rc.firewall problem


Forum: Networking
Topic: rc.firewall problem
started by: superstraw
Posted by superstraw on July 27 2006,01:16
Hi!  I'm new to the forums but have been using DSL for a couple months... works great!

I had to reinstall all the software on a dual boot box I have, DSL and Win98SE... so I have a fresh installation of both.

But when I put the rcfirewall.dsl file in, and edited /etc/init.d/rc.firewall 's option for PERMIT="" to PERMIT="192.168.1.4" (as I have done before with no problems) it gives me several errors when initializing:

--------------------------------------------------------------------
-> Projectfiles.com Linux Firewall version 2.0rc9 running.
-> Performing sanity checks.cut: unrecognized option `--output-delimiter= '
BusyBox v1.00 (2006.01.04-23:00+0000) multi-call binary

Usage: cut [OPTION]... [FILE]...

Prints selected fields from each input FILE to standard output.

Options:
       -b LIST         Output only bytes from LIST
       -c LIST         Output only characters from LIST
       -d CHAR         Use CHAR instead of tab as the field delimiter
       -s              Output only the lines containing delimiter
       -f N            Print only these fields
       -n              Ignored

------------------------------------------------------------------------
And it repeats that a few times,  then near the end it gives me this:

------------------------------------------------------------------------

iptables v1.2.6a: invalid TCP port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.
cut: unrecognized option `--output-delimiter=:'
BusyBox v1.00 (2006.01.04-23:00+0000) multi-call binary

Usage: cut [OPTION]... [FILE]...

Prints selected fields from each input FILE to standard output.

Options:
       -b LIST         Output only bytes from LIST
       -c LIST         Output only characters from LIST
       -d CHAR         Use CHAR instead of tab as the field delimiter
       -s              Output only the lines containing delimiter
       -f N            Print only these fields
       -n              Ignored

iptables v1.2.6a: invalid UDP port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.
.. [ DONE ]
-> Successfully secured the following addresses: 192.168.1.3.

-----------------------------------------------------------------------

Sorry, I know that's alot to paste to the forum but I think you might have wanted to see it for yourself.

I get NO errors when I leave PERMIT=""
I get the above when I put PERMIT="192.1681.4"
I can't think of anything that has changed since the last installation, maybe ya'll can point me in the right direction?  I tried to read over the entire rc.firewall script but alot of it I have no idea of what it does/is.

Thanks in advance!

Superstraw
Posted by AwPhuch on July 27 2006,01:59
Do you have the IPTABLES.dsl, without it, rc.firewall cant build the iptables

if you do have iptables.dsl, are you trying to set it up as a firewall/router

If so you need to change the subnets from your "red" nic and "green" nic

I have done alot of firewall stuff at < SmoothWall Express > and done up some network graphs that might help

< http://awphuch2000.dyndns.org/smoothw....iagrams >
look at red green

Now if you are just protecting that one machine..believe it or not..an unmodified rc.firewall is the way to go..it AUTOMATICALLY builds a stateful firewall on that box..think of it as like zonealarm, or any standard < Windows  firewall > the only thing to remember that it allows EVERYTHING out, and blocks EVERYTHING not initiated from internal requests, in which it builds and "ESTABLISHED/RELATED" type communication, which means it only accepts back traffic from where it originally talked to

Brian
AwPhuch
Posted by superstraw on July 27 2006,02:20
I didn't specifically download iptables.dsl but I checked the version of iptables installed already and its the same as the .dsl file.

I'm just trying to add a little more protection to it than my netgear router already has.  I'm not to thrilled about the router because it doesn't log traffic like I want it to, it only logs websites, nothing else. (but hey it was free) although it does block everything from what portscans are telling me.

Am I being too paranoid?  Should I even be running a firewall on this box if it's behind a router already?

I will check up on smoothwall as you suggested, maybe I can find something there that would be educational for me, I love learning about all this stuff :)

Superstraw
Posted by roberts on July 27 2006,04:45
From your pasted results, it would appear that you also need to install gnu-utils.dsl. The script you are running might be using an option that busybox cut applet does not understand.
Posted by superstraw on July 27 2006,21:46
Ah that did it.  No errors now.  I must have installed the gnu-utils last time and forgot about it.

Thanks again!  Now I can go back to being my paranoid self heheheh.

Superstraw
Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.