[Firehol-support] error with firehol.conf processing.

Costa Tsaousis costa at tsaousis.gr
Sat Oct 30 22:20:33 BST 2004


Hi,

> "dnat to 10.96.6.201:22 inface eth0 dst 203.90.xxx.xxx proto tcp dport 23"

Please do:

firehol explain

at the prompt, enter the dnat line. Here is what mine says:

---

# FireHOL [:] > dnat to 10.96.6.201:22 inface eth0 dst 203.90.xxx.xxx
proto tcp dport 23

#
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
# Cmd Line : 1
# Command  : dnat to 10.96.6.201:22 inface eth0 dst 203.90.xxx.xxx proto
tcp dport 23

# Creating chain 'nat.1' under 'PREROUTING' in table 'nat'
/sbin/iptables -t nat -N nat.1
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d 203.90.xxx.xxx
--dport 23 -j nat.1

# Taking the NAT action: 'dnat'
/sbin/iptables -t nat -A nat.1 -p tcp -j DNAT --to-destination 10.96.6.201:22

# > OK <

---

Which seems ok. What is your output?

Costa


>
> Hi All,
> I am using firehol-1.191 to configure my firewall and on parsing
> firehol.conf it says:
>
> ERROR: #1
> WHAT: A runtime command failed to execute(returned error 2).
> SOURCE: line 6 of /etc/firehol/firehol.conf
> COMMAND: /sbin/iptables -t nat -A nat.1 -p tcp -j DNAT
> OUTPUT:
>
> iptables V1.2.8: You must specify --to-destination
> Try \iptables -h' for more information.
> ---------------------
> the line 6 is:
> "dnat to 10.96.6.201:22 inface eth0 dst 203.90.xxx.xxx proto tcp dport 23"
>
> Kindly help,
>
> Best Regards,
> praveen.






More information about the Firehol-support mailing list