuff :)

Superstraw
From your pasted results, it would appear that you also need to install gnu-utils.dsl. The script you are running might be using an option that busybox cut applet does not understand.
Ah that did it.  No errors now.  I must have installed the gnu-utils last time and forgot about it.

Thanks again!  Now I can go back to being my paranoid self heheheh.

Superstraw
Next Page...
original here.