iB::Topic::rc.firewall problem

	Damn Small Linux :: Damn Small Linux Board The DSL Forums

» Welcome Guest
[ Log In :: Register ]

Damn Small Linux Board » Damn Small Linux » Networking » rc.firewall problem

		Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
		Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic

[ Track this topic :: Email this topic :: Print this topic ]

Topic: rc.firewall problem, setting in firewall gives me errors

< Next Oldest | Next Newest >

superstraw Offline

Group: Members
Posts: 5
Joined: July 2006

Posted: July 27 2006,01:16

Hi! I'm new to the forums but have been using DSL for a couple months... works great!

I had to reinstall all the software on a dual boot box I have, DSL and Win98SE... so I have a fresh installation of both.

But when I put the rcfirewall.dsl file in, and edited /etc/init.d/rc.firewall 's option for PERMIT="" to PERMIT="192.168.1.4" (as I have done before with no problems) it gives me several errors when initializing:

--------------------------------------------------------------------
-> Projectfiles.com Linux Firewall version 2.0rc9 running.
-> Performing sanity checks.cut: unrecognized option `--output-delimiter= '
BusyBox v1.00 (2006.01.04-23:00+0000) multi-call binary

Usage: cut [OPTION]... [FILE]...

Prints selected fields from each input FILE to standard output.

Options:
-b LIST Output only bytes from LIST
-c LIST Output only characters from LIST
-d CHAR Use CHAR instead of tab as the field delimiter
-s Output only the lines containing delimiter
-f N Print only these fields
-n Ignored

------------------------------------------------------------------------
And it repeats that a few times, then near the end it gives me this:

------------------------------------------------------------------------

iptables v1.2.6a: invalid TCP port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.
cut: unrecognized option `--output-delimiter=:'
BusyBox v1.00 (2006.01.04-23:00+0000) multi-call binary

Usage: cut [OPTION]... [FILE]...

Prints selected fields from each input FILE to standard output.

Options:
-b LIST Output only bytes from LIST
-c LIST Output only characters from LIST
-d CHAR Use CHAR instead of tab as the field delimiter
-s Output only the lines containing delimiter
-f N Print only these fields
-n Ignored

iptables v1.2.6a: invalid UDP port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.
.. [ DONE ]
-> Successfully secured the following addresses: 192.168.1.3.

-----------------------------------------------------------------------

Sorry, I know that's alot to paste to the forum but I think you might have wanted to see it for yourself.

I get NO errors when I leave PERMIT=""
I get the above when I put PERMIT="192.1681.4"
I can't think of anything that has changed since the last installation, maybe ya'll can point me in the right direction? I tried to read over the entire rc.firewall script but alot of it I have no idea of what it does/is.

Thanks in advance!

Superstraw

AwPhuch

Group: Members
Posts: 1404
Joined: April 2004

Posted: July 27 2006,01:59

Do you have the IPTABLES.dsl, without it, rc.firewall cant build the iptables

if you do have iptables.dsl, are you trying to set it up as a firewall/router

If so you need to change the subnets from your "red" nic and "green" nic

I have done alot of firewall stuff at SmoothWall Express and done up some network graphs that might help

http://awphuch2000.dyndns.org/smoothw....iagrams
look at red green

Now if you are just protecting that one machine..believe it or not..an unmodified rc.firewall is the way to go..it AUTOMATICALLY builds a stateful firewall on that box..think of it as like zonealarm, or any standard Windows firewall the only thing to remember that it allows EVERYTHING out, and blocks EVERYTHING not initiated from internal requests, in which it builds and "ESTABLISHED/RELATED" type communication, which means it only accepts back traffic from where it originally talked to

Brian
AwPhuch

--------------
http://www.frappr.com/dsl <-- Where do you use DSL?
http://www.smoothwall.org <-- Ultimate firewall for the world!
http://boinc.mundayweb.com/one/stats.php/userID:6107 <--My BOINC stats!
./S99LinuxRevolution start

superstraw Offline

Group: Members
Posts: 5
Joined: July 2006

Posted: July 27 2006,02:20

I didn't specifically download iptables.dsl but I checked the version of iptables installed already and its the same as the .dsl file.

I'm just trying to add a little more protection to it than my netgear router already has. I'm not to thrilled about the router because it doesn't log traffic like I want it to, it only logs websites, nothing else. (but hey it was free) although it does block everything from what portscans are telling me.

Am I being too paranoid? Should I even be running a firewall on this box if it's behind a router already?

I will check up on smoothwall as you suggested, maybe I can find something there that would be educational for me, I love learning about all this stuff

Superstraw

roberts

Group: Members
Posts: 4983
Joined: Oct. 2003

Posted: July 27 2006,04:45

From your pasted results, it would appear that you also need to install gnu-utils.dsl. The script you are running might be using an option that busybox cut applet does not understand.

superstraw Offline

Group: Members
Posts: 5
Joined: July 2006

Posted: July 27 2006,21:46

Ah that did it. No errors now. I must have installed the gnu-utils last time and forgot about it.

Thanks again! Now I can go back to being my paranoid self heheheh.

Superstraw

4 replies since July 27 2006,01:16

< Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Damn Small Linux Board » Damn Small Linux » Networking » rc.firewall problem