[Firehol-support] error with firehol.conf processing.

hipa hipa at rediffmail.com
Sun Oct 31 00:06:57 BST 2004


An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20041030/1c5f645b/attachment-0003.html>
-------------- next part --------------
Hi Costa,
Though there is one thing which I cann't understand is:

If I manually input the 3 interpreted commmand i.e.
iptables -t nat -N nat.1
iptables -t nat -A PREROUTING -i eth0 -p tcp -d 203.90.xxx.xxx \
                --dport 23 -j nat.1
iptables -t nat -A nat.1 -p tcp -j DNAT

then the error is reproduced.

Praveen.


On Sun, 31 Oct 2004 Costa Tsaousis wrote :
>Hi,
>
> > "dnat to 10.96.6.201:22 inface eth0 dst 203.90.xxx.xxx proto tcp dport 23"
>
>Please do:
>
>firehol explain
>
>at the prompt, enter the dnat line. Here is what mine says:
>
>---
>
># FireHOL [:] > dnat to 10.96.6.201:22 inface eth0 dst 203.90.xxx.xxx
>proto tcp dport 23
>
>#
>\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
># Cmd Line : 1
># Command  : dnat to 10.96.6.201:22 inface eth0 dst 203.90.xxx.xxx proto
>tcp dport 23
>
># Creating chain 'nat.1' under 'PREROUTING' in table 'nat'
>/sbin/iptables -t nat -N nat.1
>/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d 203.90.xxx.xxx
>--dport 23 -j nat.1
>
># Taking the NAT action: 'dnat'
>/sbin/iptables -t nat -A nat.1 -p tcp -j DNAT --to-destination 10.96.6.201:22
>
># > OK <
>
>---
>
>Which seems ok. What is your output?
>
>Costa
>
>
> >
> > Hi All,
> > I am using firehol-1.191 to configure my firewall and on parsing
> > firehol.conf it says:
> >
> > ERROR: #1
> > WHAT: A runtime command failed to execute(returned error 2).
> > SOURCE: line 6 of /etc/firehol/firehol.conf
> > COMMAND: /sbin/iptables -t nat -A nat.1 -p tcp -j DNAT
> > OUTPUT:
> >
> > iptables V1.2.8: You must specify --to-destination
> > Try \iptables -h' for more information.
> > ---------------------
> > the line 6 is:
> > "dnat to 10.96.6.201:22 inface eth0 dst 203.90.xxx.xxx proto tcp dport 23"
> >
> > Kindly help,
> >
> > Best Regards,
> > praveen.
>
>


More information about the Firehol-support mailing list